diff --git a/2008/0xxx/CVE-2008-0462.json b/2008/0xxx/CVE-2008-0462.json index bb7f044d48a..848ac67ce29 100644 --- a/2008/0xxx/CVE-2008-0462.json +++ b/2008/0xxx/CVE-2008-0462.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Archive 5.x before 5.x-1.8 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/213478", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/213478" - }, - { - "name" : "27436", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27436" - }, - { - "name" : "ADV-2008-0278", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0278" - }, - { - "name" : "28632", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28632" - }, - { - "name" : "drupal-archive-unspecified-xss(39898)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Archive 5.x before 5.x-1.8 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/213478", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/213478" + }, + { + "name": "drupal-archive-unspecified-xss(39898)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39898" + }, + { + "name": "ADV-2008-0278", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0278" + }, + { + "name": "28632", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28632" + }, + { + "name": "27436", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27436" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0471.json b/2008/0xxx/CVE-2008-0471.json index 9a3a279b4c6..4bc524418c0 100644 --- a/2008/0xxx/CVE-2008-0471.json +++ b/2008/0xxx/CVE-2008-0471.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080123 phpBB 2.0.22 Remote PM Delete XSRF Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487004/100/0/threaded" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463589", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463589" - }, - { - "name" : "DSA-1488", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1488" - }, - { - "name" : "28630", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28630" - }, - { - "name" : "28871", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28871" - }, - { - "name" : "3585", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28871", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28871" + }, + { + "name": "3585", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3585" + }, + { + "name": "DSA-1488", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1488" + }, + { + "name": "28630", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28630" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463589", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463589" + }, + { + "name": "20080123 phpBB 2.0.22 Remote PM Delete XSRF Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487004/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0517.json b/2008/0xxx/CVE-2008-0517.json index a2d92dd8036..f190c36f9fd 100644 --- a/2008/0xxx/CVE-2008-0517.json +++ b/2008/0xxx/CVE-2008-0517.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5016", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5016" - }, - { - "name" : "27520", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27520" - }, - { - "name" : "ADV-2008-0362", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0362" - }, - { - "name" : "estateagent-index-sql-injection(40060)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "estateagent-index-sql-injection(40060)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40060" + }, + { + "name": "27520", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27520" + }, + { + "name": "5016", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5016" + }, + { + "name": "ADV-2008-0362", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0362" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0711.json b/2008/0xxx/CVE-2008-0711.json index cbc6e502810..6991437fcdf 100644 --- a/2008/0xxx/CVE-2008-0711.json +++ b/2008/0xxx/CVE-2008-0711.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the embedded management console in HP iLO-2 Management Processors (iLO-2 MP), as used in Integrity Servers rx2660, rx3600, and rx6600, and Integrity Blade Server model bl860c, allows remote attackers to cause a denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02327", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=120766789901792&w=2" - }, - { - "name" : "SSRT071455", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=120766789901792&w=2" - }, - { - "name" : "28673", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28673" - }, - { - "name" : "ADV-2008-1132", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1132/references" - }, - { - "name" : "1019795", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019795" - }, - { - "name" : "29718", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29718" - }, - { - "name" : "3804", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3804" - }, - { - "name" : "hp-integrityserver-ilo2mp-console-dos(41696)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the embedded management console in HP iLO-2 Management Processors (iLO-2 MP), as used in Integrity Servers rx2660, rx3600, and rx6600, and Integrity Blade Server model bl860c, allows remote attackers to cause a denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMA02327", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=120766789901792&w=2" + }, + { + "name": "3804", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3804" + }, + { + "name": "ADV-2008-1132", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1132/references" + }, + { + "name": "hp-integrityserver-ilo2mp-console-dos(41696)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41696" + }, + { + "name": "29718", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29718" + }, + { + "name": "1019795", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019795" + }, + { + "name": "SSRT071455", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=120766789901792&w=2" + }, + { + "name": "28673", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28673" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0846.json b/2008/0xxx/CVE-2008-0846.json index 68125d54b9d..57dde1ee308 100644 --- a/2008/0xxx/CVE-2008-0846.json +++ b/2008/0xxx/CVE-2008-0846.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080216 joomla SQL Injection(com_profile)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=120335361520072&w=2" - }, - { - "name" : "27851", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080216 joomla SQL Injection(com_profile)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=120335361520072&w=2" + }, + { + "name": "27851", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27851" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0945.json b/2008/0xxx/CVE-2008-0945.json index cf8c043c901..ca832255ea1 100644 --- a/2008/0xxx/CVE-2008-0945.json +++ b/2008/0xxx/CVE-2008-0945.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080207 Multiple vulnerabilities in Ipswitch Instant Messaging 2.0.8.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487748/100/200/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/ipsimene-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/ipsimene-adv.txt" - }, - { - "name" : "http://aluigi.org/poc/ipsimene.zip", - "refsource" : "MISC", - "url" : "http://aluigi.org/poc/ipsimene.zip" - }, - { - "name" : "27677", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27677" - }, - { - "name" : "28824", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28824" - }, - { - "name" : "3697", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/ipsimene-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/ipsimene-adv.txt" + }, + { + "name": "20080207 Multiple vulnerabilities in Ipswitch Instant Messaging 2.0.8.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487748/100/200/threaded" + }, + { + "name": "27677", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27677" + }, + { + "name": "3697", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3697" + }, + { + "name": "http://aluigi.org/poc/ipsimene.zip", + "refsource": "MISC", + "url": "http://aluigi.org/poc/ipsimene.zip" + }, + { + "name": "28824", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28824" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1323.json b/2008/1xxx/CVE-2008-1323.json index bbc8fbe8a40..5766cd42be1 100644 --- a/2008/1xxx/CVE-2008-1323.json +++ b/2008/1xxx/CVE-2008-1323.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1323", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board Lite (wBB) 2 Beta 1 allows remote attackers to delete threads as other users via the ThreadDelete action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080308 WoltLab Burning Board Lite 2 Beta 1 Thread Delete CSRF Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489294/100/0/threaded" - }, - { - "name" : "3739", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3739" - }, - { - "name" : "woltlabburningboard-index-csrf(41098)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board Lite (wBB) 2 Beta 1 allows remote attackers to delete threads as other users via the ThreadDelete action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080308 WoltLab Burning Board Lite 2 Beta 1 Thread Delete CSRF Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489294/100/0/threaded" + }, + { + "name": "woltlabburningboard-index-csrf(41098)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41098" + }, + { + "name": "3739", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3739" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1474.json b/2008/1xxx/CVE-2008-1474.json index 4feb26c5096..7906aa7ab97 100644 --- a/2008/1xxx/CVE-2008-1474.json +++ b/2008/1xxx/CVE-2008-1474.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=436546", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=436546" - }, - { - "name" : "http://roundup.cvs.sourceforge.net/roundup/roundup/CHANGES.txt?revision=1.939&view=markup", - "refsource" : "CONFIRM", - "url" : "http://roundup.cvs.sourceforge.net/roundup/roundup/CHANGES.txt?revision=1.939&view=markup" - }, - { - "name" : "DSA-1554", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1554" - }, - { - "name" : "FEDORA-2008-2370", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html" - }, - { - "name" : "FEDORA-2008-2471", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html" - }, - { - "name" : "GLSA-200805-21", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200805-21.xml" - }, - { - "name" : "28239", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28239" - }, - { - "name" : "ADV-2008-0891", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0891" - }, - { - "name" : "29336", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29336" - }, - { - "name" : "29375", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29375" - }, - { - "name" : "29848", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29848" - }, - { - "name" : "30274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30274" - }, - { - "name" : "roundup-multiple-unspecified(41241)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29848", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29848" + }, + { + "name": "30274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30274" + }, + { + "name": "GLSA-200805-21", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200805-21.xml" + }, + { + "name": "28239", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28239" + }, + { + "name": "29336", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29336" + }, + { + "name": "FEDORA-2008-2471", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html" + }, + { + "name": "DSA-1554", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1554" + }, + { + "name": "roundup-multiple-unspecified(41241)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41241" + }, + { + "name": "http://roundup.cvs.sourceforge.net/roundup/roundup/CHANGES.txt?revision=1.939&view=markup", + "refsource": "CONFIRM", + "url": "http://roundup.cvs.sourceforge.net/roundup/roundup/CHANGES.txt?revision=1.939&view=markup" + }, + { + "name": "FEDORA-2008-2370", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html" + }, + { + "name": "29375", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29375" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=436546", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436546" + }, + { + "name": "ADV-2008-0891", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0891" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1510.json b/2008/1xxx/CVE-2008-1510.json index c9f8bfd528f..38a687787d4 100644 --- a/2008/1xxx/CVE-2008-1510.json +++ b/2008/1xxx/CVE-2008-1510.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in system/workplace/admin/accounts/users_list.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) searchfilter or (2) listSearchFilter parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080323 Alkacon OpenCms users_list.jsp searchfilter XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489984/100/0/threaded" - }, - { - "name" : "28411", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28411" - }, - { - "name" : "3777", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3777" - }, - { - "name" : "opencms-userslist-xss(41390)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41390" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in system/workplace/admin/accounts/users_list.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) searchfilter or (2) listSearchFilter parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28411", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28411" + }, + { + "name": "3777", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3777" + }, + { + "name": "opencms-userslist-xss(41390)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41390" + }, + { + "name": "20080323 Alkacon OpenCms users_list.jsp searchfilter XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489984/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1831.json b/2008/1xxx/CVE-2008-1831.json index b13447a5ad2..45ad6fd13ff 100644 --- a/2008/1xxx/CVE-2008-1831.json +++ b/2008/1xxx/CVE-2008-1831.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the Siebel SimBuilder component in Oracle Siebel Enterprise 7.8.2 and 7.8.5 have unknown impact and remote or local attack vectors, aka (1) SEBL01, (2) SEBL02, (3) SEBL03, (4) SEBL04, (5) SEBL05, and (6) SEBL06." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/491024/100/0/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/491024/100/0/threaded" - }, - { - "name" : "ADV-2008-1233", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1233/references" - }, - { - "name" : "ADV-2008-1267", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1267/references" - }, - { - "name" : "1019855", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019855" - }, - { - "name" : "29874", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29874" - }, - { - "name" : "29829", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29829" - }, - { - "name" : "oracle-cpu-april-2008(41858)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41858" - }, - { - "name" : "oracle-siebel-simbuilder-unspecified(42068)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42068" - }, - { - "name" : "oracle-siebel-simbuilder-unspecified2(42069)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42069" - }, - { - "name" : "oracle-siebel-simbuilder-unspecified3(42070)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42070" - }, - { - "name" : "oracle-siebel-simbuilder-unspecified4(42071)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42071" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the Siebel SimBuilder component in Oracle Siebel Enterprise 7.8.2 and 7.8.5 have unknown impact and remote or local attack vectors, aka (1) SEBL01, (2) SEBL02, (3) SEBL03, (4) SEBL04, (5) SEBL05, and (6) SEBL06." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-cpu-april-2008(41858)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41858" + }, + { + "name": "ADV-2008-1267", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1267/references" + }, + { + "name": "ADV-2008-1233", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1233/references" + }, + { + "name": "1019855", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019855" + }, + { + "name": "29829", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29829" + }, + { + "name": "oracle-siebel-simbuilder-unspecified3(42070)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42070" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html" + }, + { + "name": "29874", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29874" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded" + }, + { + "name": "oracle-siebel-simbuilder-unspecified2(42069)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42069" + }, + { + "name": "oracle-siebel-simbuilder-unspecified4(42071)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42071" + }, + { + "name": "oracle-siebel-simbuilder-unspecified(42068)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42068" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3798.json b/2008/3xxx/CVE-2008-3798.json index b4e9f8fd955..9418dc053da 100644 --- a/2008/3xxx/CVE-2008-3798.json +++ b/2008/3xxx/CVE-2008-3798.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 12.4 allows remote attackers to cause a denial of service (device crash) via a normal, properly formed SSL packet that occurs during termination of an SSL session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2008-3798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080924 Vulnerability in Cisco IOS While Processing SSL Packet", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0146c.shtml" - }, - { - "name" : "oval:org.mitre.oval:def:6087", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6087" - }, - { - "name" : "1020930", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020930" - }, - { - "name" : "ADV-2008-2670", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2670" - }, - { - "name" : "31990", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31990" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 12.4 allows remote attackers to cause a denial of service (device crash) via a normal, properly formed SSL packet that occurs during termination of an SSL session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31990", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31990" + }, + { + "name": "oval:org.mitre.oval:def:6087", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6087" + }, + { + "name": "ADV-2008-2670", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2670" + }, + { + "name": "1020930", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020930" + }, + { + "name": "20080924 Vulnerability in Cisco IOS While Processing SSL Packet", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0146c.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3902.json b/2008/3xxx/CVE-2008-3902.json index 0a5e69e884e..a7567d0fb94 100644 --- a/2008/3xxx/CVE-2008-3902.json +++ b/2008/3xxx/CVE-2008-3902.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP firmware 68DTT F.0D stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer, aka SSRT080104." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080825 [IVIZ-08-002] Hewlett-Packard BIOS Plain Text Password Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495800/100/0/threaded" - }, - { - "name" : "http://www.ivizsecurity.com/preboot-patch.html", - "refsource" : "MISC", - "url" : "http://www.ivizsecurity.com/preboot-patch.html" - }, - { - "name" : "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf", - "refsource" : "MISC", - "url" : "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf" - }, - { - "name" : "4214", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP firmware 68DTT F.0D stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer, aka SSRT080104." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ivizsecurity.com/preboot-patch.html", + "refsource": "MISC", + "url": "http://www.ivizsecurity.com/preboot-patch.html" + }, + { + "name": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf", + "refsource": "MISC", + "url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf" + }, + { + "name": "4214", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4214" + }, + { + "name": "20080825 [IVIZ-08-002] Hewlett-Packard BIOS Plain Text Password Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495800/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4345.json b/2008/4xxx/CVE-2008-4345.json index 10ae7f62880..fe1bab8eafb 100644 --- a/2008/4xxx/CVE-2008-4345.json +++ b/2008/4xxx/CVE-2008-4345.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6443", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6443" - }, - { - "name" : "31156", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31156" - }, - { - "name" : "31784", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31784" - }, - { - "name" : "ADV-2008-2560", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2560" - }, - { - "name" : "webportalcms-download-sql-injection(45113)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6443", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6443" + }, + { + "name": "webportalcms-download-sql-injection(45113)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45113" + }, + { + "name": "31784", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31784" + }, + { + "name": "ADV-2008-2560", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2560" + }, + { + "name": "31156", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31156" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4919.json b/2008/4xxx/CVE-2008-4919.json index 15b9dd45d89..8095b1601f9 100644 --- a/2008/4xxx/CVE-2008-4919.json +++ b/2008/4xxx/CVE-2008-4919.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ActiveX control (VSPDFViewerX.ocx) 3.0.990.0 allows remote attackers to overwrite arbitrary files via a full pathname to the savePageAsBitmap method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6875", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6875" - }, - { - "name" : "31984", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31984" - }, - { - "name" : "32426", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32426" - }, - { - "name" : "4558", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4558" - }, - { - "name" : "expertpdfviewerx-activex-file-overwrite(46218)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ActiveX control (VSPDFViewerX.ocx) 3.0.990.0 allows remote attackers to overwrite arbitrary files via a full pathname to the savePageAsBitmap method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31984", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31984" + }, + { + "name": "32426", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32426" + }, + { + "name": "6875", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6875" + }, + { + "name": "4558", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4558" + }, + { + "name": "expertpdfviewerx-activex-file-overwrite(46218)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46218" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4965.json b/2008/4xxx/CVE-2008-4965.json index 2121a5684c6..d67675a49cc 100644 --- a/2008/4xxx/CVE-2008-4965.json +++ b/2008/4xxx/CVE-2008-4965.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4965", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/liguidsoap.liq, (2) /tmp/lig.#####.log, and (3) /tmp/emission.ogg temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4965", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2" - }, - { - "name" : "http://uvw.ru/report.lenny.txt", - "refsource" : "MISC", - "url" : "http://uvw.ru/report.lenny.txt" - }, - { - "name" : "http://bugs.debian.org/496360", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/496360" - }, - { - "name" : "http://dev.gentoo.org/~rbu/security/debiantemp/liguidsoap", - "refsource" : "CONFIRM", - "url" : "http://dev.gentoo.org/~rbu/security/debiantemp/liguidsoap" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770" - }, - { - "name" : "30912", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30912" - }, - { - "name" : "liquidsoap-liquidsoap-symlink(44827)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44827" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/liguidsoap.liq, (2) /tmp/lig.#####.log, and (3) /tmp/emission.ogg temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=235770", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770" + }, + { + "name": "http://dev.gentoo.org/~rbu/security/debiantemp/liguidsoap", + "refsource": "CONFIRM", + "url": "http://dev.gentoo.org/~rbu/security/debiantemp/liguidsoap" + }, + { + "name": "30912", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30912" + }, + { + "name": "liquidsoap-liquidsoap-symlink(44827)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44827" + }, + { + "name": "http://uvw.ru/report.lenny.txt", + "refsource": "MISC", + "url": "http://uvw.ru/report.lenny.txt" + }, + { + "name": "http://bugs.debian.org/496360", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/496360" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2695.json b/2013/2xxx/CVE-2013-2695.json index a96093de340..d950fb4130f 100644 --- a/2013/2xxx/CVE-2013-2695.json +++ b/2013/2xxx/CVE-2013-2695.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in invite.php in the WP Symposium plugin before 13.04 for WordPress allows remote attackers to inject arbitrary web script or HTML via the u parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2013-2695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "92275", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/92275" - }, - { - "name" : "52864", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52864" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in invite.php in the WP Symposium plugin before 13.04 for WordPress allows remote attackers to inject arbitrary web script or HTML via the u parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92275", + "refsource": "OSVDB", + "url": "http://osvdb.org/92275" + }, + { + "name": "52864", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52864" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2870.json b/2013/2xxx/CVE-2013-2870.json index a6bcded2671..dd5fa19500a 100644 --- a/2013/2xxx/CVE-2013-2870.json +++ b/2013/2xxx/CVE-2013-2870.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=2b0ff6d8a832f4fe5c187b17342b56675fbf7b96", - "refsource" : "CONFIRM", - "url" : "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=2b0ff6d8a832f4fe5c187b17342b56675fbf7b96" - }, - { - "name" : "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=5449227016f44d7c023b28a697ada40064c681a6", - "refsource" : "CONFIRM", - "url" : "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=5449227016f44d7c023b28a697ada40064c681a6" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=242762", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=242762" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=244746", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=244746" - }, - { - "name" : "DSA-2724", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2724" - }, - { - "name" : "oval:org.mitre.oval:def:16723", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=2b0ff6d8a832f4fe5c187b17342b56675fbf7b96", + "refsource": "CONFIRM", + "url": "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=2b0ff6d8a832f4fe5c187b17342b56675fbf7b96" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=244746", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=244746" + }, + { + "name": "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=5449227016f44d7c023b28a697ada40064c681a6", + "refsource": "CONFIRM", + "url": "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=5449227016f44d7c023b28a697ada40064c681a6" + }, + { + "name": "oval:org.mitre.oval:def:16723", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16723" + }, + { + "name": "DSA-2724", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2724" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=242762", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=242762" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3183.json b/2013/3xxx/CVE-2013-3183.json index 64717c2c243..e0dac165c15 100644 --- a/2013/3xxx/CVE-2013-3183.json +++ b/2013/3xxx/CVE-2013-3183.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly perform memory allocation for inbound ICMPv6 packets, which allows remote attackers to cause a denial of service (system hang) via crafted packets, aka \"ICMPv6 Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-065", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-065" - }, - { - "name" : "TA13-225A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-225A" - }, - { - "name" : "oval:org.mitre.oval:def:17918", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17918" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly perform memory allocation for inbound ICMPv6 packets, which allows remote attackers to cause a denial of service (system hang) via crafted packets, aka \"ICMPv6 Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA13-225A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-225A" + }, + { + "name": "oval:org.mitre.oval:def:17918", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17918" + }, + { + "name": "MS13-065", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-065" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3489.json b/2013/3xxx/CVE-2013-3489.json index 88041fd6f07..cfe1344d1ed 100644 --- a/2013/3xxx/CVE-2013-3489.json +++ b/2013/3xxx/CVE-2013-3489.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3489", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3489", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3675.json b/2013/3xxx/CVE-2013-3675.json index 56b95dbee3f..b274ad9f3ae 100644 --- a/2013/3xxx/CVE-2013-3675.json +++ b/2013/3xxx/CVE-2013-3675.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The process_frame_obj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) via crafted LucasArts Smush video data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/security.html" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=524d0d2cfc7bab1b348f85e7c0369859e63781cf", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=524d0d2cfc7bab1b348f85e7c0369859e63781cf" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=9dd04f6d8cdd1c10c28b2cb4252c1a41df581915", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=9dd04f6d8cdd1c10c28b2cb4252c1a41df581915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The process_frame_obj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) via crafted LucasArts Smush video data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=524d0d2cfc7bab1b348f85e7c0369859e63781cf", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=524d0d2cfc7bab1b348f85e7c0369859e63781cf" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=9dd04f6d8cdd1c10c28b2cb4252c1a41df581915", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=9dd04f6d8cdd1c10c28b2cb4252c1a41df581915" + }, + { + "name": "http://ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/security.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3976.json b/2013/3xxx/CVE-2013-3976.json index ccd8ccafa03..24925a217c5 100644 --- a/2013/3xxx/CVE-2013-3976.json +++ b/2013/3xxx/CVE-2013-3976.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not properly constrain mailbox contents during certain PST restore operations, which allows remote authenticated users to read the personal e-mail of other users in opportunistic circumstances by launching an e-mail client after an administrator performs a multiple-mailbox restore." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-3976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644407", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644407" - }, - { - "name" : "IC81223", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81223" - }, - { - "name" : "tsm-cve20133976-info-disclosure(84881)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84881" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not properly constrain mailbox contents during certain PST restore operations, which allows remote authenticated users to read the personal e-mail of other users in opportunistic circumstances by launching an e-mail client after an administrator performs a multiple-mailbox restore." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IC81223", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81223" + }, + { + "name": "tsm-cve20133976-info-disclosure(84881)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84881" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644407", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644407" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4533.json b/2013/4xxx/CVE-2013-4533.json index 86dcea57aab..77edcd89ead 100644 --- a/2013/4xxx/CVE-2013-4533.json +++ b/2013/4xxx/CVE-2013-4533.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html" - }, - { - "name" : "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released", - "refsource" : "MLIST", - "url" : "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=caa881abe0e01f9931125a0977ec33c5343e4aa7", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=caa881abe0e01f9931125a0977ec33c5343e4aa7" - }, - { - "name" : "FEDORA-2014-6288", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released", + "refsource": "MLIST", + "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=caa881abe0e01f9931125a0977ec33c5343e4aa7", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=caa881abe0e01f9931125a0977ec33c5343e4aa7" + }, + { + "name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html" + }, + { + "name": "FEDORA-2014-6288", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6544.json b/2013/6xxx/CVE-2013-6544.json index 4edc2cf3ee1..2b1582a8aa1 100644 --- a/2013/6xxx/CVE-2013-6544.json +++ b/2013/6xxx/CVE-2013-6544.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6544", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6544", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6847.json b/2013/6xxx/CVE-2013-6847.json index d7b17bad184..c3236f545a8 100644 --- a/2013/6xxx/CVE-2013-6847.json +++ b/2013/6xxx/CVE-2013-6847.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6847", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6847", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7187.json b/2013/7xxx/CVE-2013-7187.json index 7f4a1a188a9..5dfe3314cd4 100644 --- a/2013/7xxx/CVE-2013-7187.json +++ b/2013/7xxx/CVE-2013-7187.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7187", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7187", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "30002", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/30002" - }, - { - "name" : "http://packetstormsecurity.com/files/124343/wpformcraft-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/124343/wpformcraft-sql.txt" - }, - { - "name" : "64183", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64183" - }, - { - "name" : "56044", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56044" - }, - { - "name" : "formcraft-wpblogheader-sql-injection(89581)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89581" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/124343/wpformcraft-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/124343/wpformcraft-sql.txt" + }, + { + "name": "formcraft-wpblogheader-sql-injection(89581)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89581" + }, + { + "name": "30002", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/30002" + }, + { + "name": "56044", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56044" + }, + { + "name": "64183", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64183" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7274.json b/2013/7xxx/CVE-2013-7274.json index 025223fccd2..fbcfdaa4d5c 100644 --- a/2013/7xxx/CVE-2013-7274.json +++ b/2013/7xxx/CVE-2013-7274.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 allows remote authenticated users to inject arbitrary web script or HTML via the title field in a wallpaper file upload." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "30356", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/30356" - }, - { - "name" : "64480", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64480" - }, - { - "name" : "56205", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56205" - }, - { - "name" : "wallpaperscript-title-xss(89913)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 allows remote authenticated users to inject arbitrary web script or HTML via the title field in a wallpaper file upload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30356", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/30356" + }, + { + "name": "56205", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56205" + }, + { + "name": "64480", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64480" + }, + { + "name": "wallpaperscript-title-xss(89913)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89913" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10097.json b/2017/10xxx/CVE-2017-10097.json index 0dc04eb5826..a9dfa299c6b 100644 --- a/2017/10xxx/CVE-2017-10097.json +++ b/2017/10xxx/CVE-2017-10097.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Reporting and Analytics", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.5.1" - }, - { - "version_affected" : "=", - "version_value" : "9.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Reporting). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Reporting and Analytics", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.5.1" + }, + { + "version_affected": "=", + "version_value": "9.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99679", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99679" - }, - { - "name" : "1038941", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Reporting). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99679", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99679" + }, + { + "name": "1038941", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038941" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10558.json b/2017/10xxx/CVE-2017-10558.json index 14fac142eb2..cfb38bcce6b 100644 --- a/2017/10xxx/CVE-2017-10558.json +++ b/2017/10xxx/CVE-2017-10558.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10558", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10558", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10705.json b/2017/10xxx/CVE-2017-10705.json index e669c78b8b0..60fa5dbfe59 100644 --- a/2017/10xxx/CVE-2017-10705.json +++ b/2017/10xxx/CVE-2017-10705.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10705", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10705", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10793.json b/2017/10xxx/CVE-2017-10793.json index a2c3f34b060..e4c9708dee6 100644 --- a/2017/10xxx/CVE-2017-10793.json +++ b/2017/10xxx/CVE-2017-10793.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is not used, configures an sbdc.ha WAN TCP service on port 61001 with the bdctest account and the bdctest password, which allows remote attackers to obtain sensitive information (such as the Wi-Fi password) by leveraging knowledge of a hardware identifier, related to the Bulk Data Collection (BDC) mechanism defined in Broadband Forum technical reports." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/", - "refsource" : "MISC", - "url" : "https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/" - }, - { - "name" : "https://www.nomotion.net/blog/sharknatto/", - "refsource" : "MISC", - "url" : "https://www.nomotion.net/blog/sharknatto/" - }, - { - "name" : "100585", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is not used, configures an sbdc.ha WAN TCP service on port 61001 with the bdctest account and the bdctest password, which allows remote attackers to obtain sensitive information (such as the Wi-Fi password) by leveraging knowledge of a hardware identifier, related to the Bulk Data Collection (BDC) mechanism defined in Broadband Forum technical reports." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/", + "refsource": "MISC", + "url": "https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/" + }, + { + "name": "100585", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100585" + }, + { + "name": "https://www.nomotion.net/blog/sharknatto/", + "refsource": "MISC", + "url": "https://www.nomotion.net/blog/sharknatto/" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10979.json b/2017/10xxx/CVE-2017-10979.json index 4bf5b5fd266..3f113b04007 100644 --- a/2017/10xxx/CVE-2017-10979.json +++ b/2017/10xxx/CVE-2017-10979.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows \"Write overflow in rad_coalesce()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://freeradius.org/security/fuzzer-2017.html", - "refsource" : "CONFIRM", - "url" : "http://freeradius.org/security/fuzzer-2017.html" - }, - { - "name" : "DSA-3930", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3930" - }, - { - "name" : "RHSA-2017:1759", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1759" - }, - { - "name" : "99901", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99901" - }, - { - "name" : "1038914", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows \"Write overflow in rad_coalesce()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038914", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038914" + }, + { + "name": "RHSA-2017:1759", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1759" + }, + { + "name": "DSA-3930", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3930" + }, + { + "name": "http://freeradius.org/security/fuzzer-2017.html", + "refsource": "CONFIRM", + "url": "http://freeradius.org/security/fuzzer-2017.html" + }, + { + "name": "99901", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99901" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13671.json b/2017/13xxx/CVE-2017-13671.json index eab48530a22..dd7089616db 100644 --- a/2017/13xxx/CVE-2017-13671.json +++ b/2017/13xxx/CVE-2017-13671.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/MISP/MISP/commit/6eba658d4a648b41b357025d864c19a67412b8aa", - "refsource" : "CONFIRM", - "url" : "https://github.com/MISP/MISP/commit/6eba658d4a648b41b357025d864c19a67412b8aa" - }, - { - "name" : "100533", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100533" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100533", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100533" + }, + { + "name": "https://github.com/MISP/MISP/commit/6eba658d4a648b41b357025d864c19a67412b8aa", + "refsource": "CONFIRM", + "url": "https://github.com/MISP/MISP/commit/6eba658d4a648b41b357025d864c19a67412b8aa" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14046.json b/2017/14xxx/CVE-2017-14046.json index 8a01977189a..6307ef4cf16 100644 --- a/2017/14xxx/CVE-2017-14046.json +++ b/2017/14xxx/CVE-2017-14046.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14046", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14046", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14083.json b/2017/14xxx/CVE-2017-14083.json index e2ac26be3ff..d3625584b38 100644 --- a/2017/14xxx/CVE-2017-14083.json +++ b/2017/14xxx/CVE-2017-14083.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2017-14083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro OfficeScan", - "version" : { - "version_data" : [ - { - "version_value" : "11.0, XG (12.0)" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Unauthorized Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2017-14083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro OfficeScan", + "version": { + "version_data": [ + { + "version_value": "11.0, XG (12.0)" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170929 Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Encryption Key Disclosure CVE-2017-14083 (apparitionsec / hyp3rlinx)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/541273/100/0/threaded" - }, - { - "name" : "42889", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42889/" - }, - { - "name" : "20170929 Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Encryption Key Disclosure CVE-2017-14083", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Sep/90" - }, - { - "name" : "http://hyp3rlinx.altervista.org/advisories/CVE-2017-14083-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-REMOTE-ENCRYPTION-KEY-DISCLOSURE.txt", - "refsource" : "MISC", - "url" : "http://hyp3rlinx.altervista.org/advisories/CVE-2017-14083-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-REMOTE-ENCRYPTION-KEY-DISCLOSURE.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/144398/TrendMicro-OfficeScan-11.0-XG-12.0-Encryption-Key-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/144398/TrendMicro-OfficeScan-11.0-XG-12.0-Encryption-Key-Disclosure.html" - }, - { - "name" : "https://success.trendmicro.com/solution/1118372", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1118372" - }, - { - "name" : "101076", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101076" - }, - { - "name" : "1039500", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthorized Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://success.trendmicro.com/solution/1118372", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1118372" + }, + { + "name": "20170929 Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Encryption Key Disclosure CVE-2017-14083", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Sep/90" + }, + { + "name": "20170929 Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Encryption Key Disclosure CVE-2017-14083 (apparitionsec / hyp3rlinx)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/541273/100/0/threaded" + }, + { + "name": "http://hyp3rlinx.altervista.org/advisories/CVE-2017-14083-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-REMOTE-ENCRYPTION-KEY-DISCLOSURE.txt", + "refsource": "MISC", + "url": "http://hyp3rlinx.altervista.org/advisories/CVE-2017-14083-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-REMOTE-ENCRYPTION-KEY-DISCLOSURE.txt" + }, + { + "name": "42889", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42889/" + }, + { + "name": "http://packetstormsecurity.com/files/144398/TrendMicro-OfficeScan-11.0-XG-12.0-Encryption-Key-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/144398/TrendMicro-OfficeScan-11.0-XG-12.0-Encryption-Key-Disclosure.html" + }, + { + "name": "1039500", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039500" + }, + { + "name": "101076", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101076" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14358.json b/2017/14xxx/CVE-2017-14358.json index e3d3876719d..445e6631d20 100644 --- a/2017/14xxx/CVE-2017-14358.json +++ b/2017/14xxx/CVE-2017-14358.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "DATE_PUBLIC" : "2017-10-30T00:00:00", - "ID" : "CVE-2017-14358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HP ArcSight ESM", - "version" : { - "version_data" : [ - { - "version_value" : "Any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1" - } - ] - } - }, - { - "product_name" : "HP ArcSight ESM Express", - "version" : { - "version_data" : [ - { - "version_value" : "Any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1" - } - ] - } - } - ] - }, - "vendor_name" : "Micro Focus" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "URL redirection" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2017-10-30T00:00:00", + "ID": "CVE-2017-14358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HP ArcSight ESM", + "version": { + "version_data": [ + { + "version_value": "Any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1" + } + ] + } + }, + { + "product_name": "HP ArcSight ESM Express", + "version": { + "version_data": [ + { + "version_value": "Any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1" + } + ] + } + } + ] + }, + "vendor_name": "Micro Focus" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://softwaresupport.hpe.com/km/KM02996760", - "refsource" : "CONFIRM", - "url" : "https://softwaresupport.hpe.com/km/KM02996760" - }, - { - "name" : "ESB-2017.2737", - "refsource" : "AUSCERT", - "url" : "https://www.auscert.org.au/bulletins/54166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "URL redirection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://softwaresupport.hpe.com/km/KM02996760", + "refsource": "CONFIRM", + "url": "https://softwaresupport.hpe.com/km/KM02996760" + }, + { + "name": "ESB-2017.2737", + "refsource": "AUSCERT", + "url": "https://www.auscert.org.au/bulletins/54166" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17095.json b/2017/17xxx/CVE-2017-17095.json index 27fefbd4c26..476113304d7 100644 --- a/2017/17xxx/CVE-2017-17095.json +++ b/2017/17xxx/CVE-2017-17095.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43322", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43322/" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2750", - "refsource" : "MISC", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2750" - }, - { - "name" : "http://www.openwall.com/lists/oss-security/2017/11/30/3", - "refsource" : "MISC", - "url" : "http://www.openwall.com/lists/oss-security/2017/11/30/3" - }, - { - "name" : "DSA-4349", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4349" - }, - { - "name" : "USN-3606-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3606-1/" - }, - { - "name" : "102124", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3606-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3606-1/" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2750", + "refsource": "MISC", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2750" + }, + { + "name": "43322", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43322/" + }, + { + "name": "DSA-4349", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4349" + }, + { + "name": "102124", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102124" + }, + { + "name": "http://www.openwall.com/lists/oss-security/2017/11/30/3", + "refsource": "MISC", + "url": "http://www.openwall.com/lists/oss-security/2017/11/30/3" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17119.json b/2017/17xxx/CVE-2017-17119.json index 28f3977a1d6..980d7946aba 100644 --- a/2017/17xxx/CVE-2017-17119.json +++ b/2017/17xxx/CVE-2017-17119.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17119", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17119", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17151.json b/2017/17xxx/CVE-2017-17151.json index bc09d737870..ea5da9ae2a3 100644 --- a/2017/17xxx/CVE-2017-17151.json +++ b/2017/17xxx/CVE-2017-17151.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-17151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "AR100,AR100-S,AR110-S,AR120,AR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR510,DP300,NetEngine16EX,RP200,SRG1300,SRG2300,SRG3300,TE30,TE40,TE50,TE60,TP3106,TP3206,ViewPoint 8660,ViewPoint 9030", - "version" : { - "version_data" : [ - { - "version_value" : "AR100 V200R008C20SPC700, V200R008C20SPC700PWE, V200R008C20SPC800, V200R008C20SPC800PWE, V200R008C30, AR100-S V200R007C00SPCa00, V200R007C00SPCb00, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C20SPC800PWE, V200R008C30, AR110-S V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R008C20SPC800, V200R008C30, AR120 V200R006C10, V200R006C10SPC300, V200R006C10SPC300PWE, V200R007C00, V200R007C00PWE, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC600PWE, V200R007C00SPC900, V200R007C00SPC900PWE, V200R007C00SPCb00, V200R007C00SPCb00PWE, V200R007C01, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, AR120-S V200R006C10, V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCa00, V200R007C00SPCb00, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, AR1200 V200R006C10, V200R006C10PWE, V200R006C10SPC030, V200R006C10SPC300, V200R006C10SPC300PWE, V200R006C10SPC600, V200R006C13, V200R007C00, V200R007C00PWE, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC600PWE, V200R007C00SPC900, V200R007C00SPC900PWE, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCb00PWE, V200R007C01, V200R007C02, V200R008C20, V200R008C20SPC600, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, AR1200-S V200R006C10, V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C20SPC800PWE, V200R008C30, AR150 V200R006C10, V200R006C10PWE, V200R006C10SPC300, V200R006C10SPC300PWE, V200R007C00, V200R007C00PWE, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC600PWE, V200R007C00SPC900, V200R007C00SPC900PWE, V200R007C00SPCb00, V200R007C00SPCb00PWE, V200R007C01, V200R007C02, V200R007C02PWE, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, AR160 V200R006C10, V200R006C10PWE, V200R006C10SPC100, V200R006C10SPC200, V200R006C10SPC300, V200R006C10SPC300PWE, V200R006C10SPC600, V200R006C12, V200R007C00, V200R007C00PWE, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC500, V200R007C00SPC600, V200R007C00SPC600PWE, V200R007C00SPC900, V200R007C00SPC900PWE, V200R007C00SPCb00, V200R007C00SPCb00PWE, V200R007C01, V200R007C02, V200R008C20, V200R008C20SPC500T, V200R008C20SPC501T, V200R008C20SPC600, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, V200R008C30SPC100, AR200 V200R006C10, V200R006C10PWE, V200R006C10SPC100, V200R006C10SPC300, V200R006C10SPC300PWE, V200R007C00, V200R007C00PWE, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC600PWE, V200R007C00SPC900, V200R007C00SPC900PWE, V200R007C00SPCb00, V200R007C00SPCb00PWE, V200R007C01, V200R008C20, V200R008C20SPC600, V200R008C20SPC700, V200R008C20SPC800, V200R008C20SPC900, V200R008C20SPC900PWE, V200R008C30, AR200-S V200R006C10, V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, AR2200 V200R006C10, V200R006C10PWE, V200R006C10SPC300, V200R006C10SPC300PWE, V200R006C10SPC600, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C00PWE, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC500, V200R007C00SPC600, V200R007C00SPC600PWE, V200R007C00SPC900, V200R007C00SPC900PWE, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCb00PWE, V200R007C01, V200R007C02, V200R008C20, V200R008C20SPC600, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, AR2200-S V200R006C10, V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C20SPC800PWE, V200R008C30, AR3200 V200R006C10, V200R006C10PWE, V200R006C10SPC100, V200R006C10SPC200, V200R006C10SPC300, V200R006C10SPC300PWE, V200R006C10SPC600, V200R006C11, V200R007C00, V200R007C00PWE, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC500, V200R007C00SPC510T, V200R007C00SPC600, V200R007C00SPC600PWE, V200R007C00SPC900, V200R007C00SPC900PWE, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCb00PWE, V200R007C00SPCc00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C20B560, V200R008C20B570, V200R008C20B580, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, V200R008C30B010, V200R008C30B020, V200R008C30B030, V200R008C30B050, V200R008C30B060, V200R008C30B070, V200R008C30B080, V200R008C30SPC067T, AR510 V200R006C10, V200R006C10PWE, V200R006C10SPC200, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R008C20, V200R008C30, DP300 V500R002C00, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, NetEngine16EX V200R006C10, V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, RP200 V500R002C00SPC200, SRG1300 V200R006C10, V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R008C20, V200R008C30, TE30 V100R001C02SPC100, V100R001C02SPC200, V100R001C10, V100R001C10SPC100, V100R001C10SPC300, V100R001C10SPC600, V100R001C10SPC800, V500R002C00SPC200, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, TE40 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE50 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, TE60 V100R001C01SPC100, V100R001C10, V100R001C10B010, V100R001C10SPC300, V100R001C10SPC400, V100R001C10SPC502T, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800, V100R001C10SPC900, V500R002C00, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V600R006C00, TP3106 V100R001C06B020, V100R002C00, V100R002C00B026, V100R002C00B027, V100R002C00B028, V100R002C00B029, V100R002C00SPC100B022, V100R002C00SPC100B022SP01, V100R002C00SPC100B023, V100R002C00SPC100B024, V100R002C00SPC100B025, V100R002C00SPC101T, V100R002C00SPC200, V100R002C00SPC400, V100R002C00SPC600, V100R002C00T, TP3206 V100R002C00, V100R002C00SPC200, V100R002C00SPC400, V100R002C00SPC600, ViewPoint 8660 V100R008C03B013SP02, V100R008C03B013SP03, V100R008C03B013SP04, V100R008C03SPC100, V100R008C03SPC100B010, V100R008C03SPC100B011, V100R008C03SPC200, V100R008C03SPC200T, V100R008C03SPC300, V100R008C03SPC400, V100R008C03SPC500, V100R008C03SPC600, V100R008C03SPC600T, V100R008C03SPC700, V100R008C03SPC800, V100R008C03SPC900, V100R008C03SPCa00, V100R008C03SPCb00, V100R008C03SPCc00, ViewPoint 9030 V100R011C02SPC100, V100R011C02SPC100B010, V100R011C03B012SP15, V100R011C03B012SP16, V100R011C03B015SP03, V100R011C03LGWL01SPC100, V100R011C03LGWL01SPC100B012, V100R011C03SPC100, V100R011C03SPC100B010, V100R011C03SPC100B011, V100R011C03SPC100B012, V100R011C03SPC200, V100R011C03SPC300, V100R011C03SPC400, V100R011C03SPC500, ," - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei AR100, AR100-S, AR110-S, AR120, AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR510, DP300, NetEngine16EX, RP200, SRG1300, SRG2300, SRG3300, TE30, TE40, TE50, TE60, TP3106, TP3206, ViewPoint 8660, and ViewPoint 9030 have an insufficient validation vulnerability. Since packet validation is insufficient, an unauthenticated attacker may send special H323 packets to exploit the vulnerability. Successful exploit could allow the attacker to send malicious packets and result in DOS attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Input Validation?" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-17151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AR100,AR100-S,AR110-S,AR120,AR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR510,DP300,NetEngine16EX,RP200,SRG1300,SRG2300,SRG3300,TE30,TE40,TE50,TE60,TP3106,TP3206,ViewPoint 8660,ViewPoint 9030", + "version": { + "version_data": [ + { + "version_value": "AR100 V200R008C20SPC700, V200R008C20SPC700PWE, V200R008C20SPC800, V200R008C20SPC800PWE, V200R008C30, AR100-S V200R007C00SPCa00, V200R007C00SPCb00, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C20SPC800PWE, V200R008C30, AR110-S V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R008C20SPC800, V200R008C30, AR120 V200R006C10, V200R006C10SPC300, V200R006C10SPC300PWE, V200R007C00, V200R007C00PWE, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC600PWE, V200R007C00SPC900, V200R007C00SPC900PWE, V200R007C00SPCb00, V200R007C00SPCb00PWE, V200R007C01, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, AR120-S V200R006C10, V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCa00, V200R007C00SPCb00, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, AR1200 V200R006C10, V200R006C10PWE, V200R006C10SPC030, V200R006C10SPC300, V200R006C10SPC300PWE, V200R006C10SPC600, V200R006C13, V200R007C00, V200R007C00PWE, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC600PWE, V200R007C00SPC900, V200R007C00SPC900PWE, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCb00PWE, V200R007C01, V200R007C02, V200R008C20, V200R008C20SPC600, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, AR1200-S V200R006C10, V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C20SPC800PWE, V200R008C30, AR150 V200R006C10, V200R006C10PWE, V200R006C10SPC300, V200R006C10SPC300PWE, V200R007C00, V200R007C00PWE, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC600PWE, V200R007C00SPC900, V200R007C00SPC900PWE, V200R007C00SPCb00, V200R007C00SPCb00PWE, V200R007C01, V200R007C02, V200R007C02PWE, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, AR160 V200R006C10, V200R006C10PWE, V200R006C10SPC100, V200R006C10SPC200, V200R006C10SPC300, V200R006C10SPC300PWE, V200R006C10SPC600, V200R006C12, V200R007C00, V200R007C00PWE, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC500, V200R007C00SPC600, V200R007C00SPC600PWE, V200R007C00SPC900, V200R007C00SPC900PWE, V200R007C00SPCb00, V200R007C00SPCb00PWE, V200R007C01, V200R007C02, V200R008C20, V200R008C20SPC500T, V200R008C20SPC501T, V200R008C20SPC600, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, V200R008C30SPC100, AR200 V200R006C10, V200R006C10PWE, V200R006C10SPC100, V200R006C10SPC300, V200R006C10SPC300PWE, V200R007C00, V200R007C00PWE, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC600PWE, V200R007C00SPC900, V200R007C00SPC900PWE, V200R007C00SPCb00, V200R007C00SPCb00PWE, V200R007C01, V200R008C20, V200R008C20SPC600, V200R008C20SPC700, V200R008C20SPC800, V200R008C20SPC900, V200R008C20SPC900PWE, V200R008C30, AR200-S V200R006C10, V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, AR2200 V200R006C10, V200R006C10PWE, V200R006C10SPC300, V200R006C10SPC300PWE, V200R006C10SPC600, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C00PWE, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC500, V200R007C00SPC600, V200R007C00SPC600PWE, V200R007C00SPC900, V200R007C00SPC900PWE, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCb00PWE, V200R007C01, V200R007C02, V200R008C20, V200R008C20SPC600, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, AR2200-S V200R006C10, V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C20SPC800PWE, V200R008C30, AR3200 V200R006C10, V200R006C10PWE, V200R006C10SPC100, V200R006C10SPC200, V200R006C10SPC300, V200R006C10SPC300PWE, V200R006C10SPC600, V200R006C11, V200R007C00, V200R007C00PWE, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC500, V200R007C00SPC510T, V200R007C00SPC600, V200R007C00SPC600PWE, V200R007C00SPC900, V200R007C00SPC900PWE, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCb00PWE, V200R007C00SPCc00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C20B560, V200R008C20B570, V200R008C20B580, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, V200R008C30B010, V200R008C30B020, V200R008C30B030, V200R008C30B050, V200R008C30B060, V200R008C30B070, V200R008C30B080, V200R008C30SPC067T, AR510 V200R006C10, V200R006C10PWE, V200R006C10SPC200, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R008C20, V200R008C30, DP300 V500R002C00, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, NetEngine16EX V200R006C10, V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, RP200 V500R002C00SPC200, SRG1300 V200R006C10, V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R008C20, V200R008C30, TE30 V100R001C02SPC100, V100R001C02SPC200, V100R001C10, V100R001C10SPC100, V100R001C10SPC300, V100R001C10SPC600, V100R001C10SPC800, V500R002C00SPC200, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, TE40 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE50 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, TE60 V100R001C01SPC100, V100R001C10, V100R001C10B010, V100R001C10SPC300, V100R001C10SPC400, V100R001C10SPC502T, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800, V100R001C10SPC900, V500R002C00, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V600R006C00, TP3106 V100R001C06B020, V100R002C00, V100R002C00B026, V100R002C00B027, V100R002C00B028, V100R002C00B029, V100R002C00SPC100B022, V100R002C00SPC100B022SP01, V100R002C00SPC100B023, V100R002C00SPC100B024, V100R002C00SPC100B025, V100R002C00SPC101T, V100R002C00SPC200, V100R002C00SPC400, V100R002C00SPC600, V100R002C00T, TP3206 V100R002C00, V100R002C00SPC200, V100R002C00SPC400, V100R002C00SPC600, ViewPoint 8660 V100R008C03B013SP02, V100R008C03B013SP03, V100R008C03B013SP04, V100R008C03SPC100, V100R008C03SPC100B010, V100R008C03SPC100B011, V100R008C03SPC200, V100R008C03SPC200T, V100R008C03SPC300, V100R008C03SPC400, V100R008C03SPC500, V100R008C03SPC600, V100R008C03SPC600T, V100R008C03SPC700, V100R008C03SPC800, V100R008C03SPC900, V100R008C03SPCa00, V100R008C03SPCb00, V100R008C03SPCc00, ViewPoint 9030 V100R011C02SPC100, V100R011C02SPC100B010, V100R011C03B012SP15, V100R011C03B012SP16, V100R011C03B015SP03, V100R011C03LGWL01SPC100, V100R011C03LGWL01SPC100B012, V100R011C03SPC100, V100R011C03SPC100B010, V100R011C03SPC100B011, V100R011C03SPC100B012, V100R011C03SPC200, V100R011C03SPC300, V100R011C03SPC400, V100R011C03SPC500, ," + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-h323-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-h323-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei AR100, AR100-S, AR110-S, AR120, AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR510, DP300, NetEngine16EX, RP200, SRG1300, SRG2300, SRG3300, TE30, TE40, TE50, TE60, TP3106, TP3206, ViewPoint 8660, and ViewPoint 9030 have an insufficient validation vulnerability. Since packet validation is insufficient, an unauthenticated attacker may send special H323 packets to exploit the vulnerability. Successful exploit could allow the attacker to send malicious packets and result in DOS attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Input Validation?" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-h323-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-h323-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17414.json b/2017/17xxx/CVE-2017-17414.json index da12efd83cd..e5a31987348 100644 --- a/2017/17xxx/CVE-2017-17414.json +++ b/2017/17xxx/CVE-2017-17414.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-17414", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Quest NetVault Backup", - "version" : { - "version_data" : [ - { - "version_value" : "11.3.0.12" - } - ] - } - } - ] - }, - "vendor_name" : "Quest" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4225." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-89-Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-17414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Quest NetVault Backup", + "version": { + "version_data": [ + { + "version_value": "11.3.0.12" + } + ] + } + } + ] + }, + "vendor_name": "Quest" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-979", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-979" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4225." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89-Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-979", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-979" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17769.json b/2017/17xxx/CVE-2017-17769.json index 87376f65047..7146902e8dc 100644 --- a/2017/17xxx/CVE-2017-17769.json +++ b/2017/17xxx/CVE-2017-17769.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-03-26T00:00:00", - "ID" : "CVE-2017-17769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Information leakage in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the audio driver." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure in Audio" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-03-26T00:00:00", + "ID": "CVE-2017-17769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Information leakage in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the audio driver." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure in Audio" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-02-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9223.json b/2017/9xxx/CVE-2017-9223.json index 8594a61fdd6..1bf233332a0 100644 --- a/2017/9xxx/CVE-2017-9223.json +++ b/2017/9xxx/CVE-2017-9223.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Jun/32", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jun/32" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Jun/32", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Jun/32" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9570.json b/2017/9xxx/CVE-2017-9570.json index 57376d4ebfc..dc464e8a816 100644 --- a/2017/9xxx/CVE-2017-9570.json +++ b/2017/9xxx/CVE-2017-9570.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mount-vernon-bank-trust-mobile-banking/id542706679 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mount-vernon-bank-trust-mobile-banking/id542706679 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9639.json b/2017/9xxx/CVE-2017-9639.json index efbceac37f4..99e57149fb4 100644 --- a/2017/9xxx/CVE-2017-9639.json +++ b/2017/9xxx/CVE-2017-9639.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-9639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Fuji Electric V-Server", - "version" : { - "version_data" : [ - { - "version_value" : "Fuji Electric V-Server" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and prior. A memory corruption vulnerability has been identified (aka improper restriction of operations within the bounds of a memory buffer), which may allow remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-119" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-9639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fuji Electric V-Server", + "version": { + "version_data": [ + { + "version_value": "Fuji Electric V-Server" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-02" - }, - { - "name" : "99544", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99544" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and prior. A memory corruption vulnerability has been identified (aka improper restriction of operations within the bounds of a memory buffer), which may allow remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-02" + }, + { + "name": "99544", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99544" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0145.json b/2018/0xxx/CVE-2018-0145.json index 607d22b91e1..411532dc092 100644 --- a/2018/0xxx/CVE-2018-0145.json +++ b/2018/0xxx/CVE-2018-0145.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Data Center Analytics Framework", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Data Center Analytics Framework" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information on the affected system. Cisco Bug IDs: CSCvg45105." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Data Center Analytics Framework", + "version": { + "version_data": [ + { + "version_value": "Cisco Data Center Analytics Framework" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-dcaf", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-dcaf" - }, - { - "name" : "103131", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information on the affected system. Cisco Bug IDs: CSCvg45105." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-dcaf", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-dcaf" + }, + { + "name": "103131", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103131" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0284.json b/2018/0xxx/CVE-2018-0284.json index 8b4cbdbdd9a..fcc8d5b5226 100644 --- a/2018/0xxx/CVE-2018-0284.json +++ b/2018/0xxx/CVE-2018-0284.json @@ -1,131 +1,131 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-11-07T16:00:00-0600", - "ID" : "CVE-2018-0284", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Meraki Local Status Page Privilege Escalation Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Meraki MR", - "version" : { - "version_data" : [ - { - "version_value" : "<24.13" - } - ] - } - }, - { - "product_name" : "Cisco Meraki M5", - "version" : { - "version_data" : [ - { - "version_value" : "<9.37" - } - ] - } - }, - { - "product_name" : "Cisco Meraki MX", - "version" : { - "version_data" : [ - { - "version_value" : "<13.32" - } - ] - } - }, - { - "product_name" : "Cisco Meraki Z1", - "version" : { - "version_data" : [ - { - "version_value" : "<13.32" - } - ] - } - }, - { - "product_name" : "Cisco Meraki Z3", - "version" : { - "version_data" : [ - { - "version_value" : "<13.32" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "8.8", - "vectorString" : "", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-264" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-11-07T16:00:00-0600", + "ID": "CVE-2018-0284", + "STATE": "PUBLIC", + "TITLE": "Cisco Meraki Local Status Page Privilege Escalation Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Meraki MR", + "version": { + "version_data": [ + { + "version_value": "<24.13" + } + ] + } + }, + { + "product_name": "Cisco Meraki M5", + "version": { + "version_data": [ + { + "version_value": "<9.37" + } + ] + } + }, + { + "product_name": "Cisco Meraki MX", + "version": { + "version_data": [ + { + "version_value": "<13.32" + } + ] + } + }, + { + "product_name": "Cisco Meraki Z1", + "version": { + "version_data": [ + { + "version_value": "<13.32" + } + ] + } + }, + { + "product_name": "Cisco Meraki Z3", + "version": { + "version_data": [ + { + "version_value": "<13.32" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181107 Cisco Meraki Local Status Page Privilege Escalation Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki" - }, - { - "name" : "105878", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105878" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20181107-meraki", - "defect" : [ - [ - "NA" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.8", + "vectorString": "", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20181107 Cisco Meraki Local Status Page Privilege Escalation Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki" + }, + { + "name": "105878", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105878" + } + ] + }, + "source": { + "advisory": "cisco-sa-20181107-meraki", + "defect": [ + [ + "NA" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000058.json b/2018/1000xxx/CVE-2018-1000058.json index f37df28d954..8c6eca80201 100644 --- a/2018/1000xxx/CVE-2018-1000058.json +++ b/2018/1000xxx/CVE-2018-1000058.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2/5/2018 0:00:00", - "ID" : "CVE-2018-1000058", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Pipeline: Supporting APIs Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "2.17 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incomplete sandboxing" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2/5/2018 0:00:00", + "ID": "CVE-2018-1000058", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-02-05/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-02-05/" - }, - { - "name" : "103034", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-02-05/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-02-05/" + }, + { + "name": "103034", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103034" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000168.json b/2018/1000xxx/CVE-2018-1000168.json index d49010c55fc..59107d6a962 100644 --- a/2018/1000xxx/CVE-2018-1000168.json +++ b/2018/1000xxx/CVE-2018-1000168.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-04-30T20:15:49.358836", - "DATE_REQUESTED" : "2018-04-09T10:52:35", - "ID" : "CVE-2018-1000168", - "REQUESTER" : "tatsuhiro.t@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "nghttp2", - "version" : { - "version_data" : [ - { - "version_value" : ">= 1.10.0 and nghttp2 <= v1.31.0" - } - ] - } - } - ] - }, - "vendor_name" : "nghttp2" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-04-30T20:15:49.358836", + "DATE_REQUESTED": "2018-04-09T10:52:35", + "ID": "CVE-2018-1000168", + "REQUESTER": "tatsuhiro.t@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/", - "refsource" : "CONFIRM", - "url" : "https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/" - }, - { - "name" : "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", - "refsource" : "CONFIRM", - "url" : "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/" - }, - { - "name" : "RHSA-2019:0366", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0366" - }, - { - "name" : "RHSA-2019:0367", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0367" - }, - { - "name" : "103952", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103952" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2019:0367", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0367" + }, + { + "name": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", + "refsource": "CONFIRM", + "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/" + }, + { + "name": "103952", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103952" + }, + { + "name": "https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/", + "refsource": "CONFIRM", + "url": "https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/" + }, + { + "name": "RHSA-2019:0366", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0366" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000197.json b/2018/1000xxx/CVE-2018-1000197.json index 520589499da..5ea11a2ff79 100644 --- a/2018/1000xxx/CVE-2018-1000197.json +++ b/2018/1000xxx/CVE-2018-1000197.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-06-05T13:57:43.656691", - "DATE_REQUESTED" : "2018-05-09T00:00:00", - "ID" : "CVE-2018-1000197", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Black Duck Hub Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.3 and older" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-285" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-06-05T13:57:43.656691", + "DATE_REQUESTED": "2018-05-09T00:00:00", + "ID": "CVE-2018-1000197", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-670", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-670" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-670", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-670" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000547.json b/2018/1000xxx/CVE-2018-1000547.json index 89d7cebd664..08d1d0c0036 100644 --- a/2018/1000xxx/CVE-2018-1000547.json +++ b/2018/1000xxx/CVE-2018-1000547.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-06-23T11:22:33.069504", - "DATE_REQUESTED" : "2018-03-27T08:05:54", - "ID" : "CVE-2018-1000547", - "REQUESTER" : "cve@unsecure.blog", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "coreBOS", - "version" : { - "version_data" : [ - { - "version_value" : "7.0 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "coreBOS" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contacts that can result in The error allows you to access records that you have no permissions to. ." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-06-23T11:22:33.069504", + "DATE_REQUESTED": "2018-03-27T08:05:54", + "ID": "CVE-2018-1000547", + "REQUESTER": "cve@unsecure.blog", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/tsolucio/corebos/blob/287780a61f98adca1fa631ae6e5de346947c7f81/modules/Contacts/EditView.php#L54", - "refsource" : "MISC", - "url" : "https://github.com/tsolucio/corebos/blob/287780a61f98adca1fa631ae6e5de346947c7f81/modules/Contacts/EditView.php#L54" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contacts that can result in The error allows you to access records that you have no permissions to. ." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tsolucio/corebos/blob/287780a61f98adca1fa631ae6e5de346947c7f81/modules/Contacts/EditView.php#L54", + "refsource": "MISC", + "url": "https://github.com/tsolucio/corebos/blob/287780a61f98adca1fa631ae6e5de346947c7f81/modules/Contacts/EditView.php#L54" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19006.json b/2018/19xxx/CVE-2018-19006.json index dc9f340f623..013d87fe3f0 100644 --- a/2018/19xxx/CVE-2018-19006.json +++ b/2018/19xxx/CVE-2018-19006.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19006", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19006", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19223.json b/2018/19xxx/CVE-2018-19223.json index 62be2a8b56f..25d14d675e2 100644 --- a/2018/19xxx/CVE-2018-19223.json +++ b/2018/19xxx/CVE-2018-19223.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#xss2", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#xss2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#xss2", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#xss2" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1192.json b/2018/1xxx/CVE-2018-1192.json index 21f61f5f50c..96468283637 100644 --- a/2018/1xxx/CVE-2018-1192.json +++ b/2018/1xxx/CVE-2018-1192.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2018-1192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3", - "version" : { - "version_data" : [ - { - "version_value" : "Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs. An attacker can use the SessionID to impersonate a logged-in user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "UAA SessionID present in Audit Event Logs" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2018-1192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3", + "version": { + "version_data": [ + { + "version_value": "Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.cloudfoundry.org/blog/cve-2018-1192/", - "refsource" : "CONFIRM", - "url" : "https://www.cloudfoundry.org/blog/cve-2018-1192/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs. An attacker can use the SessionID to impersonate a logged-in user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UAA SessionID present in Audit Event Logs" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cloudfoundry.org/blog/cve-2018-1192/", + "refsource": "CONFIRM", + "url": "https://www.cloudfoundry.org/blog/cve-2018-1192/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1536.json b/2018/1xxx/CVE-2018-1536.json index b6301a2c80d..96228a3680f 100644 --- a/2018/1xxx/CVE-2018-1536.json +++ b/2018/1xxx/CVE-2018-1536.json @@ -1,134 +1,134 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-07-16T00:00:00", - "ID" : "CVE-2018-1536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Software Architect Design Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - } - ] - } - }, - { - "product_name" : "Rational Rhapsody Design Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142558." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-07-16T00:00:00", + "ID": "CVE-2018-1536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Software Architect Design Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + } + ] + } + }, + { + "product_name": "Rational Rhapsody Design Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716029", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716029" - }, - { - "name" : "ibm-rhapsody-cve20181536-xss(142558)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/142558" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142558." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-rhapsody-cve20181536-xss(142558)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142558" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10716029", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716029" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1647.json b/2018/1xxx/CVE-2018-1647.json index 3aa08d5d22c..318081c6228 100644 --- a/2018/1xxx/CVE-2018-1647.json +++ b/2018/1xxx/CVE-2018-1647.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-10-03T00:00:00", - "ID" : "CVE-2018-1647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "QRadar Incident Forensics", - "version" : { - "version_data" : [ - { - "version_value" : "7.2" - }, - { - "version_value" : "7.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM QRadar Incident Forensics 7.2 and 7.3 does not properly restrict the size or amount of resources requested which could allow an unauthenticated user to cause a denial of service. IBM X-Force ID: 144650." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "H", - "AC" : "L", - "AV" : "N", - "C" : "N", - "I" : "N", - "PR" : "N", - "S" : "U", - "SCORE" : "7.500", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-10-03T00:00:00", + "ID": "CVE-2018-1647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "QRadar Incident Forensics", + "version": { + "version_data": [ + { + "version_value": "7.2" + }, + { + "version_value": "7.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10729705", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10729705" - }, - { - "name" : "ibm-qradar-cve20181647-dos(144650)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144650" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM QRadar Incident Forensics 7.2 and 7.3 does not properly restrict the size or amount of resources requested which could allow an unauthenticated user to cause a denial of service. IBM X-Force ID: 144650." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "H", + "AC": "L", + "AV": "N", + "C": "N", + "I": "N", + "PR": "N", + "S": "U", + "SCORE": "7.500", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-qradar-cve20181647-dos(144650)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144650" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10729705", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10729705" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1715.json b/2018/1xxx/CVE-2018-1715.json index 4e257fd01b4..230e272157b 100644 --- a/2018/1xxx/CVE-2018-1715.json +++ b/2018/1xxx/CVE-2018-1715.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-08-14T00:00:00", - "ID" : "CVE-2018-1715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Maximo Asset Management", - "version" : { - "version_data" : [ - { - "version_value" : "7.6" - }, - { - "version_value" : "7.6.0" - }, - { - "version_value" : "7.6.0.1" - }, - { - "version_value" : "7.6.1" - }, - { - "version_value" : "7.6.2" - }, - { - "version_value" : "7.6.2.1" - }, - { - "version_value" : "7.6.2.2" - }, - { - "version_value" : "7.6.2.3" - }, - { - "version_value" : "7.6.2.4" - }, - { - "version_value" : "7.6.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147003." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-08-14T00:00:00", + "ID": "CVE-2018-1715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Maximo Asset Management", + "version": { + "version_data": [ + { + "version_value": "7.6" + }, + { + "version_value": "7.6.0" + }, + { + "version_value": "7.6.0.1" + }, + { + "version_value": "7.6.1" + }, + { + "version_value": "7.6.2" + }, + { + "version_value": "7.6.2.1" + }, + { + "version_value": "7.6.2.2" + }, + { + "version_value": "7.6.2.3" + }, + { + "version_value": "7.6.2.4" + }, + { + "version_value": "7.6.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=swg22017453", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=swg22017453" - }, - { - "name" : "ibm-maximo-cve20181715-xss(147003)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147003." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-maximo-cve20181715-xss(147003)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147003" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=swg22017453", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=swg22017453" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4371.json b/2018/4xxx/CVE-2018-4371.json index 442de84433c..d9d21bd8aa1 100644 --- a/2018/4xxx/CVE-2018-4371.json +++ b/2018/4xxx/CVE-2018-4371.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4371", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4371", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4750.json b/2018/4xxx/CVE-2018-4750.json index 14f585f385c..a6828697d26 100644 --- a/2018/4xxx/CVE-2018-4750.json +++ b/2018/4xxx/CVE-2018-4750.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4750", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4750", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file