From 0baa0b483b1a9c02b1d7836b0dba9ebb86c1fcab Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:17:19 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2008/0xxx/CVE-2008-0155.json | 140 ++++---- 2008/0xxx/CVE-2008-0363.json | 160 ++++----- 2008/0xxx/CVE-2008-0428.json | 190 +++++----- 2008/0xxx/CVE-2008-0696.json | 150 ++++---- 2008/1xxx/CVE-2008-1047.json | 160 ++++----- 2008/1xxx/CVE-2008-1081.json | 200 +++++------ 2008/1xxx/CVE-2008-1187.json | 560 ++++++++++++++--------------- 2008/1xxx/CVE-2008-1674.json | 34 +- 2008/3xxx/CVE-2008-3224.json | 140 ++++---- 2008/4xxx/CVE-2008-4920.json | 34 +- 2008/4xxx/CVE-2008-4947.json | 170 ++++----- 2013/2xxx/CVE-2013-2027.json | 160 ++++----- 2013/2xxx/CVE-2013-2186.json | 300 ++++++++-------- 2013/2xxx/CVE-2013-2785.json | 130 +++---- 2013/3xxx/CVE-2013-3021.json | 34 +- 2013/3xxx/CVE-2013-3038.json | 130 +++---- 2013/3xxx/CVE-2013-3160.json | 140 ++++---- 2013/3xxx/CVE-2013-3442.json | 120 +++---- 2013/4xxx/CVE-2013-4104.json | 34 +- 2013/6xxx/CVE-2013-6919.json | 130 +++---- 2013/7xxx/CVE-2013-7336.json | 190 +++++----- 2013/7xxx/CVE-2013-7408.json | 130 +++---- 2017/10xxx/CVE-2017-10308.json | 140 ++++---- 2017/10xxx/CVE-2017-10363.json | 206 +++++------ 2017/10xxx/CVE-2017-10738.json | 120 +++---- 2017/13xxx/CVE-2017-13817.json | 130 +++---- 2017/17xxx/CVE-2017-17018.json | 34 +- 2017/17xxx/CVE-2017-17321.json | 130 +++---- 2017/17xxx/CVE-2017-17727.json | 120 +++---- 2017/17xxx/CVE-2017-17902.json | 120 +++---- 2017/9xxx/CVE-2017-9092.json | 34 +- 2017/9xxx/CVE-2017-9288.json | 150 ++++---- 2017/9xxx/CVE-2017-9593.json | 120 +++---- 2018/0xxx/CVE-2018-0165.json | 140 ++++---- 2018/0xxx/CVE-2018-0495.json | 270 +++++++------- 2018/1000xxx/CVE-2018-1000192.json | 126 +++---- 2018/18xxx/CVE-2018-18684.json | 34 +- 2018/19xxx/CVE-2018-19369.json | 34 +- 2018/19xxx/CVE-2018-19478.json | 170 ++++----- 2018/19xxx/CVE-2018-19506.json | 120 +++---- 2018/1xxx/CVE-2018-1202.json | 152 ++++---- 2018/1xxx/CVE-2018-1349.json | 186 +++++----- 2018/1xxx/CVE-2018-1480.json | 190 +++++----- 2018/1xxx/CVE-2018-1767.json | 200 +++++------ 44 files changed, 3181 insertions(+), 3181 deletions(-) diff --git a/2008/0xxx/CVE-2008-0155.json b/2008/0xxx/CVE-2008-0155.json index f22fb549c82..9a4e99d5c27 100644 --- a/2008/0xxx/CVE-2008-0155.json +++ b/2008/0xxx/CVE-2008-0155.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to inject arbitrary web script or HTML via the c parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4865", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4865" - }, - { - "name" : "27190", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27190" - }, - { - "name" : "evilboard-index-xss(39526)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to inject arbitrary web script or HTML via the c parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4865", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4865" + }, + { + "name": "evilboard-index-xss(39526)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39526" + }, + { + "name": "27190", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27190" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0363.json b/2008/0xxx/CVE-2008-0363.json index ac714e3b7ff..0101d7e8afa 100644 --- a/2008/0xxx/CVE-2008-0363.json +++ b/2008/0xxx/CVE-2008-0363.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Clever Copy 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to postcomment.php and the (2) album parameter to gallery.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080117 Clever Copy <=3.0 Multiple Remote Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/486492/100/0/threaded" - }, - { - "name" : "27335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27335" - }, - { - "name" : "28560", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28560" - }, - { - "name" : "3553", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3553" - }, - { - "name" : "clevercopy-postcomment-sql-injection(39746)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39746" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Clever Copy 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to postcomment.php and the (2) album parameter to gallery.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27335" + }, + { + "name": "3553", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3553" + }, + { + "name": "clevercopy-postcomment-sql-injection(39746)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39746" + }, + { + "name": "20080117 Clever Copy <=3.0 Multiple Remote Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/486492/100/0/threaded" + }, + { + "name": "28560", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28560" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0428.json b/2008/0xxx/CVE-2008-0428.json index fbe34e42a9a..a62bba172a6 100644 --- a/2008/0xxx/CVE-2008-0428.json +++ b/2008/0xxx/CVE-2008-0428.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the login function in system/class_permissions.php in bloofoxCMS 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080120 Bloofox CMS SQL Injection (Authentication bypass) , Source code", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=120093005310107&w=2" - }, - { - "name" : "20080120 Bloofox CMS SQL Injection (Authentication bypass) , Source codedisclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/486714/100/0/threaded" - }, - { - "name" : "4945", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4945" - }, - { - "name" : "http://bugreport.ir/?/27", - "refsource" : "MISC", - "url" : "http://bugreport.ir/?/27" - }, - { - "name" : "27361", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27361" - }, - { - "name" : "ADV-2008-0218", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0218" - }, - { - "name" : "28415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28415" - }, - { - "name" : "bloofoxcms-index-sql-injection(39794)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39794" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the login function in system/class_permissions.php in bloofoxCMS 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0218", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0218" + }, + { + "name": "bloofoxcms-index-sql-injection(39794)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39794" + }, + { + "name": "28415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28415" + }, + { + "name": "20080120 Bloofox CMS SQL Injection (Authentication bypass) , Source codedisclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/486714/100/0/threaded" + }, + { + "name": "4945", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4945" + }, + { + "name": "20080120 Bloofox CMS SQL Injection (Authentication bypass) , Source code", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=120093005310107&w=2" + }, + { + "name": "27361", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27361" + }, + { + "name": "http://bugreport.ir/?/27", + "refsource": "MISC", + "url": "http://bugreport.ir/?/27" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0696.json b/2008/0xxx/CVE-2008-0696.json index 155cec3f01c..08ae2529e48 100644 --- a/2008/0xxx/CVE-2008-0696.json +++ b/2008/0xxx/CVE-2008-0696.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT" - }, - { - "name" : "IZ07337", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ07337" - }, - { - "name" : "ADV-2008-0401", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0401" - }, - { - "name" : "28771", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28771" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT", + "refsource": "CONFIRM", + "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT" + }, + { + "name": "28771", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28771" + }, + { + "name": "ADV-2008-0401", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0401" + }, + { + "name": "IZ07337", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ07337" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1047.json b/2008/1xxx/CVE-2008-1047.json index b837569d26f..2182134b4a5 100644 --- a/2008/1xxx/CVE-2008-1047.json +++ b/2008/1xxx/CVE-2008-1047.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1047", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=1498", - "refsource" : "CONFIRM", - "url" : "http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=1498" - }, - { - "name" : "http://tikiwiki.org/ReleaseNotes1910", - "refsource" : "CONFIRM", - "url" : "http://tikiwiki.org/ReleaseNotes1910" - }, - { - "name" : "27968", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27968" - }, - { - "name" : "ADV-2008-0661", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0661" - }, - { - "name" : "29092", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29092" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29092", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29092" + }, + { + "name": "http://tikiwiki.org/ReleaseNotes1910", + "refsource": "CONFIRM", + "url": "http://tikiwiki.org/ReleaseNotes1910" + }, + { + "name": "27968", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27968" + }, + { + "name": "ADV-2008-0661", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0661" + }, + { + "name": "http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=1498", + "refsource": "CONFIRM", + "url": "http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=1498" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1081.json b/2008/1xxx/CVE-2008-1081.json index c685af5d7c5..7be76d022c2 100644 --- a/2008/1xxx/CVE-2008-1081.json +++ b/2008/1xxx/CVE-2008-1081.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/linux/926/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/linux/926/" - }, - { - "name" : "http://www.opera.com/support/search/view/879/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/search/view/879/" - }, - { - "name" : "GLSA-200803-09", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200803-09.xml" - }, - { - "name" : "SUSE-SA:2008:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00010.html" - }, - { - "name" : "27901", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27901" - }, - { - "name" : "ADV-2008-0622", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0622" - }, - { - "name" : "29029", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29029" - }, - { - "name" : "29178", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29178" - }, - { - "name" : "29152", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29029", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29029" + }, + { + "name": "27901", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27901" + }, + { + "name": "29152", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29152" + }, + { + "name": "GLSA-200803-09", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200803-09.xml" + }, + { + "name": "29178", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29178" + }, + { + "name": "http://www.opera.com/docs/changelogs/linux/926/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/linux/926/" + }, + { + "name": "http://www.opera.com/support/search/view/879/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/search/view/879/" + }, + { + "name": "ADV-2008-0622", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0622" + }, + { + "name": "SUSE-SA:2008:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00010.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1187.json b/2008/1xxx/CVE-2008-1187.json index fc72c047aac..dcc2be8a5c8 100644 --- a/2008/1xxx/CVE-2008-1187.json +++ b/2008/1xxx/CVE-2008-1187.json @@ -1,282 +1,282 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1187", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1187", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0010.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" - }, - { - "name" : "http://download.novell.com/Download?buildid=q5exhSqeBjA~", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=q5exhSqeBjA~" - }, - { - "name" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033642.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033642.html" - }, - { - "name" : "http://support.apple.com/kb/HT3178", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3178" - }, - { - "name" : "http://support.apple.com/kb/HT3179", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3179" - }, - { - "name" : "APPLE-SA-2008-09-24", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" - }, - { - "name" : "BEA08-201.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/277" - }, - { - "name" : "GLSA-200804-20", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" - }, - { - "name" : "GLSA-200804-28", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200804-28.xml" - }, - { - "name" : "GLSA-200806-11", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" - }, - { - "name" : "RHSA-2008:0186", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0186.html" - }, - { - "name" : "RHSA-2008:0210", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0210.html" - }, - { - "name" : "RHSA-2008:0243", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0243.html" - }, - { - "name" : "RHSA-2008:0244", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0244.html" - }, - { - "name" : "RHSA-2008:0245", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0245.html" - }, - { - "name" : "RHSA-2008:0555", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0555.html" - }, - { - "name" : "RHSA-2008:0267", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0267.html" - }, - { - "name" : "233322", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233322-1" - }, - { - "name" : "SUSE-SA:2008:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" - }, - { - "name" : "SUSE-SA:2008:025", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" - }, - { - "name" : "TA08-066A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" - }, - { - "name" : "JVN#04032535", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN04032535/index.html" - }, - { - "name" : "JVNDB-2008-000016", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000016.html" - }, - { - "name" : "oval:org.mitre.oval:def:10278", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10278" - }, - { - "name" : "ADV-2008-0770", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0770/references" - }, - { - "name" : "ADV-2008-1252", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1252" - }, - { - "name" : "ADV-2008-1856", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1856/references" - }, - { - "name" : "1019548", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019548" - }, - { - "name" : "29273", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29273" - }, - { - "name" : "29239", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29239" - }, - { - "name" : "29498", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29498" - }, - { - "name" : "29582", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29582" - }, - { - "name" : "29841", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29841" - }, - { - "name" : "29858", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29858" - }, - { - "name" : "29999", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29999" - }, - { - "name" : "30003", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30003" - }, - { - "name" : "29897", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29897" - }, - { - "name" : "30676", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30676" - }, - { - "name" : "30780", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30780" - }, - { - "name" : "31067", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31067" - }, - { - "name" : "31497", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31497" - }, - { - "name" : "31580", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31580" - }, - { - "name" : "31586", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31586" - }, - { - "name" : "32018", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32018" - }, - { - "name" : "java-virtualmachine-multiple-priv-escalation(41025)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29999", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29999" + }, + { + "name": "APPLE-SA-2008-09-24", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" + }, + { + "name": "30676", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30676" + }, + { + "name": "29841", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29841" + }, + { + "name": "RHSA-2008:0267", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" + }, + { + "name": "SUSE-SA:2008:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" + }, + { + "name": "RHSA-2008:0245", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0245.html" + }, + { + "name": "RHSA-2008:0243", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0243.html" + }, + { + "name": "32018", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32018" + }, + { + "name": "31586", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31586" + }, + { + "name": "java-virtualmachine-multiple-priv-escalation(41025)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41025" + }, + { + "name": "http://download.novell.com/Download?buildid=q5exhSqeBjA~", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=q5exhSqeBjA~" + }, + { + "name": "JVNDB-2008-000016", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000016.html" + }, + { + "name": "29897", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29897" + }, + { + "name": "29498", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29498" + }, + { + "name": "JVN#04032535", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN04032535/index.html" + }, + { + "name": "BEA08-201.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/277" + }, + { + "name": "GLSA-200804-28", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" + }, + { + "name": "29239", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29239" + }, + { + "name": "29858", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29858" + }, + { + "name": "TA08-066A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" + }, + { + "name": "SUSE-SA:2008:025", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" + }, + { + "name": "http://support.apple.com/kb/HT3178", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3178" + }, + { + "name": "29582", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29582" + }, + { + "name": "ADV-2008-1252", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1252" + }, + { + "name": "1019548", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019548" + }, + { + "name": "ADV-2008-0770", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0770/references" + }, + { + "name": "31497", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31497" + }, + { + "name": "RHSA-2008:0210", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" + }, + { + "name": "31067", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31067" + }, + { + "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033642.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033642.html" + }, + { + "name": "30780", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30780" + }, + { + "name": "RHSA-2008:0244", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0244.html" + }, + { + "name": "ADV-2008-1856", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1856/references" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" + }, + { + "name": "30003", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30003" + }, + { + "name": "233322", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233322-1" + }, + { + "name": "GLSA-200804-20", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" + }, + { + "name": "GLSA-200806-11", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" + }, + { + "name": "RHSA-2008:0186", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" + }, + { + "name": "http://support.apple.com/kb/HT3179", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3179" + }, + { + "name": "RHSA-2008:0555", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0555.html" + }, + { + "name": "31580", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31580" + }, + { + "name": "oval:org.mitre.oval:def:10278", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10278" + }, + { + "name": "29273", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29273" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1674.json b/2008/1xxx/CVE-2008-1674.json index f4e28dbeaa5..e76e7c75571 100644 --- a/2008/1xxx/CVE-2008-1674.json +++ b/2008/1xxx/CVE-2008-1674.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1674", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-1674", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3224.json b/2008/3xxx/CVE-2008-3224.json index 3cf4d8933db..0ce84879010 100644 --- a/2008/3xxx/CVE-2008-3224.json +++ b/2008/3xxx/CVE-2008-3224.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and attack vectors related to \"urls gone through redirect() being used within login_box().\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080712 CVE request: phpbb < 3.0.2", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/07/12/1" - }, - { - "name" : "http://www.phpbb.com/community/viewtopic.php?f=14&t=1059565&sid=2d3a6352a484588e1ad80f09dd19fe33", - "refsource" : "CONFIRM", - "url" : "http://www.phpbb.com/community/viewtopic.php?f=14&t=1059565&sid=2d3a6352a484588e1ad80f09dd19fe33" - }, - { - "name" : "phpbb-urls-unspecified(44208)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44208" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and attack vectors related to \"urls gone through redirect() being used within login_box().\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20080712 CVE request: phpbb < 3.0.2", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/07/12/1" + }, + { + "name": "phpbb-urls-unspecified(44208)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44208" + }, + { + "name": "http://www.phpbb.com/community/viewtopic.php?f=14&t=1059565&sid=2d3a6352a484588e1ad80f09dd19fe33", + "refsource": "CONFIRM", + "url": "http://www.phpbb.com/community/viewtopic.php?f=14&t=1059565&sid=2d3a6352a484588e1ad80f09dd19fe33" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4920.json b/2008/4xxx/CVE-2008-4920.json index 2f3c4dbef79..f920401aa98 100644 --- a/2008/4xxx/CVE-2008-4920.json +++ b/2008/4xxx/CVE-2008-4920.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4920", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate was based on an incorrect claim regarding a directory issue in Agavi. The vendor has disputed the issue and the original researcher has retracted the original claim, so this is not a vulnerability. Further investigation by the vendor and original researcher show that the original issue was in a site-specific modification, which is outside the scope of CVE. Notes: CVE users should not use this identifier." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-4920", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate was based on an incorrect claim regarding a directory issue in Agavi. The vendor has disputed the issue and the original researcher has retracted the original claim, so this is not a vulnerability. Further investigation by the vendor and original researcher show that the original issue was in a site-specific modification, which is outside the scope of CVE. Notes: CVE users should not use this identifier." + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4947.json b/2008/4xxx/CVE-2008-4947.json index e62f50b5542..c1ee01d44a4 100644 --- a/2008/4xxx/CVE-2008-4947.json +++ b/2008/4xxx/CVE-2008-4947.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dhis-dummy-log-engine in dhis-server 5.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/dhis-dummy-log-engine.log temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2" - }, - { - "name" : "http://uvw.ru/report.lenny.txt", - "refsource" : "MISC", - "url" : "http://uvw.ru/report.lenny.txt" - }, - { - "name" : "http://bugs.debian.org/496388", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/496388" - }, - { - "name" : "http://dev.gentoo.org/~rbu/security/debiantemp/dhis-server", - "refsource" : "CONFIRM", - "url" : "http://dev.gentoo.org/~rbu/security/debiantemp/dhis-server" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770" - }, - { - "name" : "30900", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30900" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dhis-dummy-log-engine in dhis-server 5.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/dhis-dummy-log-engine.log temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dev.gentoo.org/~rbu/security/debiantemp/dhis-server", + "refsource": "CONFIRM", + "url": "http://dev.gentoo.org/~rbu/security/debiantemp/dhis-server" + }, + { + "name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=235770", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770" + }, + { + "name": "http://uvw.ru/report.lenny.txt", + "refsource": "MISC", + "url": "http://uvw.ru/report.lenny.txt" + }, + { + "name": "http://bugs.debian.org/496388", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/496388" + }, + { + "name": "30900", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30900" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2027.json b/2013/2xxx/CVE-2013-2027.json index 5ef69149435..4ee3d90a8ca 100644 --- a/2013/2xxx/CVE-2013-2027.json +++ b/2013/2xxx/CVE-2013-2027.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=947949", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=947949" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0096.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0096.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "MDVSA-2015:158", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:158" - }, - { - "name" : "openSUSE-SU-2015:0269", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2015:158", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:158" + }, + { + "name": "openSUSE-SU-2015:0269", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=947949", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=947949" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0096.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0096.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2186.json b/2013/2xxx/CVE-2013-2186.json index 9b9a08e5250..1712942d198 100644 --- a/2013/2xxx/CVE-2013-2186.json +++ b/2013/2xxx/CVE-2013-2186.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2016-23", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2016-23" - }, - { - "name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", - "refsource" : "CONFIRM", - "url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "DSA-2827", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2827" - }, - { - "name" : "RHSA-2013:1428", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1428.html" - }, - { - "name" : "RHSA-2013:1429", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1429.html" - }, - { - "name" : "RHSA-2013:1430", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1430.html" - }, - { - "name" : "RHSA-2013:1448", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1448.html" - }, - { - "name" : "RHSA-2016:0070", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:0070" - }, - { - "name" : "RHSA-2013:1442", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1442.html" - }, - { - "name" : "SUSE-SU-2013:1660", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html" - }, - { - "name" : "openSUSE-SU-2013:1571", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html" - }, - { - "name" : "openSUSE-SU-2013:1596", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html" - }, - { - "name" : "USN-2029-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-2029-1" - }, - { - "name" : "63174", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63174" - }, - { - "name" : "55716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55716" - }, - { - "name" : "apache-commons-cve20132186-file-overrwite(88133)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88133" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1430", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1430.html" + }, + { + "name": "RHSA-2013:1429", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1429.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "apache-commons-cve20132186-file-overrwite(88133)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88133" + }, + { + "name": "openSUSE-SU-2013:1571", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "55716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55716" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "openSUSE-SU-2013:1596", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html" + }, + { + "name": "SUSE-SU-2013:1660", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html" + }, + { + "name": "RHSA-2013:1428", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1428.html" + }, + { + "name": "DSA-2827", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2827" + }, + { + "name": "RHSA-2016:0070", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:0070" + }, + { + "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", + "refsource": "CONFIRM", + "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01" + }, + { + "name": "RHSA-2013:1442", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1442.html" + }, + { + "name": "RHSA-2013:1448", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1448.html" + }, + { + "name": "https://www.tenable.com/security/research/tra-2016-23", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2016-23" + }, + { + "name": "63174", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63174" + }, + { + "name": "USN-2029-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-2029-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2785.json b/2013/2xxx/CVE-2013-2785.json index b00abf9efc8..2e7223c9ee6 100644 --- a/2013/2xxx/CVE-2013-2785.json +++ b/2013/2xxx/CVE-2013-2785.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary code via crafted data in packets to TCP port 10212, aka ZDI-CAN-1621 and ZDI-CAN-1624." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2013-2785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-170-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-170-01" - }, - { - "name" : "http://support.ge-ip.com/support/index?page=kbchannel&id=KB15602", - "refsource" : "CONFIRM", - "url" : "http://support.ge-ip.com/support/index?page=kbchannel&id=KB15602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary code via crafted data in packets to TCP port 10212, aka ZDI-CAN-1621 and ZDI-CAN-1624." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-170-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-170-01" + }, + { + "name": "http://support.ge-ip.com/support/index?page=kbchannel&id=KB15602", + "refsource": "CONFIRM", + "url": "http://support.ge-ip.com/support/index?page=kbchannel&id=KB15602" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3021.json b/2013/3xxx/CVE-2013-3021.json index 7c6f8e1a531..3bae6a810d5 100644 --- a/2013/3xxx/CVE-2013-3021.json +++ b/2013/3xxx/CVE-2013-3021.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3021", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3021", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3038.json b/2013/3xxx/CVE-2013-3038.json index 10d32da1769..a3f3f2bd44d 100644 --- a/2013/3xxx/CVE-2013-3038.json +++ b/2013/3xxx/CVE-2013-3038.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for remote attackers to discover credentials via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-3038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21645927", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21645927" - }, - { - "name" : "rrc-cve20133038-weak-security(84708)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84708" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for remote attackers to discover credentials via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "rrc-cve20133038-weak-security(84708)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84708" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21645927", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21645927" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3160.json b/2013/3xxx/CVE-2013-3160.json index e49867d7701..c88fa8ebf99 100644 --- a/2013/3xxx/CVE-2013-3160.json +++ b/2013/3xxx/CVE-2013-3160.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, and Word Viewer allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka \"XML External Entities Resolution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-072", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072" - }, - { - "name" : "TA13-253A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-253A" - }, - { - "name" : "oval:org.mitre.oval:def:18819", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, and Word Viewer allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka \"XML External Entities Resolution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-072", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072" + }, + { + "name": "oval:org.mitre.oval:def:18819", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18819" + }, + { + "name": "TA13-253A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-253A" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3442.json b/2013/3xxx/CVE-2013-3442.json index 5d7ec1a341d..6acfa029de3 100644 --- a/2013/3xxx/CVE-2013-3442.json +++ b/2013/3xxx/CVE-2013-3442.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-3442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130802 Cisco Unified Communications Manager Stack Trace Web Disclosure Issue", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130802 Cisco Unified Communications Manager Stack Trace Web Disclosure Issue", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3442" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4104.json b/2013/4xxx/CVE-2013-4104.json index 53336417fe8..12cd34becc8 100644 --- a/2013/4xxx/CVE-2013-4104.json +++ b/2013/4xxx/CVE-2013-4104.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4104", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4104", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6919.json b/2013/6xxx/CVE-2013-6919.json index b205ff8b002..129744cea5e 100644 --- a/2013/6xxx/CVE-2013-6919.json +++ b/2013/6xxx/CVE-2013-6919.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.rafayhackingarticles.net/2013/11/phpthumb-server-side-request-forgery.html", - "refsource" : "MISC", - "url" : "http://www.rafayhackingarticles.net/2013/11/phpthumb-server-side-request-forgery.html" - }, - { - "name" : "https://github.com/JamesHeinrich/phpThumb/blob/master/docs/phpthumb.changelog.txt", - "refsource" : "CONFIRM", - "url" : "https://github.com/JamesHeinrich/phpThumb/blob/master/docs/phpthumb.changelog.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/JamesHeinrich/phpThumb/blob/master/docs/phpthumb.changelog.txt", + "refsource": "CONFIRM", + "url": "https://github.com/JamesHeinrich/phpThumb/blob/master/docs/phpthumb.changelog.txt" + }, + { + "name": "http://www.rafayhackingarticles.net/2013/11/phpthumb-server-side-request-forgery.html", + "refsource": "MISC", + "url": "http://www.rafayhackingarticles.net/2013/11/phpthumb-server-side-request-forgery.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7336.json b/2013/7xxx/CVE-2013-7336.json index 159922a4117..fadec925c2e 100644 --- a/2013/7xxx/CVE-2013-7336.json +++ b/2013/7xxx/CVE-2013-7336.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140318 CVE request -- libvirt: unprivileged user can crash libvirtd during spice migration", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/03/18/1" - }, - { - "name" : "[oss-security] 20140318 Re: CVE request -- libvirt: unprivileged user can crash libvirtd during spice migration", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/03/18/3" - }, - { - "name" : "http://libvirt.org/git/?p=libvirt.git;a=commit;h=484cc321", - "refsource" : "CONFIRM", - "url" : "http://libvirt.org/git/?p=libvirt.git;a=commit;h=484cc321" - }, - { - "name" : "http://libvirt.org/news.html", - "refsource" : "CONFIRM", - "url" : "http://libvirt.org/news.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1077620", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1077620" - }, - { - "name" : "GLSA-201412-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201412-04.xml" - }, - { - "name" : "openSUSE-SU-2014:0593", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00004.html" - }, - { - "name" : "60895", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://libvirt.org/news.html", + "refsource": "CONFIRM", + "url": "http://libvirt.org/news.html" + }, + { + "name": "60895", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60895" + }, + { + "name": "GLSA-201412-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201412-04.xml" + }, + { + "name": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=484cc321", + "refsource": "CONFIRM", + "url": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=484cc321" + }, + { + "name": "openSUSE-SU-2014:0593", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00004.html" + }, + { + "name": "[oss-security] 20140318 CVE request -- libvirt: unprivileged user can crash libvirtd during spice migration", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/03/18/1" + }, + { + "name": "[oss-security] 20140318 Re: CVE request -- libvirt: unprivileged user can crash libvirtd during spice migration", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/03/18/3" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1077620", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077620" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7408.json b/2013/7xxx/CVE-2013-7408.json index faad3d72c12..b72ed0fba7b 100644 --- a/2013/7xxx/CVE-2013-7408.json +++ b/2013/7xxx/CVE-2013-7408.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14334.html", - "refsource" : "CONFIRM", - "url" : "http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14334.html" - }, - { - "name" : "68792", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14334.html", + "refsource": "CONFIRM", + "url": "http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14334.html" + }, + { + "name": "68792", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68792" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10308.json b/2017/10xxx/CVE-2017-10308.json index 586cf636329..acc625c33b0 100644 --- a/2017/10xxx/CVE-2017-10308.json +++ b/2017/10xxx/CVE-2017-10308.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10308", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Agile PLM Framework", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.3.5" - }, - { - "version_affected" : "=", - "version_value" : "9.3.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Performance). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows physical access to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 3.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows physical access to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10308", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Agile PLM Framework", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.3.5" + }, + { + "version_affected": "=", + "version_value": "9.3.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101379", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101379" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Performance). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows physical access to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 3.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows physical access to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101379", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101379" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10363.json b/2017/10xxx/CVE-2017-10363.json index d518e119707..84f58227bd6 100644 --- a/2017/10xxx/CVE-2017-10363.json +++ b/2017/10xxx/CVE-2017-10363.json @@ -1,105 +1,105 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Universal Banking", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.3" - }, - { - "version_affected" : "=", - "version_value" : "11.4.0" - }, - { - "version_affected" : "=", - "version_value" : "12.0.1" - }, - { - "version_affected" : "=", - "version_value" : "12.0.2" - }, - { - "version_affected" : "=", - "version_value" : "12.0.3" - }, - { - "version_affected" : "=", - "version_value" : "12.1.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.0" - }, - { - "version_affected" : "=", - "version_value" : "12.3.0" - }, - { - "version_affected" : "=", - "version_value" : "12.4.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Security). Supported versions that are affected are 11.3, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. Note: Contact Support for fixes. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.3" + }, + { + "version_affected": "=", + "version_value": "11.4.0" + }, + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.2" + }, + { + "version_affected": "=", + "version_value": "12.0.3" + }, + { + "version_affected": "=", + "version_value": "12.1.0" + }, + { + "version_affected": "=", + "version_value": "12.2.0" + }, + { + "version_affected": "=", + "version_value": "12.3.0" + }, + { + "version_affected": "=", + "version_value": "12.4.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101297", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101297" - }, - { - "name" : "1039594", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Security). Supported versions that are affected are 11.3, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. Note: Contact Support for fixes. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039594", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039594" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "101297", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101297" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10738.json b/2017/10xxx/CVE-2017-10738.json index e4ceba5ab7d..d5a1448d21a 100644 --- a/2017/10xxx/CVE-2017-10738.json +++ b/2017/10xxx/CVE-2017-10738.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"Data Execution Prevention Violation starting at Unknown Symbol @ 0x000000002f32332f called from KERNELBASE!CompareStringW+0x0000000000000082.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10738", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10738" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"Data Execution Prevention Violation starting at Unknown Symbol @ 0x000000002f32332f called from KERNELBASE!CompareStringW+0x0000000000000082.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10738", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10738" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13817.json b/2017/13xxx/CVE-2017-13817.json index 6411258c4c8..7935b041bd8 100644 --- a/2017/13xxx/CVE-2017-13817.json +++ b/2017/13xxx/CVE-2017-13817.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-13817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An out-of-bounds read issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"Kernel\" component. It allows local users to bypass intended memory-read restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-13817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "1039710", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039710" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An out-of-bounds read issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"Kernel\" component. It allows local users to bypass intended memory-read restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "1039710", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039710" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17018.json b/2017/17xxx/CVE-2017-17018.json index a57b6b430e9..cee75e0e93f 100644 --- a/2017/17xxx/CVE-2017-17018.json +++ b/2017/17xxx/CVE-2017-17018.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17018", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17018", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17321.json b/2017/17xxx/CVE-2017-17321.json index 8a345d18cee..6838c0dc34b 100644 --- a/2017/17xxx/CVE-2017-17321.json +++ b/2017/17xxx/CVE-2017-17321.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-17321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "eNSP", - "version" : { - "version_data" : [ - { - "version_value" : "Versions earlier than V100R002C00B510" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei eNSP software with software of versions earlier than V100R002C00B510 has a buffer overflow vulnerability. Due to the improper validation of specific command line parameter, a local attacker could exploit this vulnerability to cause the software process abnormal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-17321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "eNSP", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than V100R002C00B510" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180309-01-ensp-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180309-01-ensp-en" - }, - { - "name" : "103425", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei eNSP software with software of versions earlier than V100R002C00B510 has a buffer overflow vulnerability. Due to the improper validation of specific command line parameter, a local attacker could exploit this vulnerability to cause the software process abnormal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180309-01-ensp-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180309-01-ensp-en" + }, + { + "name": "103425", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103425" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17727.json b/2017/17xxx/CVE-2017-17727.json index 668cb662e67..3333442ba77 100644 --- a/2017/17xxx/CVE-2017-17727.json +++ b/2017/17xxx/CVE-2017-17727.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17727", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17727", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.seebug.org/vuldb/ssvid-20050", - "refsource" : "MISC", - "url" : "https://www.seebug.org/vuldb/ssvid-20050" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.seebug.org/vuldb/ssvid-20050", + "refsource": "MISC", + "url": "https://www.seebug.org/vuldb/ssvid-20050" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17902.json b/2017/17xxx/CVE-2017-17902.json index 3c523dc8aa1..643c6fd59ef 100644 --- a/2017/17xxx/CVE-2017-17902.json +++ b/2017/17xxx/CVE-2017-17902.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection exists in Kliqqi CMS 3.5.2 via the randkey parameter of a new story at the pligg/story.php?title= URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://edricteo.com/kliqqi-cms-sqli-vulnerability-in-version-3.5.2/", - "refsource" : "MISC", - "url" : "https://edricteo.com/kliqqi-cms-sqli-vulnerability-in-version-3.5.2/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection exists in Kliqqi CMS 3.5.2 via the randkey parameter of a new story at the pligg/story.php?title= URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://edricteo.com/kliqqi-cms-sqli-vulnerability-in-version-3.5.2/", + "refsource": "MISC", + "url": "https://edricteo.com/kliqqi-cms-sqli-vulnerability-in-version-3.5.2/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9092.json b/2017/9xxx/CVE-2017-9092.json index cf9d1e4f5d6..a875d920fd3 100644 --- a/2017/9xxx/CVE-2017-9092.json +++ b/2017/9xxx/CVE-2017-9092.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9092", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9092", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9288.json b/2017/9xxx/CVE-2017-9288.json index 1814f73d4d3..071fd8007c0 100644 --- a/2017/9xxx/CVE-2017-9288.json +++ b/2017/9xxx/CVE-2017-9288.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jgj212.blogspot.kr/2017/05/a-reflected-xss-vulnerability-in.html", - "refsource" : "MISC", - "url" : "http://jgj212.blogspot.kr/2017/05/a-reflected-xss-vulnerability-in.html" - }, - { - "name" : "https://github.com/MindscapeHQ/raygun4wordpress/issues/16", - "refsource" : "MISC", - "url" : "https://github.com/MindscapeHQ/raygun4wordpress/issues/16" - }, - { - "name" : "https://github.com/MindscapeHQ/raygun4wordpress/pull/17", - "refsource" : "MISC", - "url" : "https://github.com/MindscapeHQ/raygun4wordpress/pull/17" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8836", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/MindscapeHQ/raygun4wordpress/issues/16", + "refsource": "MISC", + "url": "https://github.com/MindscapeHQ/raygun4wordpress/issues/16" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8836", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8836" + }, + { + "name": "https://github.com/MindscapeHQ/raygun4wordpress/pull/17", + "refsource": "MISC", + "url": "https://github.com/MindscapeHQ/raygun4wordpress/pull/17" + }, + { + "name": "http://jgj212.blogspot.kr/2017/05/a-reflected-xss-vulnerability-in.html", + "refsource": "MISC", + "url": "http://jgj212.blogspot.kr/2017/05/a-reflected-xss-vulnerability-in.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9593.json b/2017/9xxx/CVE-2017-9593.json index bebed6fd558..bb94be403f7 100644 --- a/2017/9xxx/CVE-2017-9593.json +++ b/2017/9xxx/CVE-2017-9593.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"Oculina Mobile Banking\" by Oculina Bank app 3.0.0 -- aka oculina-mobile-banking/id867025690 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"Oculina Mobile Banking\" by Oculina Bank app 3.0.0 -- aka oculina-mobile-banking/id867025690 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0165.json b/2018/0xxx/CVE-2018-0165.json index 24fe315dc58..54902e14ad6 100644 --- a/2018/0xxx/CVE-2018-0165.json +++ b/2018/0xxx/CVE-2018-0165.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS XE", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS XE" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Internet Group Management Protocol (IGMP) packet-processing functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an affected device, resulting in a denial of service (DoS) condition, aka a Memory Leak. The vulnerability is due to the affected software insufficiently processing IGMP Membership Query packets that are sent to an affected device. An attacker could exploit this vulnerability by sending a large number of IGMP Membership Query packets, which contain certain values, to an affected device. A successful exploit could allow the attacker to exhaust buffers on the affected device, resulting in a DoS condition that requires the device to be reloaded manually. This vulnerability affects: Cisco Catalyst 4500 Switches with Supervisor Engine 8-E, if they are running Cisco IOS XE Software Release 3.x.x.E and IP multicast routing is configured; Cisco devices that are running Cisco IOS XE Software Release 16.x, if IP multicast routing is configured. Cisco Bug IDs: CSCuw09295, CSCve94496." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS XE" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-igmp", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-igmp" - }, - { - "name" : "103568", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103568" - }, - { - "name" : "1040592", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Internet Group Management Protocol (IGMP) packet-processing functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an affected device, resulting in a denial of service (DoS) condition, aka a Memory Leak. The vulnerability is due to the affected software insufficiently processing IGMP Membership Query packets that are sent to an affected device. An attacker could exploit this vulnerability by sending a large number of IGMP Membership Query packets, which contain certain values, to an affected device. A successful exploit could allow the attacker to exhaust buffers on the affected device, resulting in a DoS condition that requires the device to be reloaded manually. This vulnerability affects: Cisco Catalyst 4500 Switches with Supervisor Engine 8-E, if they are running Cisco IOS XE Software Release 3.x.x.E and IP multicast routing is configured; Cisco devices that are running Cisco IOS XE Software Release 16.x, if IP multicast routing is configured. Cisco Bug IDs: CSCuw09295, CSCve94496." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040592", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040592" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-igmp", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-igmp" + }, + { + "name": "103568", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103568" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0495.json b/2018/0xxx/CVE-2018-0495.json index 88e05aa05ed..e2b1cbfbce5 100644 --- a/2018/0xxx/CVE-2018-0495.json +++ b/2018/0xxx/CVE-2018-0495.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@debian.org", - "ID" : "CVE-2018-0495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3", - "version" : { - "version_data" : [ - { - "version_value" : "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "side-channel attack" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2018-0495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3", + "version": { + "version_data": [ + { + "version_value": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180629 [SECURITY] [DLA 1405-1] libgcrypt20 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html" - }, - { - "name" : "https://dev.gnupg.org/T4011", - "refsource" : "MISC", - "url" : "https://dev.gnupg.org/T4011" - }, - { - "name" : "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "refsource" : "MISC", - "url" : "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965" - }, - { - "name" : "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "refsource" : "MISC", - "url" : "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html" - }, - { - "name" : "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "refsource" : "MISC", - "url" : "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/" - }, - { - "name" : "DSA-4231", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4231" - }, - { - "name" : "RHSA-2018:3221", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3221" - }, - { - "name" : "RHSA-2018:3505", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3505" - }, - { - "name" : "USN-3689-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3689-1/" - }, - { - "name" : "USN-3689-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3689-2/" - }, - { - "name" : "USN-3692-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3692-1/" - }, - { - "name" : "USN-3692-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3692-2/" - }, - { - "name" : "USN-3850-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3850-1/" - }, - { - "name" : "USN-3850-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3850-2/" - }, - { - "name" : "1041144", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041144" - }, - { - "name" : "1041147", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "side-channel attack" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "refsource": "MISC", + "url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965" + }, + { + "name": "1041144", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041144" + }, + { + "name": "USN-3850-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3850-1/" + }, + { + "name": "1041147", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041147" + }, + { + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "refsource": "MISC", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/" + }, + { + "name": "USN-3689-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3689-1/" + }, + { + "name": "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "refsource": "MISC", + "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html" + }, + { + "name": "USN-3689-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3689-2/" + }, + { + "name": "USN-3692-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3692-2/" + }, + { + "name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1405-1] libgcrypt20 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html" + }, + { + "name": "DSA-4231", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4231" + }, + { + "name": "RHSA-2018:3505", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3505" + }, + { + "name": "USN-3850-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3850-2/" + }, + { + "name": "USN-3692-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3692-1/" + }, + { + "name": "RHSA-2018:3221", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3221" + }, + { + "name": "https://dev.gnupg.org/T4011", + "refsource": "MISC", + "url": "https://dev.gnupg.org/T4011" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000192.json b/2018/1000xxx/CVE-2018-1000192.json index 54374258511..b5d0458af6b 100644 --- a/2018/1000xxx/CVE-2018-1000192.json +++ b/2018/1000xxx/CVE-2018-1000192.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-06-05T13:57:43.649497", - "DATE_REQUESTED" : "2018-05-09T00:00:00", - "ID" : "CVE-2018-1000192", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins", - "version" : { - "version_data" : [ - { - "version_value" : "2.120 and older, LTS 2.107.2 and older" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all installed plugins." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-06-05T13:57:43.649497", + "DATE_REQUESTED": "2018-05-09T00:00:00", + "ID": "CVE-2018-1000192", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-771", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-771" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all installed plugins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-771", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-771" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18684.json b/2018/18xxx/CVE-2018-18684.json index a64bcdcd0fc..5b9ce97d26d 100644 --- a/2018/18xxx/CVE-2018-18684.json +++ b/2018/18xxx/CVE-2018-18684.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18684", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18684", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19369.json b/2018/19xxx/CVE-2018-19369.json index 679a330cb05..c8fb72a9452 100644 --- a/2018/19xxx/CVE-2018-19369.json +++ b/2018/19xxx/CVE-2018-19369.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19369", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19369", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19478.json b/2018/19xxx/CVE-2018-19478.json index 159818e431e..dd1d0edf891 100644 --- a/2018/19xxx/CVE-2018-19478.json +++ b/2018/19xxx/CVE-2018-19478.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181227 [SECURITY] [DLA 1620-1] ghostscript security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00019.html" - }, - { - "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0a7e5a1c309fa0911b892fa40996a7d55d90bace", - "refsource" : "CONFIRM", - "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0a7e5a1c309fa0911b892fa40996a7d55d90bace" - }, - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=699856", - "refsource" : "CONFIRM", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=699856" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1655607", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1655607" - }, - { - "name" : "https://www.ghostscript.com/doc/9.26/History9.htm", - "refsource" : "CONFIRM", - "url" : "https://www.ghostscript.com/doc/9.26/History9.htm" - }, - { - "name" : "106445", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106445", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106445" + }, + { + "name": "https://www.ghostscript.com/doc/9.26/History9.htm", + "refsource": "CONFIRM", + "url": "https://www.ghostscript.com/doc/9.26/History9.htm" + }, + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=699856", + "refsource": "CONFIRM", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=699856" + }, + { + "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0a7e5a1c309fa0911b892fa40996a7d55d90bace", + "refsource": "CONFIRM", + "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0a7e5a1c309fa0911b892fa40996a7d55d90bace" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1655607", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1655607" + }, + { + "name": "[debian-lts-announce] 20181227 [SECURITY] [DLA 1620-1] ghostscript security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00019.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19506.json b/2018/19xxx/CVE-2018-19506.json index c4ae423a82c..a87eb3817a4 100644 --- a/2018/19xxx/CVE-2018-19506.json +++ b/2018/19xxx/CVE-2018-19506.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/security-breachlock/CVE-2018-19506/blob/master/Zurmo_PS.pdf", - "refsource" : "MISC", - "url" : "https://github.com/security-breachlock/CVE-2018-19506/blob/master/Zurmo_PS.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/security-breachlock/CVE-2018-19506/blob/master/Zurmo_PS.pdf", + "refsource": "MISC", + "url": "https://github.com/security-breachlock/CVE-2018-19506/blob/master/Zurmo_PS.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1202.json b/2018/1xxx/CVE-2018-1202.json index 51d92fb9a6c..da8f4fa9081 100644 --- a/2018/1xxx/CVE-2018-1202.json +++ b/2018/1xxx/CVE-2018-1202.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "DATE_PUBLIC" : "2018-03-19T00:00:00", - "ID" : "CVE-2018-1202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Isilon OneFS", - "version" : { - "version_data" : [ - { - "version_value" : "versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6 and version 7.1.1.11" - } - ] - } - } - ] - }, - "vendor_name" : "Dell EMC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-03-19T00:00:00", + "ID": "CVE-2018-1202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Isilon OneFS", + "version": { + "version_data": [ + { + "version_value": "versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6 and version 7.1.1.11" + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44039", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44039/" - }, - { - "name" : "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Mar/50" - }, - { - "name" : "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities" - }, - { - "name" : "103033", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103033" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103033", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103033" + }, + { + "name": "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Mar/50" + }, + { + "name": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities" + }, + { + "name": "44039", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44039/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1349.json b/2018/1xxx/CVE-2018-1349.json index 813f51b0e43..dab6d2dcb1e 100644 --- a/2018/1xxx/CVE-2018-1349.json +++ b/2018/1xxx/CVE-2018-1349.json @@ -1,95 +1,95 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "ID" : "CVE-2018-1349", - "STATE" : "PUBLIC", - "TITLE" : "NetIQ Identity Manager Driver Component Log File Information Leakage " - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Identity Manager", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "Prior to 4.7", - "version_value" : "4.7" - } - ] - } - } - ] - }, - "vendor_name" : "NetIQ" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "LOCAL", - "availabilityImpact" : "NONE", - "baseScore" : 2.3, - "baseSeverity" : "LOW", - "confidentialityImpact" : "LOW", - "integrityImpact" : "NONE", - "privilegesRequired" : "HIGH", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration." - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2018-1349", + "STATE": "PUBLIC", + "TITLE": "NetIQ Identity Manager Driver Component Log File Information Leakage " + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Identity Manager", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "Prior to 4.7", + "version_value": "4.7" + } + ] + } + } + ] + }, + "vendor_name": "NetIQ" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html", - "refsource" : "CONFIRM", - "url" : "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html" - }, - { - "name" : "103531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103531" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "Upgrade to NetIQ Identity Manager 4.7" - } - ], - "source" : { - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 2.3, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html", + "refsource": "CONFIRM", + "url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html" + }, + { + "name": "103531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103531" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to NetIQ Identity Manager 4.7" + } + ], + "source": { + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1480.json b/2018/1xxx/CVE-2018-1480.json index 05fc18e9d4c..2be7cf31fff 100644 --- a/2018/1xxx/CVE-2018-1480.json +++ b/2018/1xxx/CVE-2018-1480.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-12-10T00:00:00", - "ID" : "CVE-2018-1480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BigFix Platform", - "version" : { - "version_data" : [ - { - "version_value" : "9.5.9" - }, - { - "version_value" : "9.2.0" - }, - { - "version_value" : "9.2.14" - }, - { - "version_value" : "9.5.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the 'HttpOnly' attribute on authorization tokens or session cookies. If a Cross-Site Scripting vulnerability also existed attackers may be able to get the cookie values via malicious JavaScript and then hijack the user session. IBM X-Force ID: 140762." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "H", - "AV" : "N", - "C" : "L", - "I" : "N", - "PR" : "N", - "S" : "C", - "SCORE" : "4.000", - "UI" : "N" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-12-10T00:00:00", + "ID": "CVE-2018-1480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BigFix Platform", + "version": { + "version_data": [ + { + "version_value": "9.5.9" + }, + { + "version_value": "9.2.0" + }, + { + "version_value": "9.2.14" + }, + { + "version_value": "9.5.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605" - }, - { - "name" : "ibm-bigfix-cve20181480-xss(140762)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140762" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the 'HttpOnly' attribute on authorization tokens or session cookies. If a Cross-Site Scripting vulnerability also existed attackers may be able to get the cookie values via malicious JavaScript and then hijack the user session. IBM X-Force ID: 140762." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "H", + "AV": "N", + "C": "L", + "I": "N", + "PR": "N", + "S": "C", + "SCORE": "4.000", + "UI": "N" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-bigfix-cve20181480-xss(140762)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140762" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10733605", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10733605" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1767.json b/2018/1xxx/CVE-2018-1767.json index d8cd7701d60..69698039cd3 100644 --- a/2018/1xxx/CVE-2018-1767.json +++ b/2018/1xxx/CVE-2018-1767.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-10-25T00:00:00", - "ID" : "CVE-2018-1767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Application Server", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.5" - }, - { - "version_value" : "9.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148621." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "N", - "S" : "C", - "SCORE" : "6.100", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-10-25T00:00:00", + "ID": "CVE-2018-1767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Application Server", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.5" + }, + { + "version_value": "9.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10729547", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10729547" - }, - { - "name" : "1041983", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041983" - }, - { - "name" : "ibm-websphere-cve20181767-xss(148621)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148621." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "N", + "S": "C", + "SCORE": "6.100", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-websphere-cve20181767-xss(148621)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148621" + }, + { + "name": "1041983", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041983" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10729547", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10729547" + } + ] + } +} \ No newline at end of file