From 2aee8b6dfcbf60dc7a41e89ba185b174bc8a5361 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:06:58 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2008/0xxx/CVE-2008-0376.json | 150 +++++++------- 2008/0xxx/CVE-2008-0496.json | 170 ++++++++-------- 2008/0xxx/CVE-2008-0821.json | 130 ++++++------ 2008/0xxx/CVE-2008-0934.json | 130 ++++++------ 2008/1xxx/CVE-2008-1178.json | 170 ++++++++-------- 2008/1xxx/CVE-2008-1407.json | 150 +++++++------- 2008/1xxx/CVE-2008-1888.json | 150 +++++++------- 2008/3xxx/CVE-2008-3140.json | 270 ++++++++++++------------- 2008/3xxx/CVE-2008-3173.json | 140 ++++++------- 2008/3xxx/CVE-2008-3209.json | 160 +++++++-------- 2008/3xxx/CVE-2008-3254.json | 150 +++++++------- 2008/3xxx/CVE-2008-3591.json | 160 +++++++-------- 2008/3xxx/CVE-2008-3621.json | 180 ++++++++--------- 2008/4xxx/CVE-2008-4087.json | 160 +++++++-------- 2008/4xxx/CVE-2008-4244.json | 150 +++++++------- 2008/4xxx/CVE-2008-4440.json | 180 ++++++++--------- 2008/4xxx/CVE-2008-4644.json | 160 +++++++-------- 2008/4xxx/CVE-2008-4666.json | 150 +++++++------- 2013/2xxx/CVE-2013-2210.json | 150 +++++++------- 2013/2xxx/CVE-2013-2451.json | 310 ++++++++++++++--------------- 2013/2xxx/CVE-2013-2804.json | 130 ++++++------ 2013/3xxx/CVE-2013-3271.json | 120 +++++------ 2013/3xxx/CVE-2013-3474.json | 160 +++++++-------- 2013/6xxx/CVE-2013-6669.json | 34 ++-- 2013/6xxx/CVE-2013-6873.json | 150 +++++++------- 2013/6xxx/CVE-2013-6944.json | 120 +++++------ 2013/7xxx/CVE-2013-7346.json | 130 ++++++------ 2013/7xxx/CVE-2013-7451.json | 130 ++++++------ 2017/10xxx/CVE-2017-10051.json | 142 ++++++------- 2017/10xxx/CVE-2017-10132.json | 142 ++++++------- 2017/10xxx/CVE-2017-10301.json | 142 ++++++------- 2017/10xxx/CVE-2017-10504.json | 34 ++-- 2017/10xxx/CVE-2017-10746.json | 120 +++++------ 2017/14xxx/CVE-2017-14270.json | 120 +++++------ 2017/14xxx/CVE-2017-14298.json | 120 +++++------ 2017/14xxx/CVE-2017-14705.json | 140 ++++++------- 2017/14xxx/CVE-2017-14993.json | 130 ++++++------ 2017/17xxx/CVE-2017-17285.json | 120 +++++------ 2017/17xxx/CVE-2017-17298.json | 120 +++++------ 2017/17xxx/CVE-2017-17792.json | 130 ++++++------ 2017/17xxx/CVE-2017-17898.json | 130 ++++++------ 2017/9xxx/CVE-2017-9101.json | 130 ++++++------ 2017/9xxx/CVE-2017-9247.json | 130 ++++++------ 2017/9xxx/CVE-2017-9537.json | 130 ++++++------ 2017/9xxx/CVE-2017-9717.json | 132 ++++++------ 2018/0xxx/CVE-2018-0154.json | 140 ++++++------- 2018/0xxx/CVE-2018-0631.json | 130 ++++++------ 2018/0xxx/CVE-2018-0664.json | 130 ++++++------ 2018/0xxx/CVE-2018-0947.json | 142 ++++++------- 2018/1000xxx/CVE-2018-1000218.json | 136 ++++++------- 2018/19xxx/CVE-2018-19057.json | 120 +++++------ 2018/19xxx/CVE-2018-19474.json | 34 ++-- 2018/1xxx/CVE-2018-1491.json | 34 ++-- 2018/1xxx/CVE-2018-1947.json | 220 ++++++++++---------- 2018/4xxx/CVE-2018-4101.json | 190 +++++++++--------- 2018/4xxx/CVE-2018-4314.json | 34 ++-- 2018/4xxx/CVE-2018-4555.json | 34 ++-- 2018/4xxx/CVE-2018-4825.json | 34 ++-- 58 files changed, 3917 insertions(+), 3917 deletions(-) diff --git a/2008/0xxx/CVE-2008-0376.json b/2008/0xxx/CVE-2008-0376.json index 6d1edfcabac..59ef479acbe 100644 --- a/2008/0xxx/CVE-2008-0376.json +++ b/2008/0xxx/CVE-2008-0376.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfile parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4937", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4937" - }, - { - "name" : "27345", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27345" - }, - { - "name" : "28568", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28568" - }, - { - "name" : "smallaxeweblog-linkbar-file-include(39765)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39765" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfile parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28568", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28568" + }, + { + "name": "27345", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27345" + }, + { + "name": "smallaxeweblog-linkbar-file-include(39765)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39765" + }, + { + "name": "4937", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4937" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0496.json b/2008/0xxx/CVE-2008-0496.json index 1c2a2db900f..2159853e757 100644 --- a/2008/0xxx/CVE-2008-0496.json +++ b/2008/0xxx/CVE-2008-0496.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in AmpJuke 0.7.0 allows remote attackers to inject arbitrary web script or HTML via the limit parameter in a search action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080129 AmpJuke-0.7.0 (index.php) Xss VuLn.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487258/100/0/threaded" - }, - { - "name" : "27498", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27498" - }, - { - "name" : "ADV-2008-0332", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0332" - }, - { - "name" : "28661", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28661" - }, - { - "name" : "3594", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3594" - }, - { - "name" : "juke-index-xss(40023)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40023" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in AmpJuke 0.7.0 allows remote attackers to inject arbitrary web script or HTML via the limit parameter in a search action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "juke-index-xss(40023)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40023" + }, + { + "name": "ADV-2008-0332", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0332" + }, + { + "name": "20080129 AmpJuke-0.7.0 (index.php) Xss VuLn.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487258/100/0/threaded" + }, + { + "name": "27498", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27498" + }, + { + "name": "28661", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28661" + }, + { + "name": "3594", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3594" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0821.json b/2008/0xxx/CVE-2008-0821.json index 272c556d39c..a1381581168 100644 --- a/2008/0xxx/CVE-2008-0821.json +++ b/2008/0xxx/CVE-2008-0821.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin/traffic/knowledge_searchm.php in OSI Codes Inc. PHP Live! 3.2.2 allows remote attackers to execute arbitrary SQL commands via the questid parameter in an expand_question action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5125", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5125" - }, - { - "name" : "27807", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin/traffic/knowledge_searchm.php in OSI Codes Inc. PHP Live! 3.2.2 allows remote attackers to execute arbitrary SQL commands via the questid parameter in an expand_question action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27807", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27807" + }, + { + "name": "5125", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5125" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0934.json b/2008/0xxx/CVE-2008-0934.json index 9a2aeef9a31..9186d07758b 100644 --- a/2008/0xxx/CVE-2008-0934.json +++ b/2008/0xxx/CVE-2008-0934.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in modules.php in the NukeC 2.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5172", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5172" - }, - { - "name" : "27937", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in modules.php in the NukeC 2.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5172", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5172" + }, + { + "name": "27937", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27937" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1178.json b/2008/1xxx/CVE-2008-1178.json index 2e82a3d246a..89e3ce91649 100644 --- a/2008/1xxx/CVE-2008-1178.json +++ b/2008/1xxx/CVE-2008-1178.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in include/doc/index.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter, a different vector than CVE-2008-1119." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080229 Centreon <= 1.4.2.3 (index.php) Remote File Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488956/100/0/threaded" - }, - { - "name" : "http://www.centreon.com/Product/Changelog-Centreon-1.4.x.html", - "refsource" : "CONFIRM", - "url" : "http://www.centreon.com/Product/Changelog-Centreon-1.4.x.html" - }, - { - "name" : "28052", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28052" - }, - { - "name" : "29158", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29158" - }, - { - "name" : "3715", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3715" - }, - { - "name" : "centreon-index-file-include(40950)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in include/doc/index.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter, a different vector than CVE-2008-1119." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080229 Centreon <= 1.4.2.3 (index.php) Remote File Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488956/100/0/threaded" + }, + { + "name": "centreon-index-file-include(40950)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40950" + }, + { + "name": "28052", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28052" + }, + { + "name": "29158", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29158" + }, + { + "name": "3715", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3715" + }, + { + "name": "http://www.centreon.com/Product/Changelog-Centreon-1.4.x.html", + "refsource": "CONFIRM", + "url": "http://www.centreon.com/Product/Changelog-Centreon-1.4.x.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1407.json b/2008/1xxx/CVE-2008-1407.json index 9cb913eec7f..1bb631bfab4 100644 --- a/2008/1xxx/CVE-2008-1407.json +++ b/2008/1xxx/CVE-2008-1407.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in the WebChat 1.60 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the roomid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5255", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5255" - }, - { - "name" : "28256", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28256" - }, - { - "name" : "29390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29390" - }, - { - "name" : "webchat-index-sql-injection(41213)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41213" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in the WebChat 1.60 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the roomid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29390" + }, + { + "name": "28256", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28256" + }, + { + "name": "5255", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5255" + }, + { + "name": "webchat-index-sql-injection(41213)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41213" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1888.json b/2008/1xxx/CVE-2008-1888.json index 11cce1c5263..169a0b41e45 100644 --- a/2008/1xxx/CVE-2008-1888.json +++ b/2008/1xxx/CVE-2008-1888.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080409 CAU-2008-0002: Microsoft Windows SharePoint Services PictureSource XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490624/100/0/threaded" - }, - { - "name" : "http://www.caughq.org/advisories/CAU-2008-0002.txt", - "refsource" : "MISC", - "url" : "http://www.caughq.org/advisories/CAU-2008-0002.txt" - }, - { - "name" : "28706", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28706" - }, - { - "name" : "microsoft-sharepoint-picturesource-xss(41934)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41934" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28706", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28706" + }, + { + "name": "microsoft-sharepoint-picturesource-xss(41934)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41934" + }, + { + "name": "20080409 CAU-2008-0002: Microsoft Windows SharePoint Services PictureSource XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490624/100/0/threaded" + }, + { + "name": "http://www.caughq.org/advisories/CAU-2008-0002.txt", + "refsource": "MISC", + "url": "http://www.caughq.org/advisories/CAU-2008-0002.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3140.json b/2008/3xxx/CVE-2008-3140.json index 803343992cc..9cd7321c058 100644 --- a/2008/3xxx/CVE-2008-3140.json +++ b/2008/3xxx/CVE-2008-3140.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an \"incomplete SS7 MSU syslog encapsulated packet.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080703 rPSA-2008-0212-1 tshark wireshark", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493882/100/0/threaded" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2008-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2008-03.html" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212" - }, - { - "name" : "FEDORA-2008-6440", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html" - }, - { - "name" : "GLSA-200808-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200808-04.xml" - }, - { - "name" : "SUSE-SR:2008:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" - }, - { - "name" : "30020", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30020" - }, - { - "name" : "oval:org.mitre.oval:def:14700", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14700" - }, - { - "name" : "1020404", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020404" - }, - { - "name" : "30886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30886" - }, - { - "name" : "30942", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30942" - }, - { - "name" : "31085", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31085" - }, - { - "name" : "ADV-2008-1982", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1982/references" - }, - { - "name" : "31378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31378" - }, - { - "name" : "31687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31687" - }, - { - "name" : "wireshark-syslog-dos(43518)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43518" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an \"incomplete SS7 MSU syslog encapsulated packet.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30886" + }, + { + "name": "SUSE-SR:2008:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" + }, + { + "name": "30942", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30942" + }, + { + "name": "FEDORA-2008-6440", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html" + }, + { + "name": "ADV-2008-1982", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1982/references" + }, + { + "name": "31687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31687" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2008-03.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2008-03.html" + }, + { + "name": "GLSA-200808-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200808-04.xml" + }, + { + "name": "20080703 rPSA-2008-0212-1 tshark wireshark", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493882/100/0/threaded" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212" + }, + { + "name": "oval:org.mitre.oval:def:14700", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14700" + }, + { + "name": "30020", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30020" + }, + { + "name": "31378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31378" + }, + { + "name": "wireshark-syslog-dos(43518)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43518" + }, + { + "name": "1020404", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020404" + }, + { + "name": "31085", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31085" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3173.json b/2008/3xxx/CVE-2008-3173.json index 5c970fe0828..095e4d34a1c 100644 --- a/2008/3xxx/CVE-2008-3173.json +++ b/2008/3xxx/CVE-2008-3173.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer allows web sites to set cookies for domains that have a public suffix with more than one dot character, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka \"Cross-Site Cooking.\" NOTE: this issue may exist because of an insufficient fix for CVE-2004-0866." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://crisp.tweakblogs.net/blog/ie-and-2-letter-domain-names.html", - "refsource" : "MISC", - "url" : "http://crisp.tweakblogs.net/blog/ie-and-2-letter-domain-names.html" - }, - { - "name" : "http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html", - "refsource" : "MISC", - "url" : "http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html" - }, - { - "name" : "microsoft-ie-cookie-session-hijacking(43950)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer allows web sites to set cookies for domains that have a public suffix with more than one dot character, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka \"Cross-Site Cooking.\" NOTE: this issue may exist because of an insufficient fix for CVE-2004-0866." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://crisp.tweakblogs.net/blog/ie-and-2-letter-domain-names.html", + "refsource": "MISC", + "url": "http://crisp.tweakblogs.net/blog/ie-and-2-letter-domain-names.html" + }, + { + "name": "microsoft-ie-cookie-session-hijacking(43950)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43950" + }, + { + "name": "http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html", + "refsource": "MISC", + "url": "http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3209.json b/2008/3xxx/CVE-2008-3209.json index f40cf7cb781..2d9b38e80c8 100644 --- a/2008/3xxx/CVE-2008-3209.json +++ b/2008/3xxx/CVE-2008-3209.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the OpenGifFile function in BiGif.dll in Black Ice Document Imaging SDK 10.95 allows remote attackers to execute arbitrary code via a long string argument to the GetNumberOfImagesInGifFile method in the BIImgFrm Control ActiveX control in biimgfrm.ocx. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6083", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6083" - }, - { - "name" : "30243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30243" - }, - { - "name" : "31095", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31095" - }, - { - "name" : "4012", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4012" - }, - { - "name" : "blackice-opengiffile-bo(43830)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43830" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the OpenGifFile function in BiGif.dll in Black Ice Document Imaging SDK 10.95 allows remote attackers to execute arbitrary code via a long string argument to the GetNumberOfImagesInGifFile method in the BIImgFrm Control ActiveX control in biimgfrm.ocx. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4012", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4012" + }, + { + "name": "6083", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6083" + }, + { + "name": "30243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30243" + }, + { + "name": "31095", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31095" + }, + { + "name": "blackice-opengiffile-bo(43830)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43830" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3254.json b/2008/3xxx/CVE-2008-3254.json index e47542621c8..e8e36a3763d 100644 --- a/2008/3xxx/CVE-2008-3254.json +++ b/2008/3xxx/CVE-2008-3254.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in preCMS 1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a UserProfil action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6096", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6096" - }, - { - "name" : "30278", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30278" - }, - { - "name" : "31138", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31138" - }, - { - "name" : "precms-index-sql-injection(43882)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43882" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in preCMS 1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a UserProfil action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "precms-index-sql-injection(43882)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43882" + }, + { + "name": "6096", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6096" + }, + { + "name": "31138", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31138" + }, + { + "name": "30278", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30278" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3591.json b/2008/3xxx/CVE-2008-3591.json index ff2141118cb..871e012ebf8 100644 --- a/2008/3xxx/CVE-2008-3591.json +++ b/2008/3xxx/CVE-2008-3591.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6177", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6177" - }, - { - "name" : "http://overture21.com/forum/comments.php?DiscussionID=1823", - "refsource" : "CONFIRM", - "url" : "http://overture21.com/forum/comments.php?DiscussionID=1823" - }, - { - "name" : "30477", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30477" - }, - { - "name" : "31293", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31293" - }, - { - "name" : "4137", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6177", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6177" + }, + { + "name": "4137", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4137" + }, + { + "name": "30477", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30477" + }, + { + "name": "31293", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31293" + }, + { + "name": "http://overture21.com/forum/comments.php?DiscussionID=1823", + "refsource": "CONFIRM", + "url": "http://overture21.com/forum/comments.php?DiscussionID=1823" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3621.json b/2008/3xxx/CVE-2008-3621.json index 46b78b220cb..f2e8c0851b5 100644 --- a/2008/3xxx/CVE-2008-3621.json +++ b/2008/3xxx/CVE-2008-3621.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2008-09-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" - }, - { - "name" : "TA08-260A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" - }, - { - "name" : "31189", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31189" - }, - { - "name" : "ADV-2008-2584", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2584" - }, - { - "name" : "1020885", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020885" - }, - { - "name" : "31882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31882" - }, - { - "name" : "macos-videoconference-code-execution(45177)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45177" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31189", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31189" + }, + { + "name": "macos-videoconference-code-execution(45177)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45177" + }, + { + "name": "APPLE-SA-2008-09-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" + }, + { + "name": "TA08-260A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" + }, + { + "name": "ADV-2008-2584", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2584" + }, + { + "name": "31882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31882" + }, + { + "name": "1020885", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020885" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4087.json b/2008/4xxx/CVE-2008-4087.json index 75ee5145701..7ef1cb8815c 100644 --- a/2008/4xxx/CVE-2008-4087.json +++ b/2008/4xxx/CVE-2008-4087.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Acoustica Beatcraft 1.02 Build 19 allows user-assisted attackers to cause a denial of service or execute arbitrary code via a Beatcraft Project (aka bcproj) file with a long string in a certain instruments title field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6333", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6333" - }, - { - "name" : "30938", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30938" - }, - { - "name" : "31660", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31660" - }, - { - "name" : "4259", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4259" - }, - { - "name" : "beatcraft-bcproj-bo(44794)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44794" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Acoustica Beatcraft 1.02 Build 19 allows user-assisted attackers to cause a denial of service or execute arbitrary code via a Beatcraft Project (aka bcproj) file with a long string in a certain instruments title field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30938", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30938" + }, + { + "name": "31660", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31660" + }, + { + "name": "6333", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6333" + }, + { + "name": "4259", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4259" + }, + { + "name": "beatcraft-bcproj-bo(44794)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44794" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4244.json b/2008/4xxx/CVE-2008-4244.json index 59f4e98118b..c1949e79d65 100644 --- a/2008/4xxx/CVE-2008-4244.json +++ b/2008/4xxx/CVE-2008-4244.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Rianxosencabos CMS 0.9 allows remote attackers to bypass authentication and gain administrative access by setting the usuario and pass cookies to 1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6521", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6521" - }, - { - "name" : "31292", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31292" - }, - { - "name" : "4312", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4312" - }, - { - "name" : "rianxosencabos-cookie-security-bypass(45291)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Rianxosencabos CMS 0.9 allows remote attackers to bypass authentication and gain administrative access by setting the usuario and pass cookies to 1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "rianxosencabos-cookie-security-bypass(45291)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45291" + }, + { + "name": "4312", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4312" + }, + { + "name": "6521", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6521" + }, + { + "name": "31292", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31292" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4440.json b/2008/4xxx/CVE-2008-4440.json index 937b17c235b..d74238fc4bd 100644 --- a/2008/4xxx/CVE-2008-4440.json +++ b/2008/4xxx/CVE-2008-4440.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4440", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The to-upgrade plugin in feta 1.4.16 allows local users to overwrite arbitrary files via a symlink on the (1) /tmp/feta.install.$USER and (2) /tmp/feta.avail.$USER temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496397", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496397" - }, - { - "name" : "http://dev.gentoo.org/~rbu/security/debiantemp/feta", - "refsource" : "CONFIRM", - "url" : "http://dev.gentoo.org/~rbu/security/debiantemp/feta" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770" - }, - { - "name" : "DSA-1643", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1643" - }, - { - "name" : "30899", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30899" - }, - { - "name" : "32155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The to-upgrade plugin in feta 1.4.16 allows local users to overwrite arbitrary files via a symlink on the (1) /tmp/feta.install.$USER and (2) /tmp/feta.avail.$USER temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32155" + }, + { + "name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2" + }, + { + "name": "http://dev.gentoo.org/~rbu/security/debiantemp/feta", + "refsource": "CONFIRM", + "url": "http://dev.gentoo.org/~rbu/security/debiantemp/feta" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496397", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496397" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=235770", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770" + }, + { + "name": "DSA-1643", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1643" + }, + { + "name": "30899", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30899" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4644.json b/2008/4xxx/CVE-2008-4644.json index e5e8b96e9a8..428b89ee8a2 100644 --- a/2008/4xxx/CVE-2008-4644.json +++ b/2008/4xxx/CVE-2008-4644.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modified X-Forwarded-For HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6759", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6759" - }, - { - "name" : "31772", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31772" - }, - { - "name" : "32289", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32289" - }, - { - "name" : "4455", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4455" - }, - { - "name" : "mystats-hits-security-bypass(45918)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45918" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modified X-Forwarded-For HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4455", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4455" + }, + { + "name": "6759", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6759" + }, + { + "name": "32289", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32289" + }, + { + "name": "mystats-hits-security-bypass(45918)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45918" + }, + { + "name": "31772", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31772" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4666.json b/2008/4xxx/CVE-2008-4666.json index dc4a53a15c8..bb945d84d03 100644 --- a/2008/4xxx/CVE-2008-4666.json +++ b/2008/4xxx/CVE-2008-4666.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4666", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in webboard.php in Ultimate Webboard 3.00 allows remote attackers to execute arbitrary SQL commands via the Category parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6576", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6576" - }, - { - "name" : "31424", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31424" - }, - { - "name" : "4467", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4467" - }, - { - "name" : "ultimatewebboard-webboard-sql-injection(45469)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in webboard.php in Ultimate Webboard 3.00 allows remote attackers to execute arbitrary SQL commands via the Category parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4467", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4467" + }, + { + "name": "31424", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31424" + }, + { + "name": "6576", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6576" + }, + { + "name": "ultimatewebboard-webboard-sql-injection(45469)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45469" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2210.json b/2013/2xxx/CVE-2013-2210.json index f20b667e4b4..5fe2a4b2a60 100644 --- a/2013/2xxx/CVE-2013-2210.json +++ b/2013/2xxx/CVE-2013-2210.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions. NOTE: this is due to an incorrect fix for CVE-2013-2154." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130626 CVE-2013-2210", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0216.html" - }, - { - "name" : "http://santuario.apache.org/secadv.data/CVE-2013-2210.txt", - "refsource" : "CONFIRM", - "url" : "http://santuario.apache.org/secadv.data/CVE-2013-2210.txt" - }, - { - "name" : "https://www.tenable.com/security/tns-2018-15", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2018-15" - }, - { - "name" : "DSA-2717", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2717" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions. NOTE: this is due to an incorrect fix for CVE-2013-2154." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130626 CVE-2013-2210", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0216.html" + }, + { + "name": "http://santuario.apache.org/secadv.data/CVE-2013-2210.txt", + "refsource": "CONFIRM", + "url": "http://santuario.apache.org/secadv.data/CVE-2013-2210.txt" + }, + { + "name": "https://www.tenable.com/security/tns-2018-15", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2018-15" + }, + { + "name": "DSA-2717", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2717" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2451.json b/2013/2xxx/CVE-2013-2451.json index abc2b624a3b..32cc7908e16 100644 --- a/2013/2xxx/CVE-2013-2451.json +++ b/2013/2xxx/CVE-2013-2451.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper enforcement of exclusive port binds when running on Windows, which allows attackers to bind to ports that are already in use." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-2451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/8dd8266a2f4b", - "refsource" : "MISC", - "url" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/8dd8266a2f4b" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" - }, - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=975146", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=975146" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02908", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137545592101387&w=2" - }, - { - "name" : "RHSA-2013:0963", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0963.html" - }, - { - "name" : "RHSA-2013:1060", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1060.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "RHSA-2013:1059", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1059.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "SUSE-SU-2013:1305", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" - }, - { - "name" : "SUSE-SU-2013:1255", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" - }, - { - "name" : "SUSE-SU-2013:1257", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" - }, - { - "name" : "TA13-169A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-169A" - }, - { - "name" : "60625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60625" - }, - { - "name" : "oval:org.mitre.oval:def:17265", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17265" - }, - { - "name" : "oval:org.mitre.oval:def:19535", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19535" - }, - { - "name" : "54154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper enforcement of exclusive port binds when running on Windows, which allows attackers to bind to ports that are already in use." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60625" + }, + { + "name": "RHSA-2013:1060", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html" + }, + { + "name": "HPSBUX02908", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137545592101387&w=2" + }, + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=975146", + "refsource": "CONFIRM", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=975146" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" + }, + { + "name": "SUSE-SU-2013:1257", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" + }, + { + "name": "54154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54154" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "oval:org.mitre.oval:def:17265", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17265" + }, + { + "name": "RHSA-2013:1059", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html" + }, + { + "name": "oval:org.mitre.oval:def:19535", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19535" + }, + { + "name": "TA13-169A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-169A" + }, + { + "name": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/8dd8266a2f4b", + "refsource": "MISC", + "url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/8dd8266a2f4b" + }, + { + "name": "RHSA-2013:0963", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0963.html" + }, + { + "name": "SUSE-SU-2013:1255", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" + }, + { + "name": "SUSE-SU-2013:1305", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2804.json b/2013/2xxx/CVE-2013-2804.json index 51b206933bc..d97e8f7cb2e 100644 --- a/2013/2xxx/CVE-2013-2804.json +++ b/2013/2xxx/CVE-2013-2804.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DNP Master Driver in Software Toolbox TOP Server before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2013-2804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-02", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-02" - }, - { - "name" : "http://support.softwaretoolbox.com/app/answers/detail/a_id/3014", - "refsource" : "CONFIRM", - "url" : "http://support.softwaretoolbox.com/app/answers/detail/a_id/3014" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DNP Master Driver in Software Toolbox TOP Server before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.softwaretoolbox.com/app/answers/detail/a_id/3014", + "refsource": "CONFIRM", + "url": "http://support.softwaretoolbox.com/app/answers/detail/a_id/3014" + }, + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-02", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-02" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3271.json b/2013/3xxx/CVE-2013-3271.json index 6b8de52f558..429c31a4190 100644 --- a/2013/3xxx/CVE-2013-3271.json +++ b/2013/3xxx/CVE-2013-3271.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the maximum number of login attempts within the PAM-enabled application codebase, instead of within the Agent codebase, which makes it easier for remote attackers to discover correct login credentials via a brute-force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2013-3271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130820 ESA-2013-047: RSA Authentication Agent for PAM Unlimited Login Attempts Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-08/0123.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the maximum number of login attempts within the PAM-enabled application codebase, instead of within the Agent codebase, which makes it easier for remote attackers to discover correct login credentials via a brute-force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130820 ESA-2013-047: RSA Authentication Agent for PAM Unlimited Login Attempts Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0123.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3474.json b/2013/3xxx/CVE-2013-3474.json index 4ec3e8f8076..ca4d398c3ae 100644 --- a/2013/3xxx/CVE-2013-3474.json +++ b/2013/3xxx/CVE-2013-3474.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or Lobby Ambassador managers group, and sending a request that (1) lacks a parameter value or (2) contains a malformed parameter value, aka Bug IDs CSCuh14313, CSCuh14159, CSCuh14368, and CSCuh14436." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-3474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130830 Cisco Wireless LAN Controller Multiple Parameter Handling Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3474" - }, - { - "name" : "62084", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62084" - }, - { - "name" : "96763", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/96763" - }, - { - "name" : "1028970", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028970" - }, - { - "name" : "cisco-wlc-cve20133474-dos(86811)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or Lobby Ambassador managers group, and sending a request that (1) lacks a parameter value or (2) contains a malformed parameter value, aka Bug IDs CSCuh14313, CSCuh14159, CSCuh14368, and CSCuh14436." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-wlc-cve20133474-dos(86811)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86811" + }, + { + "name": "20130830 Cisco Wireless LAN Controller Multiple Parameter Handling Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3474" + }, + { + "name": "1028970", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028970" + }, + { + "name": "96763", + "refsource": "OSVDB", + "url": "http://osvdb.org/96763" + }, + { + "name": "62084", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62084" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6669.json b/2013/6xxx/CVE-2013-6669.json index 64fb3859ace..c0f7bdafc14 100644 --- a/2013/6xxx/CVE-2013-6669.json +++ b/2013/6xxx/CVE-2013-6669.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6669", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6669", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6873.json b/2013/6xxx/CVE-2013-6873.json index ab4e2055e95..39c2ebacaa1 100644 --- a/2013/6xxx/CVE-2013-6873.json +++ b/2013/6xxx/CVE-2013-6873.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Testa Online Test Management System (OTMS) 2.0.0.2 allows remote attackers to execute arbitrary SQL commands via the test_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/124035/testa-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/124035/testa-sql.txt" - }, - { - "name" : "99992", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/99992" - }, - { - "name" : "55752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55752" - }, - { - "name" : "testa-testid-sql-injection(89082)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Testa Online Test Management System (OTMS) 2.0.0.2 allows remote attackers to execute arbitrary SQL commands via the test_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55752" + }, + { + "name": "http://packetstormsecurity.com/files/124035/testa-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/124035/testa-sql.txt" + }, + { + "name": "testa-testid-sql-injection(89082)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89082" + }, + { + "name": "99992", + "refsource": "OSVDB", + "url": "http://osvdb.org/99992" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6944.json b/2013/6xxx/CVE-2013-6944.json index 81b8d99eab5..33abd3f3819 100644 --- a/2013/6xxx/CVE-2013-6944.json +++ b/2013/6xxx/CVE-2013-6944.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6944", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the user interface in the AAA TM vServer in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.citrix.com/article/CTX139049", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX139049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the user interface in the AAA TM vServer in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.citrix.com/article/CTX139049", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX139049" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7346.json b/2013/7xxx/CVE-2013-7346.json index 5ce579fdd2b..3c73fcaa842 100644 --- a/2013/7xxx/CVE-2013-7346.json +++ b/2013/7xxx/CVE-2013-7346.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the sort parameter to system/authors/, related to CVE-2013-2559." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130403 SQL Injection Vulnerability in Symphony", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-04/0018.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23148", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23148" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the sort parameter to system/authors/, related to CVE-2013-2559." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130403 SQL Injection Vulnerability in Symphony", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0018.html" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23148", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23148" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7451.json b/2013/7xxx/CVE-2013-7451.json index d835e2247fa..85d3fa1f8c0 100644 --- a/2013/7xxx/CVE-2013-7451.json +++ b/2013/7xxx/CVE-2013-7451.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160420 various vulnerabilities in Node.js packages", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/04/20/11" - }, - { - "name" : "https://nodesecurity.io/advisories/41", - "refsource" : "CONFIRM", - "url" : "https://nodesecurity.io/advisories/41" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/41", + "refsource": "CONFIRM", + "url": "https://nodesecurity.io/advisories/41" + }, + { + "name": "[oss-security] 20160420 various vulnerabilities in Node.js packages", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/04/20/11" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10051.json b/2017/10xxx/CVE-2017-10051.json index 71137172f8d..f5eeec555ac 100644 --- a/2017/10xxx/CVE-2017-10051.json +++ b/2017/10xxx/CVE-2017-10051.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Outside In Technology", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.5.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3.0. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.5.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101377", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101377" - }, - { - "name" : "1039602", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3.0. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039602", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039602" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "101377", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101377" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10132.json b/2017/10xxx/CVE-2017-10132.json index 1604bd9afd6..d0216c4a8d0 100644 --- a/2017/10xxx/CVE-2017-10132.json +++ b/2017/10xxx/CVE-2017-10132.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Hotel Mobile", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "1.05" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite8/iOS). The supported version that is affected is 1.05. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality Hotel Mobile. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hospitality Hotel Mobile accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality Hotel Mobile. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hospitality Hotel Mobile accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Hotel Mobile", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.05" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99769", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99769" - }, - { - "name" : "1038941", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite8/iOS). The supported version that is affected is 1.05. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality Hotel Mobile. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hospitality Hotel Mobile accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality Hotel Mobile. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hospitality Hotel Mobile accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99769", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99769" + }, + { + "name": "1038941", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038941" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10301.json b/2017/10xxx/CVE-2017-10301.json index 13438612445..308335ed94f 100644 --- a/2017/10xxx/CVE-2017-10301.json +++ b/2017/10xxx/CVE-2017-10301.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.1.00" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Enterprise Portal). The supported version that is affected is 9.1.00. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PRTL Interaction Hub accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.1.00" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102599" - }, - { - "name" : "1040204", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Enterprise Portal). The supported version that is affected is 9.1.00. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PRTL Interaction Hub accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "1040204", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040204" + }, + { + "name": "102599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102599" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10504.json b/2017/10xxx/CVE-2017-10504.json index 91bd7409055..7ad98529a1a 100644 --- a/2017/10xxx/CVE-2017-10504.json +++ b/2017/10xxx/CVE-2017-10504.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10504", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10504", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10746.json b/2017/10xxx/CVE-2017-10746.json index 97c6b1c5861..cefafb13f7c 100644 --- a/2017/10xxx/CVE-2017-10746.json +++ b/2017/10xxx/CVE-2017-10746.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10746", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10746" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10746", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10746" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14270.json b/2017/14xxx/CVE-2017-14270.json index 065c17ffbb1..094cf96d447 100644 --- a/2017/14xxx/CVE-2017-14270.json +++ b/2017/14xxx/CVE-2017-14270.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV starting at ntdll_77400000!RtlFillMemoryUlong+0x0000000000000010.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14270", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV starting at ntdll_77400000!RtlFillMemoryUlong+0x0000000000000010.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14270", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14270" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14298.json b/2017/14xxx/CVE-2017-14298.json index ba592dd637c..cc4737c6f3c 100644 --- a/2017/14xxx/CVE-2017-14298.json +++ b/2017/14xxx/CVE-2017-14298.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to \"Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000038e8.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14298", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to \"Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000038e8.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14298", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14298" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14705.json b/2017/14xxx/CVE-2017-14705.json index 502a80e39a6..9911609601a 100644 --- a/2017/14xxx/CVE-2017-14705.json +++ b/2017/14xxx/CVE-2017-14705.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by exploiting CVE-2017-14706. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rapid7/metasploit-framework/pull/8980", - "refsource" : "MISC", - "url" : "https://github.com/rapid7/metasploit-framework/pull/8980" - }, - { - "name" : "https://pentest.blog/advisory-denyall-web-application-firewall-unauthenticated-remote-code-execution/", - "refsource" : "MISC", - "url" : "https://pentest.blog/advisory-denyall-web-application-firewall-unauthenticated-remote-code-execution/" - }, - { - "name" : "https://www.denyall.com/blog/advisories/advisory-unauthenticated-remote-code-execution-denyall-web-application-firewall/", - "refsource" : "MISC", - "url" : "https://www.denyall.com/blog/advisories/advisory-unauthenticated-remote-code-execution-denyall-web-application-firewall/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by exploiting CVE-2017-14706. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rapid7/metasploit-framework/pull/8980", + "refsource": "MISC", + "url": "https://github.com/rapid7/metasploit-framework/pull/8980" + }, + { + "name": "https://pentest.blog/advisory-denyall-web-application-firewall-unauthenticated-remote-code-execution/", + "refsource": "MISC", + "url": "https://pentest.blog/advisory-denyall-web-application-firewall-unauthenticated-remote-code-execution/" + }, + { + "name": "https://www.denyall.com/blog/advisories/advisory-unauthenticated-remote-code-execution-denyall-web-application-firewall/", + "refsource": "MISC", + "url": "https://www.denyall.com/blog/advisories/advisory-unauthenticated-remote-code-execution-denyall-web-application-firewall/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14993.json b/2017/14xxx/CVE-2017-14993.json index 60ba25ab0f9..f7c578cf50f 100644 --- a/2017/14xxx/CVE-2017-14993.json +++ b/2017/14xxx/CVE-2017-14993.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x before 4.10.6 (maintenance), and 4.9.x before 4.9.11 (legacy), Enterprise Edition before 6.0.0 RC3 (development), 5.2.x before 5.2.11 (legacy), and 5.3.x before 5.3.6 (maintenance), and Professional Edition before 6.0.0 RC3 (development), 4.9.x before 4.9.11 (legacy) and 4.10.x before 4.10.6 (maintenance) allow remote attackers to crawl specially crafted URLs (aka \"forced browsing\") in order to overflow the database of the shop and consequently make it stop working. Prerequisite: the shop allows rendering empty categories to the storefront via an admin option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.oxid-esales.com/view.php?id=6678", - "refsource" : "CONFIRM", - "url" : "https://bugs.oxid-esales.com/view.php?id=6678" - }, - { - "name" : "https://oxidforge.org/en/security-bulletin-2017-002.html", - "refsource" : "CONFIRM", - "url" : "https://oxidforge.org/en/security-bulletin-2017-002.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x before 4.10.6 (maintenance), and 4.9.x before 4.9.11 (legacy), Enterprise Edition before 6.0.0 RC3 (development), 5.2.x before 5.2.11 (legacy), and 5.3.x before 5.3.6 (maintenance), and Professional Edition before 6.0.0 RC3 (development), 4.9.x before 4.9.11 (legacy) and 4.10.x before 4.10.6 (maintenance) allow remote attackers to crawl specially crafted URLs (aka \"forced browsing\") in order to overflow the database of the shop and consequently make it stop working. Prerequisite: the shop allows rendering empty categories to the storefront via an admin option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.oxid-esales.com/view.php?id=6678", + "refsource": "CONFIRM", + "url": "https://bugs.oxid-esales.com/view.php?id=6678" + }, + { + "name": "https://oxidforge.org/en/security-bulletin-2017-002.html", + "refsource": "CONFIRM", + "url": "https://oxidforge.org/en/security-bulletin-2017-002.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17285.json b/2017/17xxx/CVE-2017-17285.json index 996aebec02b..ccb942fb01f 100644 --- a/2017/17xxx/CVE-2017-17285.json +++ b/2017/17xxx/CVE-2017-17285.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-17285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LON-AL00B", - "version" : { - "version_data" : [ - { - "version_value" : "LON-AL00BC00B229 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bluetooth module in some Huawei mobile phones with software LON-AL00BC00B229 and earlier versions has a buffer overflow vulnerability. Due to insufficient input validation, an unauthenticated attacker may craft Bluetooth AVDTP/AVCTP messages after successful paring, causing buffer overflow. Successful exploit may cause code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-17285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LON-AL00B", + "version": { + "version_data": [ + { + "version_value": "LON-AL00BC00B229 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180129-01-bluetooth-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180129-01-bluetooth-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bluetooth module in some Huawei mobile phones with software LON-AL00BC00B229 and earlier versions has a buffer overflow vulnerability. Due to insufficient input validation, an unauthenticated attacker may craft Bluetooth AVDTP/AVCTP messages after successful paring, causing buffer overflow. Successful exploit may cause code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180129-01-bluetooth-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180129-01-bluetooth-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17298.json b/2017/17xxx/CVE-2017-17298.json index fa98b267b2a..fbc51cbb9ac 100644 --- a/2017/17xxx/CVE-2017-17298.json +++ b/2017/17xxx/CVE-2017-17298.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-17298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "AR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR3600,AR510,DP300,NetEngine16EX,RP200,SRG1300,SRG2300,SRG3300,TE30,TE40,TE50,TE60,TP3106,TP3206,ViewPoint9030", - "version" : { - "version_data" : [ - { - "version_value" : "AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, ViewPoint 9030 V100R011C02, V100R011C03" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, ViewPoint 9030 V100R011C02, V100R011C03 have a buffer overflow vulnerability. An unauthenticated, remote attacker may send specially crafted certificates to the affected products. Due to insufficient validation of the certificates, successful exploit may cause buffer overflow and some service abnormal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-17298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR3600,AR510,DP300,NetEngine16EX,RP200,SRG1300,SRG2300,SRG3300,TE30,TE40,TE50,TE60,TP3106,TP3206,ViewPoint9030", + "version": { + "version_data": [ + { + "version_value": "AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, ViewPoint 9030 V100R011C02, V100R011C03" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-overflow-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-overflow-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, ViewPoint 9030 V100R011C02, V100R011C03 have a buffer overflow vulnerability. An unauthenticated, remote attacker may send specially crafted certificates to the affected products. Due to insufficient validation of the certificates, successful exploit may cause buffer overflow and some service abnormal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-overflow-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-overflow-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17792.json b/2017/17xxx/CVE-2017-17792.json index 430414a2673..efbaf5a4bf3 100644 --- a/2017/17xxx/CVE-2017-17792.json +++ b/2017/17xxx/CVE-2017-17792.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross site scripting (XSS) vulnerability in the markup_clean_href function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlogoText/blogotext/commit/7c6f74e43008b2397160775696c67acbab87911d", - "refsource" : "CONFIRM", - "url" : "https://github.com/BlogoText/blogotext/commit/7c6f74e43008b2397160775696c67acbab87911d" - }, - { - "name" : "https://github.com/BlogoText/blogotext/issues/345", - "refsource" : "CONFIRM", - "url" : "https://github.com/BlogoText/blogotext/issues/345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross site scripting (XSS) vulnerability in the markup_clean_href function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlogoText/blogotext/issues/345", + "refsource": "CONFIRM", + "url": "https://github.com/BlogoText/blogotext/issues/345" + }, + { + "name": "https://github.com/BlogoText/blogotext/commit/7c6f74e43008b2397160775696c67acbab87911d", + "refsource": "CONFIRM", + "url": "https://github.com/BlogoText/blogotext/commit/7c6f74e43008b2397160775696c67acbab87911d" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17898.json b/2017/17xxx/CVE-2017-17898.json index 563cf8d6881..bfc0b0f1d3d 100644 --- a/2017/17xxx/CVE-2017-17898.json +++ b/2017/17xxx/CVE-2017-17898.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c", - "refsource" : "CONFIRM", - "url" : "https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c" - }, - { - "name" : "https://github.com/Dolibarr/dolibarr/commit/6a62e139604dbbd5729e57df2433b37a5950c35c", - "refsource" : "CONFIRM", - "url" : "https://github.com/Dolibarr/dolibarr/commit/6a62e139604dbbd5729e57df2433b37a5950c35c" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c", + "refsource": "CONFIRM", + "url": "https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c" + }, + { + "name": "https://github.com/Dolibarr/dolibarr/commit/6a62e139604dbbd5729e57df2433b37a5950c35c", + "refsource": "CONFIRM", + "url": "https://github.com/Dolibarr/dolibarr/commit/6a62e139604dbbd5729e57df2433b37a5950c35c" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9101.json b/2017/9xxx/CVE-2017-9101.json index 9ef6ae23b44..2881590b5df 100644 --- a/2017/9xxx/CVE-2017-9101.json +++ b/2017/9xxx/CVE-2017-9101.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42044", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42044/" - }, - { - "name" : "44598", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44598/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44598", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44598/" + }, + { + "name": "42044", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42044/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9247.json b/2017/9xxx/CVE-2017-9247.json index bdf5d04472b..dd5efc27d7b 100644 --- a/2017/9xxx/CVE-2017-9247.json +++ b/2017/9xxx/CVE-2017-9247.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unquoted service path vulnerabilities in Sierra Wireless Windows Mobile Broadband Driver Package (MBDP) with build ID < 4657 allows local users to launch processes with elevated privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.lenovo.com/us/en/product_security/LEN-12739", - "refsource" : "CONFIRM", - "url" : "http://support.lenovo.com/us/en/product_security/LEN-12739" - }, - { - "name" : "https://source.sierrawireless.com/resources/airprime/software/cve-2017-9247-unquoted-service-path-vulnerabilities/", - "refsource" : "CONFIRM", - "url" : "https://source.sierrawireless.com/resources/airprime/software/cve-2017-9247-unquoted-service-path-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unquoted service path vulnerabilities in Sierra Wireless Windows Mobile Broadband Driver Package (MBDP) with build ID < 4657 allows local users to launch processes with elevated privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.sierrawireless.com/resources/airprime/software/cve-2017-9247-unquoted-service-path-vulnerabilities/", + "refsource": "CONFIRM", + "url": "https://source.sierrawireless.com/resources/airprime/software/cve-2017-9247-unquoted-service-path-vulnerabilities/" + }, + { + "name": "http://support.lenovo.com/us/en/product_security/LEN-12739", + "refsource": "CONFIRM", + "url": "http://support.lenovo.com/us/en/product_security/LEN-12739" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9537.json b/2017/9xxx/CVE-2017-9537.json index f3f4319ab91..30f73f3ea2e 100644 --- a/2017/9xxx/CVE-2017-9537.json +++ b/2017/9xxx/CVE-2017-9537.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170929 [CVE-2017-9537] Persistent Cross-Site Scripting Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/541262/100/0/threaded" - }, - { - "name" : "101071", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101071" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20170929 [CVE-2017-9537] Persistent Cross-Site Scripting Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/541262/100/0/threaded" + }, + { + "name": "101071", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101071" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9717.json b/2017/9xxx/CVE-2017-9717.json index 27463003893..c94ffdaff20 100644 --- a/2017/9xxx/CVE-2017-9717.json +++ b/2017/9xxx/CVE-2017-9717.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-10-02T00:00:00", - "ID" : "CVE-2017-9717", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while parsing Netlink attributes, a buffer overread can occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-10-02T00:00:00", + "ID": "CVE-2017-9717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-10-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-10-01" - }, - { - "name" : "101160", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while parsing Netlink attributes, a buffer overread can occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-10-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" + }, + { + "name": "101160", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101160" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0154.json b/2018/0xxx/CVE-2018-0154.json index 5942e25be18..6acbc7ad334 100644 --- a/2018/0xxx/CVE-2018-0154.json +++ b/2018/0xxx/CVE-2018-0154.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient handling of VPN traffic by the affected device. An attacker could exploit this vulnerability by sending crafted VPN traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to hang or crash, resulting in a DoS condition. Cisco Bug IDs: CSCvd39267." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dos", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dos" - }, - { - "name" : "103559", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103559" - }, - { - "name" : "1040585", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient handling of VPN traffic by the affected device. An attacker could exploit this vulnerability by sending crafted VPN traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to hang or crash, resulting in a DoS condition. Cisco Bug IDs: CSCvd39267." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103559", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103559" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dos", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dos" + }, + { + "name": "1040585", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040585" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0631.json b/2018/0xxx/CVE-2018-0631.json index f42780d32b2..bc9aeb8a3e0 100644 --- a/2018/0xxx/CVE-2018-0631.json +++ b/2018/0xxx/CVE-2018-0631.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Aterm W300P", - "version" : { - "version_data" : [ - { - "version_value" : "Ver1.0.13 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "NEC Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Aterm W300P", + "version": { + "version_data": [ + { + "version_value": "Ver1.0.13 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jpn.nec.com/security-info/secinfo/nv18-011.html", - "refsource" : "MISC", - "url" : "https://jpn.nec.com/security-info/secinfo/nv18-011.html" - }, - { - "name" : "JVN#26629618", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN26629618/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jpn.nec.com/security-info/secinfo/nv18-011.html", + "refsource": "MISC", + "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html" + }, + { + "name": "JVN#26629618", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN26629618/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0664.json b/2018/0xxx/CVE-2018-0664.json index acf56b6fcfc..4099cd7d102 100644 --- a/2018/0xxx/CVE-2018-0664.json +++ b/2018/0xxx/CVE-2018-0664.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NoMachine App for Android", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.63 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "NoMachine S.a r.l." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "External Control of Critical State Data" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NoMachine App for Android", + "version": { + "version_data": [ + { + "version_value": "5.0.63 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NoMachine S.a r.l." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.nomachine.com/TR06P08619", - "refsource" : "CONFIRM", - "url" : "https://www.nomachine.com/TR06P08619" - }, - { - "name" : "JVN#14451678", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN14451678/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "External Control of Critical State Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.nomachine.com/TR06P08619", + "refsource": "CONFIRM", + "url": "https://www.nomachine.com/TR06P08619" + }, + { + "name": "JVN#14451678", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN14451678/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0947.json b/2018/0xxx/CVE-2018-0947.json index b0fdd3c21ad..c59ade8233e 100644 --- a/2018/0xxx/CVE-2018-0947.json +++ b/2018/0xxx/CVE-2018-0947.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-03-14T00:00:00", - "ID" : "CVE-2018-0947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft SharePoint", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint Enterprise Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923 and CVE-2018-0944." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-03-14T00:00:00", + "ID": "CVE-2018-0947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint", + "version": { + "version_data": [ + { + "version_value": "Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0947", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0947" - }, - { - "name" : "103306", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103306" - }, - { - "name" : "1040513", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923 and CVE-2018-0944." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0947", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0947" + }, + { + "name": "103306", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103306" + }, + { + "name": "1040513", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040513" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000218.json b/2018/1000xxx/CVE-2018-1000218.json index 6562555fa07..b1900a71222 100644 --- a/2018/1000xxx/CVE-2018-1000218.json +++ b/2018/1000xxx/CVE-2018-1000218.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-08-02T16:41:53.508649", - "DATE_REQUESTED" : "2018-07-24T16:22:06", - "ID" : "CVE-2018-1000218", - "REQUESTER" : "iremembermodems@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OpenEMR", - "version" : { - "version_data" : [ - { - "version_value" : "v5_0_1_4" - } - ] - } - } - ] - }, - "vendor_name" : "OpenEMR" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'file' parameter in line #43 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via The victim must visit on a specially crafted URL.." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-08-02T16:41:53.508649", + "DATE_REQUESTED": "2018-07-24T16:22:06", + "ID": "CVE-2018-1000218", + "REQUESTER": "iremembermodems@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/openemr/openemr/blob/1b495b0b3cd16daf1e5f085145d9e19dea479c7f/interface/fax/fax_view.php#L43", - "refsource" : "MISC", - "url" : "https://github.com/openemr/openemr/blob/1b495b0b3cd16daf1e5f085145d9e19dea479c7f/interface/fax/fax_view.php#L43" - }, - { - "name" : "https://github.com/openemr/openemr/issues/1781", - "refsource" : "CONFIRM", - "url" : "https://github.com/openemr/openemr/issues/1781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'file' parameter in line #43 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via The victim must visit on a specially crafted URL.." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/openemr/openemr/issues/1781", + "refsource": "CONFIRM", + "url": "https://github.com/openemr/openemr/issues/1781" + }, + { + "name": "https://github.com/openemr/openemr/blob/1b495b0b3cd16daf1e5f085145d9e19dea479c7f/interface/fax/fax_view.php#L43", + "refsource": "MISC", + "url": "https://github.com/openemr/openemr/blob/1b495b0b3cd16daf1e5f085145d9e19dea479c7f/interface/fax/fax_view.php#L43" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19057.json b/2018/19xxx/CVE-2018-19057.json index 8c8c0dbc0b7..5728fba6766 100644 --- a/2018/19xxx/CVE-2018-19057.json +++ b/2018/19xxx/CVE-2018-19057.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with [ and ( characters, which is mishandled during construction of an A element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/sparksuite/simplemde-markdown-editor/issues/721", - "refsource" : "MISC", - "url" : "https://github.com/sparksuite/simplemde-markdown-editor/issues/721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with [ and ( characters, which is mishandled during construction of an A element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/sparksuite/simplemde-markdown-editor/issues/721", + "refsource": "MISC", + "url": "https://github.com/sparksuite/simplemde-markdown-editor/issues/721" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19474.json b/2018/19xxx/CVE-2018-19474.json index b28341cf10e..083e4df1b9b 100644 --- a/2018/19xxx/CVE-2018-19474.json +++ b/2018/19xxx/CVE-2018-19474.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19474", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19474", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1491.json b/2018/1xxx/CVE-2018-1491.json index 1f361b59aa8..0d802bc7334 100644 --- a/2018/1xxx/CVE-2018-1491.json +++ b/2018/1xxx/CVE-2018-1491.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1491", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1491", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1947.json b/2018/1xxx/CVE-2018-1947.json index 69281564af6..ac33f82b355 100644 --- a/2018/1xxx/CVE-2018-1947.json +++ b/2018/1xxx/CVE-2018-1947.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-02-18T00:00:00", - "ID" : "CVE-2018-1947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Identity Governance and Intelligence", - "version" : { - "version_data" : [ - { - "version_value" : "5.2" - }, - { - "version_value" : "5.2.1" - }, - { - "version_value" : "5.2.2" - }, - { - "version_value" : "5.2.2.1" - }, - { - "version_value" : "5.2.3" - }, - { - "version_value" : "5.2.3.1" - }, - { - "version_value" : "5.2.3.2" - }, - { - "version_value" : "5.2.4" - }, - { - "version_value" : "5.2.4.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153427." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "N", - "S" : "C", - "SCORE" : "6.100", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-02-18T00:00:00", + "ID": "CVE-2018-1947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Identity Governance and Intelligence", + "version": { + "version_data": [ + { + "version_value": "5.2" + }, + { + "version_value": "5.2.1" + }, + { + "version_value": "5.2.2" + }, + { + "version_value": "5.2.2.1" + }, + { + "version_value": "5.2.3" + }, + { + "version_value": "5.2.3.1" + }, + { + "version_value": "5.2.3.2" + }, + { + "version_value": "5.2.4" + }, + { + "version_value": "5.2.4.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142" - }, - { - "name" : "ibm-sig-cve20181947-xss(153427)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153427." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "N", + "S": "C", + "SCORE": "6.100", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-sig-cve20181947-xss(153427)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153427" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10872142", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10872142" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4101.json b/2018/4xxx/CVE-2018-4101.json index 3efff773aed..f70f7ef8c33 100644 --- a/2018/4xxx/CVE-2018-4101.json +++ b/2018/4xxx/CVE-2018-4101.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208693", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208693" - }, - { - "name" : "https://support.apple.com/HT208694", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208694" - }, - { - "name" : "https://support.apple.com/HT208695", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208695" - }, - { - "name" : "https://support.apple.com/HT208697", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208697" - }, - { - "name" : "https://support.apple.com/HT208698", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208698" - }, - { - "name" : "GLSA-201808-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201808-04" - }, - { - "name" : "USN-3635-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3635-1/" - }, - { - "name" : "1040604", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040604", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040604" + }, + { + "name": "https://support.apple.com/HT208698", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208698" + }, + { + "name": "GLSA-201808-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201808-04" + }, + { + "name": "https://support.apple.com/HT208693", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208693" + }, + { + "name": "https://support.apple.com/HT208694", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208694" + }, + { + "name": "https://support.apple.com/HT208697", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208697" + }, + { + "name": "USN-3635-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3635-1/" + }, + { + "name": "https://support.apple.com/HT208695", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208695" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4314.json b/2018/4xxx/CVE-2018-4314.json index 780e4b19ddf..be329779c9e 100644 --- a/2018/4xxx/CVE-2018-4314.json +++ b/2018/4xxx/CVE-2018-4314.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4314", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4314", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4555.json b/2018/4xxx/CVE-2018-4555.json index 2760f77b107..6e63296d1e1 100644 --- a/2018/4xxx/CVE-2018-4555.json +++ b/2018/4xxx/CVE-2018-4555.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4555", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4555", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4825.json b/2018/4xxx/CVE-2018-4825.json index 097e859b2ea..3876dd1e3e2 100644 --- a/2018/4xxx/CVE-2018-4825.json +++ b/2018/4xxx/CVE-2018-4825.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4825", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4825", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file