From 0b35ee0ba3190942b497ece3699578f11c036b5f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:52:29 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2008/0xxx/CVE-2008-0012.json | 180 ++++++++++++++--------------- 2008/0xxx/CVE-2008-0102.json | 200 ++++++++++++++++----------------- 2008/0xxx/CVE-2008-0158.json | 150 ++++++++++++------------- 2008/0xxx/CVE-2008-0306.json | 170 ++++++++++++++-------------- 2008/0xxx/CVE-2008-0312.json | 200 ++++++++++++++++----------------- 2008/1xxx/CVE-2008-1486.json | 150 ++++++++++++------------- 2008/1xxx/CVE-2008-1754.json | 180 ++++++++++++++--------------- 2008/1xxx/CVE-2008-1958.json | 140 +++++++++++------------ 2008/4xxx/CVE-2008-4040.json | 150 ++++++++++++------------- 2008/4xxx/CVE-2008-4158.json | 140 +++++++++++------------ 2008/4xxx/CVE-2008-4910.json | 160 +++++++++++++------------- 2008/5xxx/CVE-2008-5608.json | 150 ++++++++++++------------- 2013/2xxx/CVE-2013-2898.json | 150 ++++++++++++------------- 2013/3xxx/CVE-2013-3426.json | 120 ++++++++++---------- 2013/4xxx/CVE-2013-4106.json | 34 +++--- 2013/4xxx/CVE-2013-4668.json | 180 ++++++++++++++--------------- 2013/4xxx/CVE-2013-4954.json | 180 ++++++++++++++--------------- 2013/6xxx/CVE-2013-6168.json | 160 +++++++++++++------------- 2013/6xxx/CVE-2013-6652.json | 140 +++++++++++------------ 2013/6xxx/CVE-2013-6724.json | 130 ++++++++++----------- 2013/6xxx/CVE-2013-6879.json | 34 +++--- 2013/6xxx/CVE-2013-6993.json | 140 +++++++++++------------ 2013/7xxx/CVE-2013-7127.json | 130 ++++++++++----------- 2013/7xxx/CVE-2013-7160.json | 34 +++--- 2013/7xxx/CVE-2013-7319.json | 180 ++++++++++++++--------------- 2017/10xxx/CVE-2017-10054.json | 132 +++++++++++----------- 2017/10xxx/CVE-2017-10064.json | 140 +++++++++++------------ 2017/10xxx/CVE-2017-10271.json | 196 ++++++++++++++++---------------- 2017/10xxx/CVE-2017-10411.json | 198 ++++++++++++++++---------------- 2017/10xxx/CVE-2017-10976.json | 120 ++++++++++---------- 2017/13xxx/CVE-2017-13201.json | 174 ++++++++++++++-------------- 2017/13xxx/CVE-2017-13327.json | 34 +++--- 2017/13xxx/CVE-2017-13951.json | 34 +++--- 2017/17xxx/CVE-2017-17258.json | 120 ++++++++++---------- 2017/17xxx/CVE-2017-17428.json | 160 +++++++++++++------------- 2017/17xxx/CVE-2017-17819.json | 140 +++++++++++------------ 2017/17xxx/CVE-2017-17882.json | 130 ++++++++++----------- 2017/9xxx/CVE-2017-9035.json | 160 +++++++++++++------------- 2017/9xxx/CVE-2017-9230.json | 180 ++++++++++++++--------------- 2017/9xxx/CVE-2017-9336.json | 120 ++++++++++---------- 2017/9xxx/CVE-2017-9686.json | 132 +++++++++++----------- 2017/9xxx/CVE-2017-9897.json | 120 ++++++++++---------- 2018/0xxx/CVE-2018-0483.json | 178 ++++++++++++++--------------- 2018/18xxx/CVE-2018-18704.json | 120 ++++++++++---------- 2018/18xxx/CVE-2018-18819.json | 34 +++--- 2018/18xxx/CVE-2018-18945.json | 34 +++--- 2018/19xxx/CVE-2018-19299.json | 34 +++--- 2018/19xxx/CVE-2018-19669.json | 34 +++--- 2018/19xxx/CVE-2018-19773.json | 130 ++++++++++----------- 2018/19xxx/CVE-2018-19988.json | 34 +++--- 2018/1xxx/CVE-2018-1416.json | 160 +++++++++++++------------- 2018/1xxx/CVE-2018-1486.json | 34 +++--- 2018/1xxx/CVE-2018-1859.json | 188 +++++++++++++++---------------- 53 files changed, 3426 insertions(+), 3426 deletions(-) diff --git a/2008/0xxx/CVE-2008-0012.json b/2008/0xxx/CVE-2008-0012.json index 2440d2e40c0..3c49ed1f274 100644 --- a/2008/0xxx/CVE-2008-0012.json +++ b/2008/0xxx/CVE-2008-0012.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0013 and CVE-2008-0014." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)", - "refsource" : "ISS", - "url" : "http://www.iss.net/threats/310.html" - }, - { - "name" : "http://blogs.iss.net/archive/trend.html", - "refsource" : "MISC", - "url" : "http://blogs.iss.net/archive/trend.html" - }, - { - "name" : "VU#768681", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/768681" - }, - { - "name" : "32261", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32261" - }, - { - "name" : "ADV-2008-3127", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3127" - }, - { - "name" : "32618", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32618" - }, - { - "name" : "application-rpc-config1-bo(39918)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39918" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0013 and CVE-2008-0014." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32618", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32618" + }, + { + "name": "32261", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32261" + }, + { + "name": "application-rpc-config1-bo(39918)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39918" + }, + { + "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)", + "refsource": "ISS", + "url": "http://www.iss.net/threats/310.html" + }, + { + "name": "VU#768681", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/768681" + }, + { + "name": "http://blogs.iss.net/archive/trend.html", + "refsource": "MISC", + "url": "http://blogs.iss.net/archive/trend.html" + }, + { + "name": "ADV-2008-3127", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3127" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0102.json b/2008/0xxx/CVE-2008-0102.json index afb29ac978b..9b3d5c88dee 100644 --- a/2008/0xxx/CVE-2008-0102.json +++ b/2008/0xxx/CVE-2008-0102.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid \"memory values,\" aka \"Publisher Invalid Memory Reference Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-0102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02314", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=120361015026386&w=2" - }, - { - "name" : "SSRT080016", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=120361015026386&w=2" - }, - { - "name" : "MS08-012", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-012" - }, - { - "name" : "TA08-043C", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-043C.html" - }, - { - "name" : "27739", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27739" - }, - { - "name" : "ADV-2008-0514", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0514/references" - }, - { - "name" : "oval:org.mitre.oval:def:5305", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5305" - }, - { - "name" : "1019376", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019376" - }, - { - "name" : "28906", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28906" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid \"memory values,\" aka \"Publisher Invalid Memory Reference Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27739", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27739" + }, + { + "name": "oval:org.mitre.oval:def:5305", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5305" + }, + { + "name": "HPSBST02314", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=120361015026386&w=2" + }, + { + "name": "ADV-2008-0514", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0514/references" + }, + { + "name": "SSRT080016", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=120361015026386&w=2" + }, + { + "name": "MS08-012", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-012" + }, + { + "name": "28906", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28906" + }, + { + "name": "TA08-043C", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html" + }, + { + "name": "1019376", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019376" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0158.json b/2008/0xxx/CVE-2008-0158.json index 34f56c2c57e..7e5116ee978 100644 --- a/2008/0xxx/CVE-2008-0158.json +++ b/2008/0xxx/CVE-2008-0158.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows remote attackers to read arbitrary files via a .. (dot dot) in the aux_page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4855", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4855" - }, - { - "name" : "http://packetstormsecurity.org/0801-exploits/shopscript-disclose.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0801-exploits/shopscript-disclose.txt" - }, - { - "name" : "27165", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27165" - }, - { - "name" : "shopscript-index-directory-traversal(39449)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39449" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows remote attackers to read arbitrary files via a .. (dot dot) in the aux_page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "shopscript-index-directory-traversal(39449)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39449" + }, + { + "name": "27165", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27165" + }, + { + "name": "4855", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4855" + }, + { + "name": "http://packetstormsecurity.org/0801-exploits/shopscript-disclose.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0801-exploits/shopscript-disclose.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0306.json b/2008/0xxx/CVE-2008-0306.json index 2a40876b4d3..362131fa625 100644 --- a/2008/0xxx/CVE-2008-0306.json +++ b/2008/0xxx/CVE-2008-0306.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080310 SAP MaxDB sdbstarter Privilege Escalation Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=670" - }, - { - "name" : "28185", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28185" - }, - { - "name" : "ADV-2008-0844", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0844/references" - }, - { - "name" : "1019570", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019570" - }, - { - "name" : "29312", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29312" - }, - { - "name" : "maxdb-sdbstarter-privilege-escalation(41104)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41104" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1019570", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019570" + }, + { + "name": "ADV-2008-0844", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0844/references" + }, + { + "name": "maxdb-sdbstarter-privilege-escalation(41104)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41104" + }, + { + "name": "20080310 SAP MaxDB sdbstarter Privilege Escalation Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=670" + }, + { + "name": "29312", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29312" + }, + { + "name": "28185", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28185" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0312.json b/2008/0xxx/CVE-2008-0312.json index 092bae70bfb..9eec40d73c6 100644 --- a/2008/0xxx/CVE-2008-0312.json +++ b/2008/0xxx/CVE-2008-0312.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080402 Symantec Norton Internet Security 2008 ActiveX Control Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=677" - }, - { - "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html", - "refsource" : "CONFIRM", - "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html" - }, - { - "name" : "28507", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28507" - }, - { - "name" : "ADV-2008-1077", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1077/references" - }, - { - "name" : "1019751", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019751" - }, - { - "name" : "1019752", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019752" - }, - { - "name" : "1019753", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019753" - }, - { - "name" : "29660", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29660" - }, - { - "name" : "symantec-autofixtool-bo(41629)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1019753", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019753" + }, + { + "name": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html", + "refsource": "CONFIRM", + "url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html" + }, + { + "name": "1019751", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019751" + }, + { + "name": "1019752", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019752" + }, + { + "name": "29660", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29660" + }, + { + "name": "ADV-2008-1077", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1077/references" + }, + { + "name": "28507", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28507" + }, + { + "name": "symantec-autofixtool-bo(41629)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41629" + }, + { + "name": "20080402 Symantec Norton Internet Security 2008 ActiveX Control Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=677" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1486.json b/2008/1xxx/CVE-2008-1486.json index e4ddd0bc7cf..9f6923a1628 100644 --- a/2008/1xxx/CVE-2008-1486.json +++ b/2008/1xxx/CVE-2008-1486.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phorum.org/phorum5/read.php?64,126815,126815", - "refsource" : "CONFIRM", - "url" : "http://www.phorum.org/phorum5/read.php?64,126815,126815" - }, - { - "name" : "28540", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28540" - }, - { - "name" : "29519", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29519" - }, - { - "name" : "phorum-nonfulltext-sql-injection(41418)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.phorum.org/phorum5/read.php?64,126815,126815", + "refsource": "CONFIRM", + "url": "http://www.phorum.org/phorum5/read.php?64,126815,126815" + }, + { + "name": "29519", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29519" + }, + { + "name": "28540", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28540" + }, + { + "name": "phorum-nonfulltext-sql-injection(41418)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41418" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1754.json b/2008/1xxx/CVE-2008-1754.json index ba5874c05e4..67fd66adbb5 100644 --- a/2008/1xxx/CVE-2008-1754.json +++ b/2008/1xxx/CVE-2008-1754.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.10.html", - "refsource" : "CONFIRM", - "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.10.html" - }, - { - "name" : "28707", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28707" - }, - { - "name" : "ADV-2008-1197", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1197/references" - }, - { - "name" : "44388", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/44388" - }, - { - "name" : "1019825", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019825" - }, - { - "name" : "29771", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29771" - }, - { - "name" : "altiris-agent-aclient-info-disclosure(41771)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41771" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "altiris-agent-aclient-info-disclosure(41771)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41771" + }, + { + "name": "28707", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28707" + }, + { + "name": "ADV-2008-1197", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1197/references" + }, + { + "name": "29771", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29771" + }, + { + "name": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.10.html", + "refsource": "CONFIRM", + "url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.10.html" + }, + { + "name": "1019825", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019825" + }, + { + "name": "44388", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/44388" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1958.json b/2008/1xxx/CVE-2008-1958.json index 49387960525..6ee15ceefd3 100644 --- a/2008/1xxx/CVE-2008-1958.json +++ b/2008/1xxx/CVE-2008-1958.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in the ajout_cat mode in admin/main.php in Tr Script News 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with a .php extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5483", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5483" - }, - { - "name" : "29814", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29814" - }, - { - "name" : "trscriptnews-main-file-upload(41953)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41953" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in the ajout_cat mode in admin/main.php in Tr Script News 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with a .php extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29814", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29814" + }, + { + "name": "trscriptnews-main-file-upload(41953)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41953" + }, + { + "name": "5483", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5483" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4040.json b/2008/4xxx/CVE-2008-4040.json index d4d751f7ffa..79275ebd748 100644 --- a/2008/4xxx/CVE-2008-4040.json +++ b/2008/4xxx/CVE-2008-4040.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Kyocera Command Center in Kyocera FS-118MFP allows remote attackers to read arbitrary files via a .. (dot dot) in the URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstorm.linuxsecurity.com/0808-exploits/kyocera-traversal.txt", - "refsource" : "MISC", - "url" : "http://packetstorm.linuxsecurity.com/0808-exploits/kyocera-traversal.txt" - }, - { - "name" : "30971", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30971" - }, - { - "name" : "31680", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31680" - }, - { - "name" : "kyocera-commandcenter-directory-traversal(44793)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Kyocera Command Center in Kyocera FS-118MFP allows remote attackers to read arbitrary files via a .. (dot dot) in the URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstorm.linuxsecurity.com/0808-exploits/kyocera-traversal.txt", + "refsource": "MISC", + "url": "http://packetstorm.linuxsecurity.com/0808-exploits/kyocera-traversal.txt" + }, + { + "name": "kyocera-commandcenter-directory-traversal(44793)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44793" + }, + { + "name": "31680", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31680" + }, + { + "name": "30971", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30971" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4158.json b/2008/4xxx/CVE-2008-4158.json index c8b7d83a8e3..e5ce2c3d992 100644 --- a/2008/4xxx/CVE-2008-4158.json +++ b/2008/4xxx/CVE-2008-4158.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in index.php in Zanfi CMS lite 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) flag and (2) inc parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6413", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6413" - }, - { - "name" : "4290", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4290" - }, - { - "name" : "zanficmslite-index-file-include(45027)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in index.php in Zanfi CMS lite 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) flag and (2) inc parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6413", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6413" + }, + { + "name": "zanficmslite-index-file-include(45027)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45027" + }, + { + "name": "4290", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4290" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4910.json b/2008/4xxx/CVE-2008-4910.json index f0f8ad734da..9c0618071a9 100644 --- a/2008/4xxx/CVE-2008-4910.json +++ b/2008/4xxx/CVE-2008-4910.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4910", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081025 Java Web start vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497799/100/0/threaded" - }, - { - "name" : "20081031 Re: Java Web start vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497972/100/0/threaded" - }, - { - "name" : "31916", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31916" - }, - { - "name" : "4542", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4542" - }, - { - "name" : "sun-jws-showdocument-command-execution(46119)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46119" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sun-jws-showdocument-command-execution(46119)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46119" + }, + { + "name": "31916", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31916" + }, + { + "name": "20081025 Java Web start vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497799/100/0/threaded" + }, + { + "name": "20081031 Re: Java Web start vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497972/100/0/threaded" + }, + { + "name": "4542", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4542" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5608.json b/2008/5xxx/CVE-2008-5608.json index 6a37bb3895b..a4caf25d256 100644 --- a/2008/5xxx/CVE-2008-5608.json +++ b/2008/5xxx/CVE-2008-5608.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5608", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7356", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7356" - }, - { - "name" : "7360", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7360" - }, - { - "name" : "4754", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4754" - }, - { - "name" : "aspautodealer-auto-info-disclosure(47124)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7360", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7360" + }, + { + "name": "7356", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7356" + }, + { + "name": "4754", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4754" + }, + { + "name": "aspautodealer-auto-info-disclosure(47124)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47124" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2898.json b/2013/2xxx/CVE-2013-2898.json index cb6c17c3c45..c5618872682 100644 --- a/2013/2xxx/CVE-2013-2898.json +++ b/2013/2xxx/CVE-2013-2898.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SENSOR_HUB is enabled, allows physically proximate attackers to obtain sensitive information from kernel memory via a crafted device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-input] 20130828 [PATCH 12/14] HID: sensor-hub: validate feature report details", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-input&m=137772191114645&w=1" - }, - { - "name" : "[oss-security] 20130828 Linux HID security flaws", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/08/28/13" - }, - { - "name" : "USN-1995-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1995-1" - }, - { - "name" : "USN-1998-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1998-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SENSOR_HUB is enabled, allows physically proximate attackers to obtain sensitive information from kernel memory via a crafted device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[linux-input] 20130828 [PATCH 12/14] HID: sensor-hub: validate feature report details", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-input&m=137772191114645&w=1" + }, + { + "name": "[oss-security] 20130828 Linux HID security flaws", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/08/28/13" + }, + { + "name": "USN-1995-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1995-1" + }, + { + "name": "USN-1998-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1998-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3426.json b/2013/3xxx/CVE-2013-3426.json index 8cd2e1aa81e..218a5dc3614 100644 --- a/2013/3xxx/CVE-2013-3426.json +++ b/2013/3xxx/CVE-2013-3426.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID CSCuh52810." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-3426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130717 Cisco 9900 Series Phone Arbitrary File Download Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID CSCuh52810." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130717 Cisco 9900 Series Phone Arbitrary File Download Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3426" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4106.json b/2013/4xxx/CVE-2013-4106.json index 79b4b54847d..08755f3896d 100644 --- a/2013/4xxx/CVE-2013-4106.json +++ b/2013/4xxx/CVE-2013-4106.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4106", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4106", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4668.json b/2013/4xxx/CVE-2013-4668.json index 8a9f6d4ceca..e131c0145d0 100644 --- a/2013/4xxx/CVE-2013-4668.json +++ b/2013/4xxx/CVE-2013-4668.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4668", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a \"Keep directory structure\" action, related to fr-archive-libarchive.c and fr-window.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130708 [oCERT-2013-001] File Roller path sanitization errors", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-07/0039.html" - }, - { - "name" : "http://www.ocert.org/advisories/ocert-2013-001.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2013-001.html" - }, - { - "name" : "https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631", - "refsource" : "CONFIRM", - "url" : "https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631" - }, - { - "name" : "openSUSE-SU-2013:1281", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-07/msg00095.html" - }, - { - "name" : "USN-1906-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1906-1" - }, - { - "name" : "61008", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61008" - }, - { - "name" : "54351", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54351" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a \"Keep directory structure\" action, related to fr-archive-libarchive.c and fr-window.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1906-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1906-1" + }, + { + "name": "openSUSE-SU-2013:1281", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00095.html" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2013-001.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2013-001.html" + }, + { + "name": "https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631", + "refsource": "CONFIRM", + "url": "https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631" + }, + { + "name": "54351", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54351" + }, + { + "name": "61008", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61008" + }, + { + "name": "20130708 [oCERT-2013-001] File Roller path sanitization errors", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0039.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4954.json b/2013/4xxx/CVE-2013-4954.json index 0a191a49840..a4765794a6b 100644 --- a/2013/4xxx/CVE-2013-4954.json +++ b/2013/4xxx/CVE-2013-4954.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when \"Allow New Registrations to set their own Password\" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://plugins.trac.wordpress.org/changeset?reponame=&old=740249%40pie-register&new=740249%40pie-register", - "refsource" : "CONFIRM", - "url" : "http://plugins.trac.wordpress.org/changeset?reponame=&old=740249%40pie-register&new=740249%40pie-register" - }, - { - "name" : "http://wordpress.org/plugins/pie-register/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/plugins/pie-register/changelog/" - }, - { - "name" : "http://wordpress.org/support/topic/security-issue-web-application-cross-site-scripting", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/support/topic/security-issue-web-application-cross-site-scripting" - }, - { - "name" : "61140", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61140" - }, - { - "name" : "95160", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95160" - }, - { - "name" : "54123", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54123" - }, - { - "name" : "pieregister-wplogin-xss(85604)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when \"Allow New Registrations to set their own Password\" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://plugins.trac.wordpress.org/changeset?reponame=&old=740249%40pie-register&new=740249%40pie-register", + "refsource": "CONFIRM", + "url": "http://plugins.trac.wordpress.org/changeset?reponame=&old=740249%40pie-register&new=740249%40pie-register" + }, + { + "name": "54123", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54123" + }, + { + "name": "95160", + "refsource": "OSVDB", + "url": "http://osvdb.org/95160" + }, + { + "name": "61140", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61140" + }, + { + "name": "pieregister-wplogin-xss(85604)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85604" + }, + { + "name": "http://wordpress.org/plugins/pie-register/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/plugins/pie-register/changelog/" + }, + { + "name": "http://wordpress.org/support/topic/security-issue-web-application-cross-site-scripting", + "refsource": "CONFIRM", + "url": "http://wordpress.org/support/topic/security-issue-web-application-cross-site-scripting" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6168.json b/2013/6xxx/CVE-2013-6168.json index 2952b736b0a..c79f44223db 100644 --- a/2013/6xxx/CVE-2013-6168.json +++ b/2013/6xxx/CVE-2013-6168.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6168", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Zikula Application Framework before 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the returnpage parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131113 Cross-Site Scripting (XSS) in Zikula Application Framework", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-11/0057.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23178", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23178" - }, - { - "name" : "http://community.zikula.org/index.php?module=News&func=display&sid=3132", - "refsource" : "CONFIRM", - "url" : "http://community.zikula.org/index.php?module=News&func=display&sid=3132" - }, - { - "name" : "63186", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63186" - }, - { - "name" : "zikulaapplicationframework-unspecified-xss(88654)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88654" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Zikula Application Framework before 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the returnpage parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "63186", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63186" + }, + { + "name": "zikulaapplicationframework-unspecified-xss(88654)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88654" + }, + { + "name": "http://community.zikula.org/index.php?module=News&func=display&sid=3132", + "refsource": "CONFIRM", + "url": "http://community.zikula.org/index.php?module=News&func=display&sid=3132" + }, + { + "name": "20131113 Cross-Site Scripting (XSS) in Zikula Application Framework", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0057.html" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23178", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23178" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6652.json b/2013/6xxx/CVE-2013-6652.json index ba7b2a20919..338572854d6 100644 --- a/2013/6xxx/CVE-2013-6652.json +++ b/2013/6xxx/CVE-2013-6652.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in sandbox/win/src/named_pipe_dispatcher.cc in Google Chrome before 33.0.1750.117 on Windows allows attackers to bypass intended named-pipe policy restrictions in the sandbox via vectors related to (1) lack of checks for .. (dot dot) sequences or (2) lack of use of the \\\\?\\ protection mechanism." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=334897", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=334897" - }, - { - "name" : "https://src.chromium.org/viewvc/chrome?revision=247511&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/chrome?revision=247511&view=revision" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in sandbox/win/src/named_pipe_dispatcher.cc in Google Chrome before 33.0.1750.117 on Windows allows attackers to bypass intended named-pipe policy restrictions in the sandbox via vectors related to (1) lack of checks for .. (dot dot) sequences or (2) lack of use of the \\\\?\\ protection mechanism." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=334897", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=334897" + }, + { + "name": "https://src.chromium.org/viewvc/chrome?revision=247511&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/chrome?revision=247511&view=revision" + }, + { + "name": "http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6724.json b/2013/6xxx/CVE-2013-6724.json index 876c9a05149..f31aa5cc746 100644 --- a/2013/6xxx/CVE-2013-6724.json +++ b/2013/6xxx/CVE-2013-6724.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 IF1 allows remote attackers to execute arbitrary code via a crafted ComboList property value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-6724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21663250", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21663250" - }, - { - "name" : "ibm-spss-vsflex8l-cve20136724-rce(89279)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89279" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 IF1 allows remote attackers to execute arbitrary code via a crafted ComboList property value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-spss-vsflex8l-cve20136724-rce(89279)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89279" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21663250", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21663250" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6879.json b/2013/6xxx/CVE-2013-6879.json index d30eaaf9f99..7d3f919e99a 100644 --- a/2013/6xxx/CVE-2013-6879.json +++ b/2013/6xxx/CVE-2013-6879.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6879", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6879", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6993.json b/2013/6xxx/CVE-2013-6993.json index bcd0f2d8c37..5e636792a1a 100644 --- a/2013/6xxx/CVE-2013-6993.json +++ b/2013/6xxx/CVE-2013-6993.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the key parameter in a delete action to wp-admin/tools.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131226 Cross-Site Scripting (XSS) in Ad-minister Wordpress plugin", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/530540/100/0/threaded" - }, - { - "name" : "http://wordpress.org/support/topic/ad-minister-06-security-vulnerability-notification-xss", - "refsource" : "MISC", - "url" : "http://wordpress.org/support/topic/ad-minister-06-security-vulnerability-notification-xss" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23187", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23187" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the key parameter in a delete action to wp-admin/tools.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131226 Cross-Site Scripting (XSS) in Ad-minister Wordpress plugin", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/530540/100/0/threaded" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23187", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23187" + }, + { + "name": "http://wordpress.org/support/topic/ad-minister-06-security-vulnerability-notification-xss", + "refsource": "MISC", + "url": "http://wordpress.org/support/topic/ad-minister-06-security-vulnerability-notification-xss" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7127.json b/2013/7xxx/CVE-2013-7127.json index cb01766d5a2..23b09501834 100644 --- a/2013/7xxx/CVE-2013-7127.json +++ b/2013/7xxx/CVE-2013-7127.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securelist.com/en/blog/8168/Loophole_in_Safari", - "refsource" : "MISC", - "url" : "http://www.securelist.com/en/blog/8168/Loophole_in_Safari" - }, - { - "name" : "apple-safari-cve20137127-info-disc(89941)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securelist.com/en/blog/8168/Loophole_in_Safari", + "refsource": "MISC", + "url": "http://www.securelist.com/en/blog/8168/Loophole_in_Safari" + }, + { + "name": "apple-safari-cve20137127-info-disc(89941)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89941" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7160.json b/2013/7xxx/CVE-2013-7160.json index 04416bbcf1e..d42c109707a 100644 --- a/2013/7xxx/CVE-2013-7160.json +++ b/2013/7xxx/CVE-2013-7160.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7160", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7160", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7319.json b/2013/7xxx/CVE-2013-7319.json index 4b996e2bcf5..4521f80e73e 100644 --- a/2013/7xxx/CVE-2013-7319.json +++ b/2013/7xxx/CVE-2013-7319.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "30105", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/30105" - }, - { - "name" : "http://www.nerdbox.it/wordpress-download-manager-xss", - "refsource" : "MISC", - "url" : "http://www.nerdbox.it/wordpress-download-manager-xss" - }, - { - "name" : "http://wordpress.org/plugins/download-manager/changelog", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/plugins/download-manager/changelog" - }, - { - "name" : "http://www.wpdownloadmanager.com/support/topic/security-issue-found-who-to-contact", - "refsource" : "CONFIRM", - "url" : "http://www.wpdownloadmanager.com/support/topic/security-issue-found-who-to-contact" - }, - { - "name" : "64159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64159" - }, - { - "name" : "55969", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55969" - }, - { - "name" : "downloadmanager-file-xss(89524)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64159" + }, + { + "name": "http://www.wpdownloadmanager.com/support/topic/security-issue-found-who-to-contact", + "refsource": "CONFIRM", + "url": "http://www.wpdownloadmanager.com/support/topic/security-issue-found-who-to-contact" + }, + { + "name": "55969", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55969" + }, + { + "name": "30105", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/30105" + }, + { + "name": "downloadmanager-file-xss(89524)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89524" + }, + { + "name": "http://www.nerdbox.it/wordpress-download-manager-xss", + "refsource": "MISC", + "url": "http://www.nerdbox.it/wordpress-download-manager-xss" + }, + { + "name": "http://wordpress.org/plugins/download-manager/changelog", + "refsource": "CONFIRM", + "url": "http://wordpress.org/plugins/download-manager/changelog" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10054.json b/2017/10xxx/CVE-2017-10054.json index 989c2da3c8d..3cdf17cd6a1 100644 --- a/2017/10xxx/CVE-2017-10054.json +++ b/2017/10xxx/CVE-2017-10054.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Cruise Materials Management", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "7.30.564.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Cruise Materials Management component of Oracle Hospitality Applications (subcomponent: MMS). The supported version that is affected is 7.30.564.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Materials Management executes to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Materials Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Materials Management accessible data. CVSS 3.0 Base Score 5.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Materials Management executes to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Materials Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Materials Management accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Cruise Materials Management", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.30.564.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101456", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Cruise Materials Management component of Oracle Hospitality Applications (subcomponent: MMS). The supported version that is affected is 7.30.564.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Materials Management executes to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Materials Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Materials Management accessible data. CVSS 3.0 Base Score 5.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Materials Management executes to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Materials Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Materials Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101456", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101456" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10064.json b/2017/10xxx/CVE-2017-10064.json index 3c47a8f3612..e0f5f9fe17c 100644 --- a/2017/10xxx/CVE-2017-10064.json +++ b/2017/10xxx/CVE-2017-10064.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality WebSuite8 Cloud Service", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.9.6" - }, - { - "version_affected" : "=", - "version_value" : "8.10.x" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Hospitality WebSuite8 Cloud Service component of Oracle Hospitality Applications (subcomponent: General). Supported versions that are affected are 8.9.6 and 8.10.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hospitality WebSuite8 Cloud Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hospitality WebSuite8 Cloud Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hospitality WebSuite8 Cloud Service accessible data as well as unauthorized read access to a subset of Hospitality WebSuite8 Cloud Service accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hospitality WebSuite8 Cloud Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hospitality WebSuite8 Cloud Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hospitality WebSuite8 Cloud Service accessible data as well as unauthorized read access to a subset of Hospitality WebSuite8 Cloud Service accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality WebSuite8 Cloud Service", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.9.6" + }, + { + "version_affected": "=", + "version_value": "8.10.x" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "100229", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100229" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Hospitality WebSuite8 Cloud Service component of Oracle Hospitality Applications (subcomponent: General). Supported versions that are affected are 8.9.6 and 8.10.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hospitality WebSuite8 Cloud Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hospitality WebSuite8 Cloud Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hospitality WebSuite8 Cloud Service accessible data as well as unauthorized read access to a subset of Hospitality WebSuite8 Cloud Service accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hospitality WebSuite8 Cloud Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hospitality WebSuite8 Cloud Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hospitality WebSuite8 Cloud Service accessible data as well as unauthorized read access to a subset of Hospitality WebSuite8 Cloud Service accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100229", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100229" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10271.json b/2017/10xxx/CVE-2017-10271.json index 959f16338cf..b071990b88e 100644 --- a/2017/10xxx/CVE-2017-10271.json +++ b/2017/10xxx/CVE-2017-10271.json @@ -1,100 +1,100 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebLogic Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "10.3.6.0.0" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3.0.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.1.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.3.6.0.0" + }, + { + "version_affected": "=", + "version_value": "12.1.3.0.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.1.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43458", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43458/" - }, - { - "name" : "43924", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43924/" - }, - { - "name" : "https://github.com/c0mmand3rOpSec/CVE-2017-10271", - "refsource" : "MISC", - "url" : "https://github.com/c0mmand3rOpSec/CVE-2017-10271" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101304", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101304" - }, - { - "name" : "1039608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43458", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43458/" + }, + { + "name": "1039608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039608" + }, + { + "name": "101304", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101304" + }, + { + "name": "https://github.com/c0mmand3rOpSec/CVE-2017-10271", + "refsource": "MISC", + "url": "https://github.com/c0mmand3rOpSec/CVE-2017-10271" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "43924", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43924/" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10411.json b/2017/10xxx/CVE-2017-10411.json index 175585bd311..08dcc5b745b 100644 --- a/2017/10xxx/CVE-2017-10411.json +++ b/2017/10xxx/CVE-2017-10411.json @@ -1,101 +1,101 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Knowledge Management", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.1" - }, - { - "version_affected" : "=", - "version_value" : "12.1.2" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - }, - { - "version_affected" : "=", - "version_value" : "12.2.7" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Knowledge Management", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.1" + }, + { + "version_affected": "=", + "version_value": "12.1.2" + }, + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + }, + { + "version_affected": "=", + "version_value": "12.2.7" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101345", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101345" - }, - { - "name" : "1039592", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "101345", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101345" + }, + { + "name": "1039592", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039592" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10976.json b/2017/10xxx/CVE-2017-10976.json index 92ac862ca01..25de9ae008e 100644 --- a/2017/10xxx/CVE-2017-10976.json +++ b/2017/10xxx/CVE-2017-10976.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead to a heap-based buffer over-read in the readBlock() function in lib/ttf.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/matthiaskramm/swftools/issues/28", - "refsource" : "MISC", - "url" : "https://github.com/matthiaskramm/swftools/issues/28" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead to a heap-based buffer over-read in the readBlock() function in lib/ttf.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/matthiaskramm/swftools/issues/28", + "refsource": "MISC", + "url": "https://github.com/matthiaskramm/swftools/issues/28" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13201.json b/2017/13xxx/CVE-2017-13201.json index a6707122d7f..231375ed722 100644 --- a/2017/13xxx/CVE-2017-13201.json +++ b/2017/13xxx/CVE-2017-13201.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-01-02T00:00:00", - "ID" : "CVE-2017-13201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "5.1.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the Android media framework (mediadrm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63982768." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-01-02T00:00:00", + "ID": "CVE-2017-13201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "5.1.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01" - }, - { - "name" : "102529", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the Android media framework (mediadrm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63982768." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" + }, + { + "name": "102529", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102529" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13327.json b/2017/13xxx/CVE-2017-13327.json index 9223e4233bd..c377d7b4c3d 100644 --- a/2017/13xxx/CVE-2017-13327.json +++ b/2017/13xxx/CVE-2017-13327.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13327", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13327", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13951.json b/2017/13xxx/CVE-2017-13951.json index 0a7e9811186..e9ae15beb43 100644 --- a/2017/13xxx/CVE-2017-13951.json +++ b/2017/13xxx/CVE-2017-13951.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13951", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13951", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17258.json b/2017/17xxx/CVE-2017-17258.json index 20b87eb3d49..900b804b857 100644 --- a/2017/17xxx/CVE-2017-17258.json +++ b/2017/17xxx/CVE-2017-17258.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-17258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR3600, AR510, DP300, IPS Module, NGFW Module, NIP6300, NIP6600, NIP6800, NetEngine16EX, RSE6500, SRG1300, SRG2300, SRG3300, SVN5600, SVN5800, SVN5800-C, SeMG9811, Secospace USG6300, Secospace USG6500, Secospace USG6600, TE30, TE40, TE50, TE60, TP3106, TP3206, USG6000V, USG9500, USG9520, USG9560, USG9580, VP9660, ViewPoint 8660, ViewPoint 9030", - "version" : { - "version_data" : [ - { - "version_value" : "AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 has a resource management vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets and send the packets to the affected products in the case of failure to apply for memory. Due to insufficient validation of packets, which could be exploited to cause process crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "resource management" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-17258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR3600, AR510, DP300, IPS Module, NGFW Module, NIP6300, NIP6600, NIP6800, NetEngine16EX, RSE6500, SRG1300, SRG2300, SRG3300, SVN5600, SVN5800, SVN5800-C, SeMG9811, Secospace USG6300, Secospace USG6500, Secospace USG6600, TE30, TE40, TE50, TE60, TP3106, TP3206, USG6000V, USG9500, USG9520, USG9560, USG9580, VP9660, ViewPoint 8660, ViewPoint 9030", + "version": { + "version_data": [ + { + "version_value": "AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171227-01-h323-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171227-01-h323-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 has a resource management vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets and send the packets to the affected products in the case of failure to apply for memory. Due to insufficient validation of packets, which could be exploited to cause process crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "resource management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171227-01-h323-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171227-01-h323-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17428.json b/2017/17xxx/CVE-2017-17428.json index 70507eadf7f..cac10d25144 100644 --- a/2017/17xxx/CVE-2017-17428.json +++ b/2017/17xxx/CVE-2017-17428.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.cavium.com/security-advisory-cve-2017-17428.html", - "refsource" : "CONFIRM", - "url" : "https://www.cavium.com/security-advisory-cve-2017-17428.html" - }, - { - "name" : "20171212 Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher" - }, - { - "name" : "VU#144389", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/144389" - }, - { - "name" : "102170", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102170" - }, - { - "name" : "1039984", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039984" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102170", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102170" + }, + { + "name": "https://www.cavium.com/security-advisory-cve-2017-17428.html", + "refsource": "CONFIRM", + "url": "https://www.cavium.com/security-advisory-cve-2017-17428.html" + }, + { + "name": "20171212 Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher" + }, + { + "name": "1039984", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039984" + }, + { + "name": "VU#144389", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/144389" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17819.json b/2017/17xxx/CVE-2017-17819.json index 726aa27871c..33935e6f490 100644 --- a/2017/17xxx/CVE-2017-17819.json +++ b/2017/17xxx/CVE-2017-17819.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af", - "refsource" : "MISC", - "url" : "http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af" - }, - { - "name" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392435", - "refsource" : "MISC", - "url" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392435" - }, - { - "name" : "USN-3694-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3694-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.nasm.us/show_bug.cgi?id=3392435", + "refsource": "MISC", + "url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392435" + }, + { + "name": "USN-3694-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3694-1/" + }, + { + "name": "http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af", + "refsource": "MISC", + "url": "http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17882.json b/2017/17xxx/CVE-2017-17882.json index d3a086b991b..6170a35fbf5 100644 --- a/2017/17xxx/CVE-2017-17882.json +++ b/2017/17xxx/CVE-2017-17882.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17882", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/880", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/880" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/880", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/880" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9035.json b/2017/9xxx/CVE-2017-9035.json index c6765bbecbd..4cf89377e28 100644 --- a/2017/9xxx/CVE-2017-9035.json +++ b/2017/9xxx/CVE-2017-9035.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9035", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170523 [CORE-2017-0002] - Trend Micro ServerProtect Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/May/91" - }, - { - "name" : "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html" - }, - { - "name" : "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities" - }, - { - "name" : "https://success.trendmicro.com/solution/1117411", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1117411" - }, - { - "name" : "1038548", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038548", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038548" + }, + { + "name": "https://success.trendmicro.com/solution/1117411", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1117411" + }, + { + "name": "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities" + }, + { + "name": "20170523 [CORE-2017-0002] - Trend Micro ServerProtect Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/May/91" + }, + { + "name": "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9230.json b/2017/9xxx/CVE-2017-9230.json index b869f9b3105..5d8146b185d 100644 --- a/2017/9xxx/CVE-2017-9230.json +++ b/2017/9xxx/CVE-2017-9230.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent. NOTE: a number of persons feel that this methodology is a benign mining optimization, not a vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mit.edu/~jlrubin//public/pdfs/Asicboost.pdf", - "refsource" : "MISC", - "url" : "http://www.mit.edu/~jlrubin//public/pdfs/Asicboost.pdf" - }, - { - "name" : "https://arxiv.org/ftp/arxiv/papers/1604/1604.00575.pdf", - "refsource" : "MISC", - "url" : "https://arxiv.org/ftp/arxiv/papers/1604/1604.00575.pdf" - }, - { - "name" : "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013996.html", - "refsource" : "MISC", - "url" : "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013996.html" - }, - { - "name" : "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014349.html", - "refsource" : "MISC", - "url" : "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014349.html" - }, - { - "name" : "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014351.html", - "refsource" : "MISC", - "url" : "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014351.html" - }, - { - "name" : "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014352.html", - "refsource" : "MISC", - "url" : "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014352.html" - }, - { - "name" : "98657", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent. NOTE: a number of persons feel that this methodology is a benign mining optimization, not a vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://arxiv.org/ftp/arxiv/papers/1604/1604.00575.pdf", + "refsource": "MISC", + "url": "https://arxiv.org/ftp/arxiv/papers/1604/1604.00575.pdf" + }, + { + "name": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013996.html", + "refsource": "MISC", + "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013996.html" + }, + { + "name": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014351.html", + "refsource": "MISC", + "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014351.html" + }, + { + "name": "98657", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98657" + }, + { + "name": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014352.html", + "refsource": "MISC", + "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014352.html" + }, + { + "name": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014349.html", + "refsource": "MISC", + "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014349.html" + }, + { + "name": "http://www.mit.edu/~jlrubin//public/pdfs/Asicboost.pdf", + "refsource": "MISC", + "url": "http://www.mit.edu/~jlrubin//public/pdfs/Asicboost.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9336.json b/2017/9xxx/CVE-2017-9336.json index 062b09f8124..2630876d23b 100644 --- a/2017/9xxx/CVE-2017-9336.json +++ b/2017/9xxx/CVE-2017-9336.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lncken.cn/?p=258", - "refsource" : "MISC", - "url" : "http://lncken.cn/?p=258" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lncken.cn/?p=258", + "refsource": "MISC", + "url": "http://lncken.cn/?p=258" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9686.json b/2017/9xxx/CVE-2017-9686.json index 3d8bb1665f6..87a13fb18ef 100644 --- a/2017/9xxx/CVE-2017-9686.json +++ b/2017/9xxx/CVE-2017-9686.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-10-02T00:00:00", - "ID" : "CVE-2017-9686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possible double free/use after free in the SPS driver when debugfs logging is used." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-10-02T00:00:00", + "ID": "CVE-2017-9686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-10-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-10-01" - }, - { - "name" : "101160", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possible double free/use after free in the SPS driver when debugfs logging is used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-10-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" + }, + { + "name": "101160", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101160" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9897.json b/2017/9xxx/CVE-2017-9897.json index aee3fe45f51..ac9e7bc56ff 100644 --- a/2017/9xxx/CVE-2017-9897.json +++ b/2017/9xxx/CVE-2017-9897.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"User Mode Write AV starting at Xfpx+0x000000000000dcab.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9897", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"User Mode Write AV starting at Xfpx+0x000000000000dcab.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9897", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9897" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0483.json b/2018/0xxx/CVE-2018-0483.json index e8f782051c5..77d64fd3eb6 100644 --- a/2018/0xxx/CVE-2018-0483.json +++ b/2018/0xxx/CVE-2018-0483.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2019-01-09T16:00:00-0800", - "ID" : "CVE-2018-0483", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Jabber IM for Android ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient validation of user-supplied input of an affected client. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. A successful exploit could allow the attacker to execute arbitrary script code in the context of the targeted client or allow the attacker to access sensitive client-based information." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "4.6", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-01-09T16:00:00-0800", + "ID": "CVE-2018-0483", + "STATE": "PUBLIC", + "TITLE": "Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Jabber IM for Android ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20190109 Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-jcf-im-xss" - }, - { - "name" : "106506", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106506" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20190109-jcf-im-xss", - "defect" : [ - [ - "CSCvm82721" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient validation of user-supplied input of an affected client. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. A successful exploit could allow the attacker to execute arbitrary script code in the context of the targeted client or allow the attacker to access sensitive client-based information." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "4.6", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106506", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106506" + }, + { + "name": "20190109 Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-jcf-im-xss" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190109-jcf-im-xss", + "defect": [ + [ + "CSCvm82721" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18704.json b/2018/18xxx/CVE-2018-18704.json index d76c32cd5db..7347124dd60 100644 --- a/2018/18xxx/CVE-2018-18704.json +++ b/2018/18xxx/CVE-2018-18704.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45682", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45682/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45682", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45682/" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18819.json b/2018/18xxx/CVE-2018-18819.json index 7c1e03e6fb9..bd3c192c4ee 100644 --- a/2018/18xxx/CVE-2018-18819.json +++ b/2018/18xxx/CVE-2018-18819.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18819", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18819", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18945.json b/2018/18xxx/CVE-2018-18945.json index 0beadb8fcda..e7c5a17b169 100644 --- a/2018/18xxx/CVE-2018-18945.json +++ b/2018/18xxx/CVE-2018-18945.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18945", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18945", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19299.json b/2018/19xxx/CVE-2018-19299.json index 4242b67618e..5546778a8ea 100644 --- a/2018/19xxx/CVE-2018-19299.json +++ b/2018/19xxx/CVE-2018-19299.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19299", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19299", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19669.json b/2018/19xxx/CVE-2018-19669.json index 06211135143..c6d3e886085 100644 --- a/2018/19xxx/CVE-2018-19669.json +++ b/2018/19xxx/CVE-2018-19669.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19669", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19669", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19773.json b/2018/19xxx/CVE-2018-19773.json index 63f94092a72..b96b678f229 100644 --- a/2018/19xxx/CVE-2018-19773.json +++ b/2018/19xxx/CVE-2018-19773.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page \"EditCurrentUser.jsp\" has reflected XSS via the GroupId and ConnPoolName parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Dec/20" - }, - { - "name" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page \"EditCurrentUser.jsp\" has reflected XSS via the GroupId and ConnPoolName parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html" + }, + { + "name": "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Dec/20" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19988.json b/2018/19xxx/CVE-2018-19988.json index f34e1592cc5..48d28a3f635 100644 --- a/2018/19xxx/CVE-2018-19988.json +++ b/2018/19xxx/CVE-2018-19988.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19988", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19988", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1416.json b/2018/1xxx/CVE-2018-1416.json index 9530943ffd5..31a622b78ea 100644 --- a/2018/1xxx/CVE-2018-1416.json +++ b/2018/1xxx/CVE-2018-1416.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-02-22T00:00:00", - "ID" : "CVE-2018-1416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Portal", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.5" - }, - { - "version_value" : "9.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138822." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-02-22T00:00:00", + "ID": "CVE-2018-1416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Portal", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.5" + }, + { + "version_value": "9.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/138822", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/138822" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22013706", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22013706" - }, - { - "name" : "103168", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103168" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138822." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138822", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138822" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22013706", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22013706" + }, + { + "name": "103168", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103168" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1486.json b/2018/1xxx/CVE-2018-1486.json index afb4707978c..6cc696fb6c6 100644 --- a/2018/1xxx/CVE-2018-1486.json +++ b/2018/1xxx/CVE-2018-1486.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1486", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1486", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1859.json b/2018/1xxx/CVE-2018-1859.json index a5ec9c8c3d7..e7a8c76c7aa 100644 --- a/2018/1xxx/CVE-2018-1859.json +++ b/2018/1xxx/CVE-2018-1859.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-01-02T00:00:00", - "ID" : "CVE-2018-1859", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "API Connect", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.0.0" - }, - { - "version_value" : "5.0.8.4" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their privileges. IBM X-Force ID: 151258." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "L", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "H", - "S" : "U", - "SCORE" : "4.300", - "UI" : "R" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-01-02T00:00:00", + "ID": "CVE-2018-1859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "API Connect", + "version": { + "version_data": [ + { + "version_value": "5.0.0.0" + }, + { + "version_value": "5.0.8.4" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10792055", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10792055" - }, - { - "name" : "106456", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106456" - }, - { - "name" : "ibm-api-cve20181859-priv-escalation(151258)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151258" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their privileges. IBM X-Force ID: 151258." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "L", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "H", + "S": "U", + "SCORE": "4.300", + "UI": "R" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-api-cve20181859-priv-escalation(151258)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151258" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10792055", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10792055" + }, + { + "name": "106456", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106456" + } + ] + } +} \ No newline at end of file