diff --git a/2004/0xxx/CVE-2004-0468.json b/2004/0xxx/CVE-2004-0468.json index cdfbd760ad3..b8866c2cddd 100644 --- a/2004/0xxx/CVE-2004-0468.json +++ b/2004/0xxx/CVE-2004-0468.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows remote attackers to cause a denial of service (memory exhaustion and device reboot) via certain IPv6 packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#658859", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/658859" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/JSHA-6253CC", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/JSHA-6253CC" - }, - { - "name" : "http://www.jpcert.or.jp/at/2004/at040009.txt", - "refsource" : "MISC", - "url" : "http://www.jpcert.or.jp/at/2004/at040009.txt" - }, - { - "name" : "juniper-ipv6-dos(16548)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows remote attackers to cause a denial of service (memory exhaustion and device reboot) via certain IPv6 packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.jpcert.or.jp/at/2004/at040009.txt", + "refsource": "MISC", + "url": "http://www.jpcert.or.jp/at/2004/at040009.txt" + }, + { + "name": "VU#658859", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/658859" + }, + { + "name": "juniper-ipv6-dos(16548)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16548" + }, + { + "name": "http://www.kb.cert.org/vuls/id/JSHA-6253CC", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/JSHA-6253CC" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1386.json b/2004/1xxx/CVE-2004-1386.json index a04a96458dd..d376fab5c6b 100644 --- a/2004/1xxx/CVE-2004-1386.json +++ b/2004/1xxx/CVE-2004-1386.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tikiwiki.org/tiki-read_article.php?articleId=97", - "refsource" : "CONFIRM", - "url" : "http://tikiwiki.org/tiki-read_article.php?articleId=97" - }, - { - "name" : "GLSA-200501-12", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-12.xml" - }, - { - "name" : "P-084", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-084.shtml" - }, - { - "name" : "12110", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12110" - }, - { - "name" : "12628", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/12628" - }, - { - "name" : "1012700", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012700" - }, - { - "name" : "tikiwiki-image-command-execution(18691)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18691" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12110", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12110" + }, + { + "name": "http://tikiwiki.org/tiki-read_article.php?articleId=97", + "refsource": "CONFIRM", + "url": "http://tikiwiki.org/tiki-read_article.php?articleId=97" + }, + { + "name": "tikiwiki-image-command-execution(18691)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18691" + }, + { + "name": "GLSA-200501-12", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200501-12.xml" + }, + { + "name": "P-084", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-084.shtml" + }, + { + "name": "1012700", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012700" + }, + { + "name": "12628", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/12628" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1589.json b/2004/1xxx/CVE-2004-1589.json index 266a48f026a..11b0dff392f 100644 --- a/2004/1xxx/CVE-2004-1589.json +++ b/2004/1xxx/CVE-2004-1589.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in GoSmart Message Board allows remote attackers to execute inject web script or HTML via the (1) Category parameter to Forum.asp or (2) MainMessageID parameter to ReplyToQuestion.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041011 [MAxpatrol Security Advisory] Multiple vulnerabilities in GoSmart Message Board", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109751522823011&w=2" - }, - { - "name" : "11361", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11361" - }, - { - "name" : "12790", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12790/" - }, - { - "name" : "gosmart-forum-mainmessageid-xss(17679)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17679" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in GoSmart Message Board allows remote attackers to execute inject web script or HTML via the (1) Category parameter to Forum.asp or (2) MainMessageID parameter to ReplyToQuestion.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gosmart-forum-mainmessageid-xss(17679)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17679" + }, + { + "name": "20041011 [MAxpatrol Security Advisory] Multiple vulnerabilities in GoSmart Message Board", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109751522823011&w=2" + }, + { + "name": "11361", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11361" + }, + { + "name": "12790", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12790/" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1995.json b/2004/1xxx/CVE-2004-1995.json index 2eec657b6a2..c1f0c0b9650 100644 --- a/2004/1xxx/CVE-2004-1995.json +++ b/2004/1xxx/CVE-2004-1995.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1995", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040505 Fuse Talk Vunerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108377423825478&w=2" - }, - { - "name" : "10276", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10276" - }, - { - "name" : "5895", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5895" - }, - { - "name" : "1010080", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010080" - }, - { - "name" : "11555", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11555" - }, - { - "name" : "fusetalk-get-add-users(16080)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040505 Fuse Talk Vunerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108377423825478&w=2" + }, + { + "name": "1010080", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010080" + }, + { + "name": "10276", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10276" + }, + { + "name": "fusetalk-get-add-users(16080)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16080" + }, + { + "name": "5895", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5895" + }, + { + "name": "11555", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11555" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2157.json b/2008/2xxx/CVE-2008-2157.json index c622580f634..f8c38149d70 100644 --- a/2008/2xxx/CVE-2008-2157.json +++ b/2008/2xxx/CVE-2008-2157.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows allows remote attackers to execute arbitrary commands via an unspecified string field in a packet to TCP port 3500." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080527 EMC AlphaStor Library Manager Arbitrary Command Execution Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=703" - }, - { - "name" : "ADV-2008-1670", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1670" - }, - { - "name" : "1020116", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020116" - }, - { - "name" : "30410", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30410" - }, - { - "name" : "alphastor-librarymanager-code-execution(42671)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows allows remote attackers to execute arbitrary commands via an unspecified string field in a packet to TCP port 3500." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080527 EMC AlphaStor Library Manager Arbitrary Command Execution Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=703" + }, + { + "name": "30410", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30410" + }, + { + "name": "1020116", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020116" + }, + { + "name": "ADV-2008-1670", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1670" + }, + { + "name": "alphastor-librarymanager-code-execution(42671)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42671" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2290.json b/2008/2xxx/CVE-2008-2290.json index 78c2aa9c20d..d7be2d928eb 100644 --- a/2008/2xxx/CVE-2008-2290.json +++ b/2008/2xxx/CVE-2008-2290.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Agent user interface in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html" - }, - { - "name" : "HPSBMA02369", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122167472229965&w=2" - }, - { - "name" : "SSRT080115", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122167472229965&w=2" - }, - { - "name" : "29194", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29194" - }, - { - "name" : "1020024", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020024" - }, - { - "name" : "ADV-2008-1542", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1542/references" - }, - { - "name" : "30261", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30261" - }, - { - "name" : "symantec-altiris-interface-priv-escalation(42438)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42438" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Agent user interface in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1542", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1542/references" + }, + { + "name": "SSRT080115", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122167472229965&w=2" + }, + { + "name": "29194", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29194" + }, + { + "name": "HPSBMA02369", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122167472229965&w=2" + }, + { + "name": "symantec-altiris-interface-priv-escalation(42438)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42438" + }, + { + "name": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html" + }, + { + "name": "1020024", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020024" + }, + { + "name": "30261", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30261" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2761.json b/2008/2xxx/CVE-2008-2761.json index 572473b18ce..4814ddddf4c 100644 --- a/2008/2xxx/CVE-2008-2761.json +++ b/2008/2xxx/CVE-2008-2761.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Banner Manager XE 2.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the text parameter in (1) searchbanners.asp and (2) listadvertisers.asp, and other unspecified fields. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080611 Xigla Multiple Products - Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=121322052622903&w=2" - }, - { - "name" : "http://bugreport.ir/index.php?/41", - "refsource" : "MISC", - "url" : "http://bugreport.ir/index.php?/41" - }, - { - "name" : "29672", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29672" - }, - { - "name" : "30641", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30641" - }, - { - "name" : "3950", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3950" - }, - { - "name" : "absolutebanner-searchbanners-xss(43045)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43045" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Banner Manager XE 2.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the text parameter in (1) searchbanners.asp and (2) listadvertisers.asp, and other unspecified fields. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30641", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30641" + }, + { + "name": "http://bugreport.ir/index.php?/41", + "refsource": "MISC", + "url": "http://bugreport.ir/index.php?/41" + }, + { + "name": "29672", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29672" + }, + { + "name": "absolutebanner-searchbanners-xss(43045)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43045" + }, + { + "name": "20080611 Xigla Multiple Products - Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=121322052622903&w=2" + }, + { + "name": "3950", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3950" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3106.json b/2008/3xxx/CVE-2008-3106.json index d057c75a2c5..2a0e1d7b8cc 100644 --- a/2008/3xxx/CVE-2008-3106.json +++ b/2008/3xxx/CVE-2008-3106.json @@ -1,257 +1,257 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=122331139823057&w=2" - }, - { - "name" : "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497041/100/0/threaded" - }, - { - "name" : "http://support.apple.com/kb/HT3179", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3179" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-299.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-299.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm" - }, - { - "name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=751014", - "refsource" : "CONFIRM", - "url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=751014" - }, - { - "name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=756717", - "refsource" : "CONFIRM", - "url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=756717" - }, - { - "name" : "APPLE-SA-2008-09-24", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "RHSA-2008:0594", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0594.html" - }, - { - "name" : "RHSA-2008:0790", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0790.html" - }, - { - "name" : "RHSA-2008:1044", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-1044.html" - }, - { - "name" : "RHSA-2008:1045", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-1045.html" - }, - { - "name" : "RHSA-2008:0906", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0906.html" - }, - { - "name" : "238628", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238628-1" - }, - { - "name" : "SUSE-SA:2008:042", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" - }, - { - "name" : "SUSE-SA:2008:043", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" - }, - { - "name" : "SUSE-SA:2008:045", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" - }, - { - "name" : "TA08-193A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" - }, - { - "name" : "30143", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30143" - }, - { - "name" : "oval:org.mitre.oval:def:10866", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10866" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - }, - { - "name" : "31736", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31736" - }, - { - "name" : "ADV-2008-2056", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2056/references" - }, - { - "name" : "ADV-2008-2740", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2740" - }, - { - "name" : "1020457", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020457" - }, - { - "name" : "31010", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31010" - }, - { - "name" : "31320", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31320" - }, - { - "name" : "31497", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31497" - }, - { - "name" : "31600", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31600" - }, - { - "name" : "32018", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32018" - }, - { - "name" : "32180", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32180" - }, - { - "name" : "32179", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32179" - }, - { - "name" : "32436", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32436" - }, - { - "name" : "33237", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33237" - }, - { - "name" : "33238", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33238" - }, - { - "name" : "sun-jre-xml-unauth-access(43658)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2008:1044", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-1044.html" + }, + { + "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=122331139823057&w=2" + }, + { + "name": "oval:org.mitre.oval:def:10866", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10866" + }, + { + "name": "32436", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32436" + }, + { + "name": "1020457", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020457" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm" + }, + { + "name": "31600", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31600" + }, + { + "name": "SUSE-SA:2008:042", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" + }, + { + "name": "32018", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32018" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "32179", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32179" + }, + { + "name": "ADV-2008-2740", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2740" + }, + { + "name": "31320", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31320" + }, + { + "name": "SUSE-SA:2008:043", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" + }, + { + "name": "APPLE-SA-2008-09-24", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html" + }, + { + "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=756717", + "refsource": "CONFIRM", + "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=756717" + }, + { + "name": "33237", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33237" + }, + { + "name": "ADV-2008-2056", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2056/references" + }, + { + "name": "32180", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32180" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" + }, + { + "name": "31736", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31736" + }, + { + "name": "30143", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30143" + }, + { + "name": "RHSA-2008:0594", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" + }, + { + "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=751014", + "refsource": "CONFIRM", + "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=751014" + }, + { + "name": "31497", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31497" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm" + }, + { + "name": "238628", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238628-1" + }, + { + "name": "RHSA-2008:1045", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-1045.html" + }, + { + "name": "33238", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33238" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-299.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-299.htm" + }, + { + "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" + }, + { + "name": "SUSE-SA:2008:045", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" + }, + { + "name": "RHSA-2008:0790", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" + }, + { + "name": "RHSA-2008:0906", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" + }, + { + "name": "TA08-193A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + }, + { + "name": "http://support.apple.com/kb/HT3179", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3179" + }, + { + "name": "sun-jre-xml-unauth-access(43658)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43658" + }, + { + "name": "31010", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31010" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3296.json b/2008/3xxx/CVE-2008-3296.json index 3847a7d2c48..6b7cfc2bce0 100644 --- a/2008/3xxx/CVE-2008-3296.json +++ b/2008/3xxx/CVE-2008-3296.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "30330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30330" - }, - { - "name" : "xoops-admin-file-include(43966)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "xoops-admin-file-include(43966)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43966" + }, + { + "name": "30330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30330" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3607.json b/2008/3xxx/CVE-2008-3607.json index 6427c0dbc0a..6d7613acca4 100644 --- a/2008/3xxx/CVE-2008-3607.json +++ b/2008/3xxx/CVE-2008-3607.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IMAP server in NoticeWare Email Server NG 4.6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via multiple long LOGIN commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080808 [AJECT] NoticeWare IMAP Email Server 4.6.2 DoS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495259/100/0/threaded" - }, - { - "name" : "30605", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30605" - }, - { - "name" : "4147", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4147" - }, - { - "name" : "noticeware-emailserverng-imap-dos(44378)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44378" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IMAP server in NoticeWare Email Server NG 4.6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via multiple long LOGIN commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "noticeware-emailserverng-imap-dos(44378)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44378" + }, + { + "name": "20080808 [AJECT] NoticeWare IMAP Email Server 4.6.2 DoS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495259/100/0/threaded" + }, + { + "name": "30605", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30605" + }, + { + "name": "4147", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4147" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3904.json b/2008/3xxx/CVE-2008-3904.json index f363b2366d1..324a3e223c2 100644 --- a/2008/3xxx/CVE-2008-3904.json +++ b/2008/3xxx/CVE-2008-3904.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080831 Re: CVE Request (gpicview)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/08/30/1" - }, - { - "name" : "[oss-security] 20080903 Re: CVE Request (gpicview)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/03/1" - }, - { - "name" : "http://lxde.svn.sourceforge.net/viewvc/lxde?view=rev&sortby=date&revision=845", - "refsource" : "CONFIRM", - "url" : "http://lxde.svn.sourceforge.net/viewvc/lxde?view=rev&sortby=date&revision=845" - }, - { - "name" : "gpicview-mainwin-command-execution(45137)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gpicview-mainwin-command-execution(45137)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45137" + }, + { + "name": "[oss-security] 20080903 Re: CVE Request (gpicview)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/03/1" + }, + { + "name": "[oss-security] 20080831 Re: CVE Request (gpicview)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/08/30/1" + }, + { + "name": "http://lxde.svn.sourceforge.net/viewvc/lxde?view=rev&sortby=date&revision=845", + "refsource": "CONFIRM", + "url": "http://lxde.svn.sourceforge.net/viewvc/lxde?view=rev&sortby=date&revision=845" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4131.json b/2008/4xxx/CVE-2008-4131.json index c90e8bf8c44..4e4b085ef3d 100644 --- a/2008/4xxx/CVE-2008-4131.json +++ b/2008/4xxx/CVE-2008-4131.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow local users to gain privileges via vectors related to handling of tags with (1) the -t option and (2) the :tag command in the (a) vi, (b) ex, (c) vedit, (d) view, and (e) edit programs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-387.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-387.htm" - }, - { - "name" : "237987", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237987-1" - }, - { - "name" : "31229", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31229" - }, - { - "name" : "oval:org.mitre.oval:def:5884", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5884" - }, - { - "name" : "ADV-2008-2614", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2614" - }, - { - "name" : "1020898", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020898" - }, - { - "name" : "31895", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31895" - }, - { - "name" : "31907", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31907" - }, - { - "name" : "solaris-tagfiles-code-execution(45218)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow local users to gain privileges via vectors related to handling of tags with (1) the -t option and (2) the :tag command in the (a) vi, (b) ex, (c) vedit, (d) view, and (e) edit programs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31895", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31895" + }, + { + "name": "1020898", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020898" + }, + { + "name": "solaris-tagfiles-code-execution(45218)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45218" + }, + { + "name": "31229", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31229" + }, + { + "name": "ADV-2008-2614", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2614" + }, + { + "name": "237987", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237987-1" + }, + { + "name": "oval:org.mitre.oval:def:5884", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5884" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-387.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-387.htm" + }, + { + "name": "31907", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31907" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4517.json b/2008/4xxx/CVE-2008-4517.json index f3d00fda77f..2c31da071b7 100644 --- a/2008/4xxx/CVE-2008-4517.json +++ b/2008/4xxx/CVE-2008-4517.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6677", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6677" - }, - { - "name" : "31585", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31585" - }, - { - "name" : "4382", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4382" - }, - { - "name" : "geccbblite-leggi-sql-injection(45682)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45682" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "geccbblite-leggi-sql-injection(45682)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45682" + }, + { + "name": "4382", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4382" + }, + { + "name": "31585", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31585" + }, + { + "name": "6677", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6677" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4527.json b/2008/4xxx/CVE-2008-4527.json index 59ca45b8030..c6cb4c35350 100644 --- a/2008/4xxx/CVE-2008-4527.json +++ b/2008/4xxx/CVE-2008-4527.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the kat_id parameter in a kategorier action. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6683", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6683" - }, - { - "name" : "31578", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31578" - }, - { - "name" : "32004", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32004" - }, - { - "name" : "4385", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4385" - }, - { - "name" : "recept-recept-sql-injection(45674)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45674" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the kat_id parameter in a kategorier action. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "recept-recept-sql-injection(45674)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45674" + }, + { + "name": "31578", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31578" + }, + { + "name": "4385", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4385" + }, + { + "name": "32004", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32004" + }, + { + "name": "6683", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6683" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6204.json b/2008/6xxx/CVE-2008-6204.json index db21b92d50f..a8f710118da 100644 --- a/2008/6xxx/CVE-2008-6204.json +++ b/2008/6xxx/CVE-2008-6204.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in SuperNET Shop 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to secure/admin/guncelle.asp, (2) kulad and sifre parameters to secure/admin/giris.asp, and (3) username and password to secure/admin/default.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5409", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5409" - }, - { - "name" : "28709", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28709" - }, - { - "name" : "ADV-2008-1161", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1161/references" - }, - { - "name" : "supernetshop-guncelle-giris-sql-injection(41727)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41727" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in SuperNET Shop 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to secure/admin/guncelle.asp, (2) kulad and sifre parameters to secure/admin/giris.asp, and (3) username and password to secure/admin/default.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1161", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1161/references" + }, + { + "name": "5409", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5409" + }, + { + "name": "supernetshop-guncelle-giris-sql-injection(41727)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41727" + }, + { + "name": "28709", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28709" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6387.json b/2008/6xxx/CVE-2008-6387.json index 37d8d41aee8..77de037d814 100644 --- a/2008/6xxx/CVE-2008-6387.json +++ b/2008/6xxx/CVE-2008-6387.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6387", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quick Tree View .NET 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to qtv.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7303", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7303" - }, - { - "name" : "ADV-2008-3293", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3293" - }, - { - "name" : "quicktreeview-qtv-info-disclosure(46956)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46956" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quick Tree View .NET 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to qtv.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "quicktreeview-qtv-info-disclosure(46956)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46956" + }, + { + "name": "7303", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7303" + }, + { + "name": "ADV-2008-3293", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3293" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6628.json b/2008/6xxx/CVE-2008-6628.json index 03f108409ff..9af5765979e 100644 --- a/2008/6xxx/CVE-2008-6628.json +++ b/2008/6xxx/CVE-2008-6628.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6628", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-6268. Reason: This candidate is a duplicate of CVE-2008-6268. Notes: All CVE users should reference CVE-2008-6268 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-6628", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-6268. Reason: This candidate is a duplicate of CVE-2008-6268. Notes: All CVE users should reference CVE-2008-6268 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6819.json b/2008/6xxx/CVE-2008-6819.json index 9cdcf3a72c5..48773b3dfec 100644 --- a/2008/6xxx/CVE-2008-6819.json +++ b/2008/6xxx/CVE-2008-6819.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugtraq.ru/cgi-bin/forum.mcgi?type=sb&b=2&m=152274", - "refsource" : "MISC", - "url" : "http://bugtraq.ru/cgi-bin/forum.mcgi?type=sb&b=2&m=152274" - }, - { - "name" : "http://www.securityfocus.com/data/vulnerabilities/exploits/35121.c", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/data/vulnerabilities/exploits/35121.c" - }, - { - "name" : "35121", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35121", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35121" + }, + { + "name": "http://bugtraq.ru/cgi-bin/forum.mcgi?type=sb&b=2&m=152274", + "refsource": "MISC", + "url": "http://bugtraq.ru/cgi-bin/forum.mcgi?type=sb&b=2&m=152274" + }, + { + "name": "http://www.securityfocus.com/data/vulnerabilities/exploits/35121.c", + "refsource": "MISC", + "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/35121.c" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2090.json b/2013/2xxx/CVE-2013-2090.json index 2b92bf9d3de..7256d3c828a 100644 --- a/2013/2xxx/CVE-2013-2090.json +++ b/2013/2xxx/CVE-2013-2090.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/121635/Ruby-Gem-Creme-Fraiche-0.6-Command-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/121635/Ruby-Gem-Creme-Fraiche-0.6-Command-Injection.html" - }, - { - "name" : "http://www.vapid.dhs.org/advisories/cremefraiche-cmd-inj.html", - "refsource" : "MISC", - "url" : "http://www.vapid.dhs.org/advisories/cremefraiche-cmd-inj.html" - }, - { - "name" : "93395", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/93395" - }, - { - "name" : "53391", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53391" - }, - { - "name" : "cremefraiche-ruby-cve20132090-command-exec(84271)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84271" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cremefraiche-ruby-cve20132090-command-exec(84271)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84271" + }, + { + "name": "http://www.vapid.dhs.org/advisories/cremefraiche-cmd-inj.html", + "refsource": "MISC", + "url": "http://www.vapid.dhs.org/advisories/cremefraiche-cmd-inj.html" + }, + { + "name": "53391", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53391" + }, + { + "name": "http://packetstormsecurity.com/files/121635/Ruby-Gem-Creme-Fraiche-0.6-Command-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/121635/Ruby-Gem-Creme-Fraiche-0.6-Command-Injection.html" + }, + { + "name": "93395", + "refsource": "OSVDB", + "url": "http://osvdb.org/93395" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2220.json b/2013/2xxx/CVE-2013-2220.json index a5b9dd09fee..b3a3833004a 100644 --- a/2013/2xxx/CVE-2013-2220.json +++ b/2013/2xxx/CVE-2013-2220.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714362", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714362" - }, - { - "name" : "http://pecl.php.net/package/radius/1.2.7", - "refsource" : "CONFIRM", - "url" : "http://pecl.php.net/package/radius/1.2.7" - }, - { - "name" : "https://github.com/LawnGnome/php-radius/commit/13c149b051f82b709e8d7cc32111e84b49d57234", - "refsource" : "CONFIRM", - "url" : "https://github.com/LawnGnome/php-radius/commit/13c149b051f82b709e8d7cc32111e84b49d57234" - }, - { - "name" : "DSA-2726", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714362", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714362" + }, + { + "name": "https://github.com/LawnGnome/php-radius/commit/13c149b051f82b709e8d7cc32111e84b49d57234", + "refsource": "CONFIRM", + "url": "https://github.com/LawnGnome/php-radius/commit/13c149b051f82b709e8d7cc32111e84b49d57234" + }, + { + "name": "DSA-2726", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2726" + }, + { + "name": "http://pecl.php.net/package/radius/1.2.7", + "refsource": "CONFIRM", + "url": "http://pecl.php.net/package/radius/1.2.7" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2612.json b/2013/2xxx/CVE-2013-2612.json index f14d6d66841..71c17348a76 100644 --- a/2013/2xxx/CVE-2013-2612.json +++ b/2013/2xxx/CVE-2013-2612.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2612", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2612", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2748.json b/2013/2xxx/CVE-2013-2748.json index b2acec272b1..3a099aa21a3 100644 --- a/2013/2xxx/CVE-2013-2748.json +++ b/2013/2xxx/CVE-2013-2748.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2748", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2748", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2776.json b/2013/2xxx/CVE-2013-2776.json index 81cb27f1298..db1012d9237 100644 --- a/2013/2xxx/CVE-2013-2776.json +++ b/2013/2xxx/CVE-2013-2776.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130227 Re: CVE request: potential bypass of sudo tty_tickets constraints", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/27/31" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=916365", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=916365" - }, - { - "name" : "http://www.sudo.ws/repos/sudo/rev/049a12a5cc14", - "refsource" : "CONFIRM", - "url" : "http://www.sudo.ws/repos/sudo/rev/049a12a5cc14" - }, - { - "name" : "http://www.sudo.ws/repos/sudo/rev/0c0283d1fafa", - "refsource" : "CONFIRM", - "url" : "http://www.sudo.ws/repos/sudo/rev/0c0283d1fafa" - }, - { - "name" : "http://www.sudo.ws/sudo/alerts/tty_tickets.html", - "refsource" : "CONFIRM", - "url" : "http://www.sudo.ws/sudo/alerts/tty_tickets.html" - }, - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "DSA-2642", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2642" - }, - { - "name" : "RHSA-2013:1353", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1353.html" - }, - { - "name" : "RHSA-2013:1701", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1701.html" - }, - { - "name" : "SSA:2013-065-01", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440" - }, - { - "name" : "58207", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58207" - }, - { - "name" : "62741", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62741" - }, - { - "name" : "sudo-ttytickets-sec-bypass(82453)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "http://www.sudo.ws/repos/sudo/rev/049a12a5cc14", + "refsource": "CONFIRM", + "url": "http://www.sudo.ws/repos/sudo/rev/049a12a5cc14" + }, + { + "name": "58207", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58207" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839" + }, + { + "name": "RHSA-2013:1701", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1701.html" + }, + { + "name": "DSA-2642", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2642" + }, + { + "name": "[oss-security] 20130227 Re: CVE request: potential bypass of sudo tty_tickets constraints", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/27/31" + }, + { + "name": "http://www.sudo.ws/repos/sudo/rev/0c0283d1fafa", + "refsource": "CONFIRM", + "url": "http://www.sudo.ws/repos/sudo/rev/0c0283d1fafa" + }, + { + "name": "http://www.sudo.ws/sudo/alerts/tty_tickets.html", + "refsource": "CONFIRM", + "url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "SSA:2013-065-01", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023" + }, + { + "name": "62741", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62741" + }, + { + "name": "RHSA-2013:1353", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=916365", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365" + }, + { + "name": "sudo-ttytickets-sec-bypass(82453)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2978.json b/2013/2xxx/CVE-2013-2978.json index 7552b809bbd..58ec9332660 100644 --- a/2013/2xxx/CVE-2013-2978.json +++ b/2013/2xxx/CVE-2013-2978.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2978", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Report Author privilege, a different vulnerability than CVE-2013-2988." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-2978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21645566", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21645566" - }, - { - "name" : "cognosbi-cve20132978-reportauthor-bypass(83971)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83971" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Report Author privilege, a different vulnerability than CVE-2013-2988." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21645566", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21645566" + }, + { + "name": "cognosbi-cve20132978-reportauthor-bypass(83971)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83971" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11118.json b/2017/11xxx/CVE-2017-11118.json index fc82fe38b2e..33578963cf7 100644 --- a/2017/11xxx/CVE-2017-11118.json +++ b/2017/11xxx/CVE-2017-11118.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ExifImageFile::readImage function in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted jpg file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Jul/77", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jul/77" - }, - { - "name" : "https://sourceforge.net/p/openexif/bugs/18/", - "refsource" : "MISC", - "url" : "https://sourceforge.net/p/openexif/bugs/18/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ExifImageFile::readImage function in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted jpg file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/openexif/bugs/18/", + "refsource": "MISC", + "url": "https://sourceforge.net/p/openexif/bugs/18/" + }, + { + "name": "http://seclists.org/fulldisclosure/2017/Jul/77", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Jul/77" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11217.json b/2017/11xxx/CVE-2017-11217.json index a328c316404..3a96691c95f 100644 --- a/2017/11xxx/CVE-2017-11217.json +++ b/2017/11xxx/CVE-2017-11217.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-11217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Acrobat Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2017.009.20058 and earlier" - }, - { - "version_value" : "2017.008.30051 and earlier" - }, - { - "version_value" : "2015.006.30306 and earlier" - }, - { - "version_value" : "11.0.20 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe Systems Incorporated" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing of Unicode text strings. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-11217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_value": "2017.009.20058 and earlier" + }, + { + "version_value": "2017.008.30051 and earlier" + }, + { + "version_value": "2015.006.30306 and earlier" + }, + { + "version_value": "11.0.20 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Adobe Systems Incorporated" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" - }, - { - "name" : "100184", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100184" - }, - { - "name" : "1039098", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing of Unicode text strings. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100184", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100184" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" + }, + { + "name": "1039098", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039098" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11382.json b/2017/11xxx/CVE-2017-11382.json index ff21a6f01b6..07a4d824f73 100644 --- a/2017/11xxx/CVE-2017-11382.json +++ b/2017/11xxx/CVE-2017-11382.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "DATE_PUBLIC" : "2017-07-20T00:00:00", - "ID" : "CVE-2017-11382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Deep Discovery Email Inspector", - "version" : { - "version_data" : [ - { - "version_value" : "2.5.1" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. Formerly ZDI-CAN-4350." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "DATE_PUBLIC": "2017-07-20T00:00:00", + "ID": "CVE-2017-11382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Deep Discovery Email Inspector", + "version": { + "version_data": [ + { + "version_value": "2.5.1" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-503", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-503" - }, - { - "name" : "https://success.trendmicro.com/solution/1116750", - "refsource" : "MISC", - "url" : "https://success.trendmicro.com/solution/1116750" - }, - { - "name" : "100076", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. Formerly ZDI-CAN-4350." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-503", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-503" + }, + { + "name": "100076", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100076" + }, + { + "name": "https://success.trendmicro.com/solution/1116750", + "refsource": "MISC", + "url": "https://success.trendmicro.com/solution/1116750" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11521.json b/2017/11xxx/CVE-2017-11521.json index 0863f3636ed..e27378844bf 100644 --- a/2017/11xxx/CVE-2017-11521.json +++ b/2017/11xxx/CVE-2017-11521.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[security] 20170806 SDP Parser: out-of-memory condition (CVE-2017-11521)", - "refsource" : "MLIST", - "url" : "https://list.resiprocate.org/archive/resiprocate-users/msg02701.html" - }, - { - "name" : "[debian-lts-announce] 20180724 [SECURITY] [DLA 1439-1] resiprocate security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00031.html" - }, - { - "name" : "https://github.com/resiprocate/resiprocate/pull/88", - "refsource" : "CONFIRM", - "url" : "https://github.com/resiprocate/resiprocate/pull/88" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[security] 20170806 SDP Parser: out-of-memory condition (CVE-2017-11521)", + "refsource": "MLIST", + "url": "https://list.resiprocate.org/archive/resiprocate-users/msg02701.html" + }, + { + "name": "[debian-lts-announce] 20180724 [SECURITY] [DLA 1439-1] resiprocate security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00031.html" + }, + { + "name": "https://github.com/resiprocate/resiprocate/pull/88", + "refsource": "CONFIRM", + "url": "https://github.com/resiprocate/resiprocate/pull/88" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11594.json b/2017/11xxx/CVE-2017-11594.json index 5a9be15daf6..7feb6b81c0b 100644 --- a/2017/11xxx/CVE-2017-11594.json +++ b/2017/11xxx/CVE-2017-11594.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/loomio/loomio/commit/63973f71e337ead8ca7b7ae2a043b837032dc3fe", - "refsource" : "CONFIRM", - "url" : "https://github.com/loomio/loomio/commit/63973f71e337ead8ca7b7ae2a043b837032dc3fe" - }, - { - "name" : "https://github.com/loomio/loomio/issues/4220", - "refsource" : "CONFIRM", - "url" : "https://github.com/loomio/loomio/issues/4220" - }, - { - "name" : "https://github.com/loomio/loomio/releases/tag/1.8.0", - "refsource" : "CONFIRM", - "url" : "https://github.com/loomio/loomio/releases/tag/1.8.0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/loomio/loomio/issues/4220", + "refsource": "CONFIRM", + "url": "https://github.com/loomio/loomio/issues/4220" + }, + { + "name": "https://github.com/loomio/loomio/releases/tag/1.8.0", + "refsource": "CONFIRM", + "url": "https://github.com/loomio/loomio/releases/tag/1.8.0" + }, + { + "name": "https://github.com/loomio/loomio/commit/63973f71e337ead8ca7b7ae2a043b837032dc3fe", + "refsource": "CONFIRM", + "url": "https://github.com/loomio/loomio/commit/63973f71e337ead8ca7b7ae2a043b837032dc3fe" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14165.json b/2017/14xxx/CVE-2017-14165.json index d63560e6f83..6eb640613d8 100644 --- a/2017/14xxx/CVE-2017-14165.json +++ b/2017/14xxx/CVE-2017-14165.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/493da54370aa", - "refsource" : "MISC", - "url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/493da54370aa" - }, - { - "name" : "https://blogs.gentoo.org/ago/2017/09/06/graphicsmagick-memory-allocation-failure-in-magickmalloc-memory-c-2/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/09/06/graphicsmagick-memory-allocation-failure-in-magickmalloc-memory-c-2/" - }, - { - "name" : "100678", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100678" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/09/06/graphicsmagick-memory-allocation-failure-in-magickmalloc-memory-c-2/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/09/06/graphicsmagick-memory-allocation-failure-in-magickmalloc-memory-c-2/" + }, + { + "name": "100678", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100678" + }, + { + "name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/493da54370aa", + "refsource": "MISC", + "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/493da54370aa" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14359.json b/2017/14xxx/CVE-2017-14359.json index 279891c1ac4..ac8fe09e986 100644 --- a/2017/14xxx/CVE-2017-14359.json +++ b/2017/14xxx/CVE-2017-14359.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "ID" : "CVE-2017-14359", - "STATE" : "PUBLIC", - "TITLE" : "MFSBGN03788 rev.1 - HPE Performance Center, Remote Cross-Site Scripting (XSS)" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HPE Performance Center", - "version" : { - "version_data" : [ - { - "version_value" : "12.20" - } - ] - } - } - ] - }, - "vendor_name" : "Micro Focus" - } - ] - } - }, - "credit" : [ - "Micro Focus would like to thank Pawel Bartunek for reporting this issue to security-alert@hpe.com" - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2017-14359", + "STATE": "PUBLIC", + "TITLE": "MFSBGN03788 rev.1 - HPE Performance Center, Remote Cross-Site Scripting (XSS)" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HPE Performance Center", + "version": { + "version_data": [ + { + "version_value": "12.20" + } + ] + } + } + ] + }, + "vendor_name": "Micro Focus" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02996754", - "refsource" : "CONFIRM", - "url" : "https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02996754" - }, - { - "name" : "101659", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101659" - } - ] - } -} + } + }, + "credit": [ + "Micro Focus would like to thank Pawel Bartunek for reporting this issue to security-alert@hpe.com" + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02996754", + "refsource": "CONFIRM", + "url": "https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02996754" + }, + { + "name": "101659", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101659" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14371.json b/2017/14xxx/CVE-2017-14371.json index 873c77293b5..20abc759fa6 100644 --- a/2017/14xxx/CVE-2017-14371.json +++ b/2017/14xxx/CVE-2017-14371.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-14371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RSA Archer GRC Platform prior to 6.2.0.5", - "version" : { - "version_data" : [ - { - "version_value" : "RSA Archer GRC Platform prior to 6.2.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Reflected Cross Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-14371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RSA Archer GRC Platform prior to 6.2.0.5", + "version": { + "version_data": [ + { + "version_value": "RSA Archer GRC Platform prior to 6.2.0.5" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Oct/12", - "refsource" : "CONFIRM", - "url" : "http://seclists.org/fulldisclosure/2017/Oct/12" - }, - { - "name" : "101195", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101195" - }, - { - "name" : "1039518", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039518" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected Cross Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101195", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101195" + }, + { + "name": "1039518", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039518" + }, + { + "name": "http://seclists.org/fulldisclosure/2017/Oct/12", + "refsource": "CONFIRM", + "url": "http://seclists.org/fulldisclosure/2017/Oct/12" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14694.json b/2017/14xxx/CVE-2017-14694.json index dbdbe70cd89..c3f4d2530aa 100644 --- a/2017/14xxx/CVE-2017-14694.json +++ b/2017/14xxx/CVE-2017-14694.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14694", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 and earlier, when running in single instance mode, allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to \"Data from Faulting Address controls Code Flow starting at tiptsf!CPenInputPanel::FinalRelease+0x000000000000002f.\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14694", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14694" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - }, - { - "name" : "101009", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101009" - }, - { - "name" : "1040038", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 and earlier, when running in single instance mode, allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to \"Data from Faulting Address controls Code Flow starting at tiptsf!CPenInputPanel::FinalRelease+0x000000000000002f.\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040038", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040038" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "101009", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101009" + }, + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14694", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14694" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14771.json b/2017/14xxx/CVE-2017-14771.json index 6875387b797..f882c429f61 100644 --- a/2017/14xxx/CVE-2017-14771.json +++ b/2017/14xxx/CVE-2017-14771.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can upload an arbitrary file and overwrite existing files within the scope of the affected application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://lp.skyboxsecurity.com/rs/440-MPQ-510/images/Skybox_Product_Security_Advisory_9_28_17.pdf", - "refsource" : "CONFIRM", - "url" : "https://lp.skyboxsecurity.com/rs/440-MPQ-510/images/Skybox_Product_Security_Advisory_9_28_17.pdf" - }, - { - "name" : "101069", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101069" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can upload an arbitrary file and overwrite existing files within the scope of the affected application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://lp.skyboxsecurity.com/rs/440-MPQ-510/images/Skybox_Product_Security_Advisory_9_28_17.pdf", + "refsource": "CONFIRM", + "url": "https://lp.skyboxsecurity.com/rs/440-MPQ-510/images/Skybox_Product_Security_Advisory_9_28_17.pdf" + }, + { + "name": "101069", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101069" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14806.json b/2017/14xxx/CVE-2017-14806.json index cc042e6b3cd..fa1c3900fd6 100644 --- a/2017/14xxx/CVE-2017-14806.json +++ b/2017/14xxx/CVE-2017-14806.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14806", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14806", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15351.json b/2017/15xxx/CVE-2017-15351.json index 438e77331e8..aadcbe7b5d6 100644 --- a/2017/15xxx/CVE-2017-15351.json +++ b/2017/15xxx/CVE-2017-15351.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-15351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Honor V9 play", - "version" : { - "version_data" : [ - { - "version_value" : "Versions earlier than Jimmy-AL00AC00B135" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "authentication bypass" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-15351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Honor V9 play", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than Jimmy-AL00AC00B135" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-smartphone-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15365.json b/2017/15xxx/CVE-2017-15365.json index 8795028b635..78274a60bca 100644 --- a/2017/15xxx/CVE-2017-15365.json +++ b/2017/15xxx/CVE-2017-15365.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15365", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15365", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1524234", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1524234" - }, - { - "name" : "https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e", - "refsource" : "CONFIRM", - "url" : "https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e" - }, - { - "name" : "https://mariadb.com/kb/en/library/mariadb-10130-release-notes/", - "refsource" : "CONFIRM", - "url" : "https://mariadb.com/kb/en/library/mariadb-10130-release-notes/" - }, - { - "name" : "https://mariadb.com/kb/en/library/mariadb-10210-release-notes/", - "refsource" : "CONFIRM", - "url" : "https://mariadb.com/kb/en/library/mariadb-10210-release-notes/" - }, - { - "name" : "https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/", - "refsource" : "CONFIRM", - "url" : "https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/" - }, - { - "name" : "https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html", - "refsource" : "CONFIRM", - "url" : "https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html" - }, - { - "name" : "DSA-4341", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4341" - }, - { - "name" : "FEDORA-2018-0d6a80f496", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e", + "refsource": "CONFIRM", + "url": "https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e" + }, + { + "name": "DSA-4341", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4341" + }, + { + "name": "https://mariadb.com/kb/en/library/mariadb-10210-release-notes/", + "refsource": "CONFIRM", + "url": "https://mariadb.com/kb/en/library/mariadb-10210-release-notes/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1524234", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524234" + }, + { + "name": "https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html", + "refsource": "CONFIRM", + "url": "https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html" + }, + { + "name": "FEDORA-2018-0d6a80f496", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/" + }, + { + "name": "https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/", + "refsource": "CONFIRM", + "url": "https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/" + }, + { + "name": "https://mariadb.com/kb/en/library/mariadb-10130-release-notes/", + "refsource": "CONFIRM", + "url": "https://mariadb.com/kb/en/library/mariadb-10130-release-notes/" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15474.json b/2017/15xxx/CVE-2017-15474.json index 2e27a79931e..8e159d6ff75 100644 --- a/2017/15xxx/CVE-2017-15474.json +++ b/2017/15xxx/CVE-2017-15474.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15474", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15474", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15809.json b/2017/15xxx/CVE-2017-15809.json index 741d57402c6..ee491ae4393 100644 --- a/2017/15xxx/CVE-2017-15809.json +++ b/2017/15xxx/CVE-2017-15809.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/thorsten/phpMyFAQ/commit/cb648f0d5690b81647dd5c9efe942ebf6cce7da9", - "refsource" : "CONFIRM", - "url" : "https://github.com/thorsten/phpMyFAQ/commit/cb648f0d5690b81647dd5c9efe942ebf6cce7da9" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/thorsten/phpMyFAQ/commit/cb648f0d5690b81647dd5c9efe942ebf6cce7da9", + "refsource": "CONFIRM", + "url": "https://github.com/thorsten/phpMyFAQ/commit/cb648f0d5690b81647dd5c9efe942ebf6cce7da9" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15860.json b/2017/15xxx/CVE-2017-15860.json index eebe3492aea..d9292dd7058 100644 --- a/2017/15xxx/CVE-2017-15860.json +++ b/2017/15xxx/CVE-2017-15860.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-02-05T00:00:00", - "ID" : "CVE-2017-15860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Stack-based Buffer Overflow in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-02-05T00:00:00", + "ID": "CVE-2017-15860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-02-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-02-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-02-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-02-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15919.json b/2017/15xxx/CVE-2017-15919.json index 967001c36e4..87ed110c56a 100644 --- a/2017/15xxx/CVE-2017-15919.json +++ b/2017/15xxx/CVE-2017-15919.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wordpress.org/plugins/ultimate-form-builder-lite/#developers", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/ultimate-form-builder-lite/#developers" - }, - { - "name" : "https://www.wordfence.com/blog/2017/10/zero-day-vulnerability-ultimate-form-builder-lite/", - "refsource" : "MISC", - "url" : "https://www.wordfence.com/blog/2017/10/zero-day-vulnerability-ultimate-form-builder-lite/" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8935", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8935" - }, - { - "name" : "101604", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wordfence.com/blog/2017/10/zero-day-vulnerability-ultimate-form-builder-lite/", + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2017/10/zero-day-vulnerability-ultimate-form-builder-lite/" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8935", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8935" + }, + { + "name": "101604", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101604" + }, + { + "name": "https://wordpress.org/plugins/ultimate-form-builder-lite/#developers", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/ultimate-form-builder-lite/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9180.json b/2017/9xxx/CVE-2017-9180.json index dd35a07c305..270a9653b53 100644 --- a/2017/9xxx/CVE-2017-9180.json +++ b/2017/9xxx/CVE-2017-9180.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:440:14." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/" - }, - { - "name" : "98679", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98679" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:440:14." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98679", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98679" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9935.json b/2017/9xxx/CVE-2017-9935.json index dc30986be6a..6c5e7151fad 100644 --- a/2017/9xxx/CVE-2017-9935.json +++ b/2017/9xxx/CVE-2017-9935.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171213 [SECURITY] [DLA 1206-1] tiff security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00008.html" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2704", - "refsource" : "MISC", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2704" - }, - { - "name" : "DSA-4100", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4100" - }, - { - "name" : "USN-3606-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3606-1/" - }, - { - "name" : "99296", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3606-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3606-1/" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2704", + "refsource": "MISC", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2704" + }, + { + "name": "[debian-lts-announce] 20171213 [SECURITY] [DLA 1206-1] tiff security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00008.html" + }, + { + "name": "99296", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99296" + }, + { + "name": "DSA-4100", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4100" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0412.json b/2018/0xxx/CVE-2018-0412.json index 1f88570e4df..98ea52934de 100644 --- a/2018/0xxx/CVE-2018-0412.json +++ b/2018/0xxx/CVE-2018-0412.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-08-15T00:00:00", - "ID" : "CVE-2018-0412", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Small Business 100 Series Wireless Access Points", - "version" : { - "version_data" : [ - { - "version_value" : "unspecified" - } - ] - } - }, - { - "product_name" : "Small Business 300 Series Wireless Access Points", - "version" : { - "version_data" : [ - { - "version_value" : "unspecified" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco Systems, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of the encryption algorithm that is used between an authenticator (access point) and a supplicant (Wi-Fi client). The vulnerability is due to the improper processing of certain EAPOL messages that are received during the Wi-Fi handshake process. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between a supplicant and an authenticator and manipulating an EAPOL message exchange to force usage of a WPA-TKIP cipher instead of the more secure AES-CCMP cipher. A successful exploit could allow the attacker to conduct subsequent cryptographic attacks, which could lead to the disclosure of confidential information. Cisco Bug IDs: CSCvj29229." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-310" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-08-15T00:00:00", + "ID": "CVE-2018-0412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Small Business 100 Series Wireless Access Points", + "version": { + "version_data": [ + { + "version_value": "unspecified" + } + ] + } + }, + { + "product_name": "Small Business 300 Series Wireless Access Points", + "version": { + "version_data": [ + { + "version_value": "unspecified" + } + ] + } + } + ] + }, + "vendor_name": "Cisco Systems, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180815 Cisco Small Business 100 Series and 300 Series Wireless Access Points Encryption Algorithm Downgrade Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-sb-wap-encrypt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of the encryption algorithm that is used between an authenticator (access point) and a supplicant (Wi-Fi client). The vulnerability is due to the improper processing of certain EAPOL messages that are received during the Wi-Fi handshake process. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between a supplicant and an authenticator and manipulating an EAPOL message exchange to force usage of a WPA-TKIP cipher instead of the more secure AES-CCMP cipher. A successful exploit could allow the attacker to conduct subsequent cryptographic attacks, which could lead to the disclosure of confidential information. Cisco Bug IDs: CSCvj29229." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-310" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180815 Cisco Small Business 100 Series and 300 Series Wireless Access Points Encryption Algorithm Downgrade Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-sb-wap-encrypt" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0649.json b/2018/0xxx/CVE-2018-0649.json index ea6e121ddbd..f01493ca7fb 100644 --- a/2018/0xxx/CVE-2018-0649.json +++ b/2018/0xxx/CVE-2018-0649.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "The installers of multiple Canon IT Solutions Inc. software programs", - "version" : { - "version_data" : [ - { - "version_value" : "(ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones))" - } - ] - } - } - ] - }, - "vendor_name" : "Canon IT Solutions Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "The installers of multiple Canon IT Solutions Inc. software programs", + "version": { + "version_data": [ + { + "version_value": "(ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones))" + } + ] + } + } + ] + }, + "vendor_name": "Canon IT Solutions Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://eset-support.canon-its.jp/faq/show/10720?site_domain=default", - "refsource" : "CONFIRM", - "url" : "https://eset-support.canon-its.jp/faq/show/10720?site_domain=default" - }, - { - "name" : "JVN#41452671", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN41452671/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#41452671", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN41452671/index.html" + }, + { + "name": "https://eset-support.canon-its.jp/faq/show/10720?site_domain=default", + "refsource": "CONFIRM", + "url": "https://eset-support.canon-its.jp/faq/show/10720?site_domain=default" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0897.json b/2018/0xxx/CVE-2018-0897.json index 1465748042d..e055c442000 100644 --- a/2018/0xxx/CVE-2018-0897.json +++ b/2018/0xxx/CVE-2018-0897.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-03-14T00:00:00", - "ID" : "CVE-2018-0897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows kernel", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-03-14T00:00:00", + "ID": "CVE-2018-0897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows kernel", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44310", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44310/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0897", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0897" - }, - { - "name" : "103241", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103241" - }, - { - "name" : "1040517", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0897", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0897" + }, + { + "name": "1040517", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040517" + }, + { + "name": "103241", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103241" + }, + { + "name": "44310", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44310/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000014.json b/2018/1000xxx/CVE-2018-1000014.json index ff6a76372a0..d580d769c04 100644 --- a/2018/1000xxx/CVE-2018-1000014.json +++ b/2018/1000xxx/CVE-2018-1000014.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2018-01-22", - "ID" : "CVE-2018-1000014", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Translation Assistance Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "1.15 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins Translation Assistance Plugin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Request Forgery" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-01-22", + "ID": "CVE-2018-1000014", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-01-22/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-01-22/" - }, - { - "name" : "102809", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-01-22/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-01-22/" + }, + { + "name": "102809", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102809" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000102.json b/2018/1000xxx/CVE-2018-1000102.json index 8d125171846..012f4cb09a0 100644 --- a/2018/1000xxx/CVE-2018-1000102.json +++ b/2018/1000xxx/CVE-2018-1000102.json @@ -1,20 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_ASSIGNED" : "2018-02-09", - "ID" : "CVE-2018-1000102", - "REQUESTER" : "kurt@seifried.org", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-1000067. Reason: This candidate is a reservation duplicate of CVE-2018-1000067. Notes: All CVE users should reference CVE-2018-1000067 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-1000102", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-1000067. Reason: This candidate is a reservation duplicate of CVE-2018-1000067. Notes: All CVE users should reference CVE-2018-1000067 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000535.json b/2018/1000xxx/CVE-2018-1000535.json index 5cfbcf1e7c1..fc0cec3c978 100644 --- a/2018/1000xxx/CVE-2018-1000535.json +++ b/2018/1000xxx/CVE-2018-1000535.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-06-23T11:22:32.997049", - "DATE_REQUESTED" : "2018-06-01T15:44:46", - "ID" : "CVE-2018-1000535", - "REQUESTER" : "sajeeb@0dd.zone", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "lms", - "version" : { - "version_data" : [ - { - "version_value" : "<= LMS_011123" - } - ] - } - } - ] - }, - "vendor_name" : "lms" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. This attack appear to be exploitable via GET parameter. This vulnerability appears to have been fixed in after commit 254765e." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Local File Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-06-23T11:22:32.997049", + "DATE_REQUESTED": "2018-06-01T15:44:46", + "ID": "CVE-2018-1000535", + "REQUESTER": "sajeeb@0dd.zone", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://0dd.zone/2018/06/01/LMS-Local-File-Disclosure/", - "refsource" : "MISC", - "url" : "https://0dd.zone/2018/06/01/LMS-Local-File-Disclosure/" - }, - { - "name" : "https://github.com/lmsgit/lms/issues/1271", - "refsource" : "MISC", - "url" : "https://github.com/lmsgit/lms/issues/1271" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. This attack appear to be exploitable via GET parameter. This vulnerability appears to have been fixed in after commit 254765e." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/lmsgit/lms/issues/1271", + "refsource": "MISC", + "url": "https://github.com/lmsgit/lms/issues/1271" + }, + { + "name": "https://0dd.zone/2018/06/01/LMS-Local-File-Disclosure/", + "refsource": "MISC", + "url": "https://0dd.zone/2018/06/01/LMS-Local-File-Disclosure/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000663.json b/2018/1000xxx/CVE-2018-1000663.json index 6320e0c28a0..b0be6de5f9e 100644 --- a/2018/1000xxx/CVE-2018-1000663.json +++ b/2018/1000xxx/CVE-2018-1000663.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-09-03T16:07:16.972937", - "DATE_REQUESTED" : "2018-08-21T09:40:58", - "ID" : "CVE-2018-1000663", - "REQUESTER" : "m.dominiak@samsung.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "jsish", - "version" : { - "version_data" : [ - { - "version_value" : "2.4.70 2.047" - } - ] - } - } - ] - }, - "vendor_name" : "jsish" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in function _jsi_evalcode from jsiEval.c that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-09-03T16:07:16.972937", + "DATE_REQUESTED": "2018-08-21T09:40:58", + "ID": "CVE-2018-1000663", + "REQUESTER": "m.dominiak@samsung.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jsish.org/fossil/jsi/tktview/c253f6d80c9018d841e857b69e7ad6436ed95cb9", - "refsource" : "CONFIRM", - "url" : "https://jsish.org/fossil/jsi/tktview/c253f6d80c9018d841e857b69e7ad6436ed95cb9" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in function _jsi_evalcode from jsiEval.c that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jsish.org/fossil/jsi/tktview/c253f6d80c9018d841e857b69e7ad6436ed95cb9", + "refsource": "CONFIRM", + "url": "https://jsish.org/fossil/jsi/tktview/c253f6d80c9018d841e857b69e7ad6436ed95cb9" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12095.json b/2018/12xxx/CVE-2018-12095.json index 540ccf8e37c..ef35a7bab58 100644 --- a/2018/12xxx/CVE-2018-12095.json +++ b/2018/12xxx/CVE-2018-12095.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44895", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44895/" - }, - { - "name" : "https://cxsecurity.com/issue/WLB-2018060092", - "refsource" : "MISC", - "url" : "https://cxsecurity.com/issue/WLB-2018060092" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cxsecurity.com/issue/WLB-2018060092", + "refsource": "MISC", + "url": "https://cxsecurity.com/issue/WLB-2018060092" + }, + { + "name": "44895", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44895/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12208.json b/2018/12xxx/CVE-2018-12208.json index 087239ee6c7..c2488ec1760 100644 --- a/2018/12xxx/CVE-2018-12208.json +++ b/2018/12xxx/CVE-2018-12208.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2019-03-12T00:00:00", - "ID" : "CVE-2018-12208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel(R) CSME, Server Platform Services, Trusted Execution Engine and Intel(R) Active Management Technology", - "version" : { - "version_data" : [ - { - "version_value" : "Multiple versions." - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel(R) TXE version before 3.1.60 or 4.0.10, or Intel(R) Server Platform Services before version 5.00.04.012 may allow an unauthenticated user to potentially execute arbitrary code via physical access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2019-03-12T00:00:00", + "ID": "CVE-2018-12208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel(R) CSME, Server Platform Services, Trusted Execution Engine and Intel(R) Active Management Technology", + "version": { + "version_data": [ + { + "version_value": "Multiple versions." + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel(R) TXE version before 3.1.60 or 4.0.10, or Intel(R) Server Platform Services before version 5.00.04.012 may allow an unauthenticated user to potentially execute arbitrary code via physical access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12561.json b/2018/12xxx/CVE-2018-12561.json index 6e68282bdb2..c7cdff53bb8 100644 --- a/2018/12xxx/CVE-2018-12561.json +++ b/2018/12xxx/CVE-2018-12561.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating (for example) the domain parameter of the samba URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openwall.com/lists/oss-security/2018/06/18/1", - "refsource" : "MISC", - "url" : "http://www.openwall.com/lists/oss-security/2018/06/18/1" - }, - { - "name" : "https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3", - "refsource" : "MISC", - "url" : "https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating (for example) the domain parameter of the samba URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3", + "refsource": "MISC", + "url": "https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3" + }, + { + "name": "http://www.openwall.com/lists/oss-security/2018/06/18/1", + "refsource": "MISC", + "url": "http://www.openwall.com/lists/oss-security/2018/06/18/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13395.json b/2018/13xxx/CVE-2018-13395.json index 13a91620026..f1aee74f3e9 100644 --- a/2018/13xxx/CVE-2018-13395.json +++ b/2018/13xxx/CVE-2018-13395.json @@ -1,104 +1,104 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-08-27T00:00:00", - "ID" : "CVE-2018-13395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jira", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "7.6.8" - }, - { - "version_affected" : ">=", - "version_value" : "7.7.0" - }, - { - "version_affected" : "<", - "version_value" : "7.7.5" - }, - { - "version_affected" : ">=", - "version_value" : "7.8.0" - }, - { - "version_affected" : "<", - "version_value" : "7.8.5" - }, - { - "version_affected" : ">=", - "version_value" : "7.9.0" - }, - { - "version_affected" : "<", - "version_value" : "7.9.3" - }, - { - "version_affected" : ">=", - "version_value" : "7.10.0" - }, - { - "version_affected" : "<", - "version_value" : "7.10.3" - }, - { - "version_affected" : ">=", - "version_value" : "7.11.0" - }, - { - "version_affected" : "<", - "version_value" : "7.11.1" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the epic colour field of an issue while an issue is being moved." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-08-27T00:00:00", + "ID": "CVE-2018-13395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.6.8" + }, + { + "version_affected": ">=", + "version_value": "7.7.0" + }, + { + "version_affected": "<", + "version_value": "7.7.5" + }, + { + "version_affected": ">=", + "version_value": "7.8.0" + }, + { + "version_affected": "<", + "version_value": "7.8.5" + }, + { + "version_affected": ">=", + "version_value": "7.9.0" + }, + { + "version_affected": "<", + "version_value": "7.9.3" + }, + { + "version_affected": ">=", + "version_value": "7.10.0" + }, + { + "version_affected": "<", + "version_value": "7.10.3" + }, + { + "version_affected": ">=", + "version_value": "7.11.0" + }, + { + "version_affected": "<", + "version_value": "7.11.1" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/JRASERVER-67848", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/JRASERVER-67848" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the epic colour field of an issue while an issue is being moved." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.atlassian.com/browse/JRASERVER-67848", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/JRASERVER-67848" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16017.json b/2018/16xxx/CVE-2018-16017.json index b86fbde3155..bb4c08d2685 100644 --- a/2018/16xxx/CVE-2018-16017.json +++ b/2018/16xxx/CVE-2018-16017.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-16017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-16017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" - }, - { - "name" : "106162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106162" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16050.json b/2018/16xxx/CVE-2018-16050.json index 57025710452..95246901490 100644 --- a/2018/16xxx/CVE-2018-16050.json +++ b/2018/16xxx/CVE-2018-16050.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/", - "refsource" : "CONFIRM", - "url" : "https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/" - }, - { - "name" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/49085", - "refsource" : "CONFIRM", - "url" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/49085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/49085", + "refsource": "CONFIRM", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/49085" + }, + { + "name": "https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/", + "refsource": "CONFIRM", + "url": "https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16252.json b/2018/16xxx/CVE-2018-16252.json index 68447a9c91c..a0138a3bee7 100644 --- a/2018/16xxx/CVE-2018-16252.json +++ b/2018/16xxx/CVE-2018-16252.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FsPro Labs Event Log Explorer 4.6.1.2115 has \".elx\" FileType XML External Entity Injection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45319", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45319/" - }, - { - "name" : "http://hyp3rlinx.altervista.org/advisories/FSPRO-LABS-EVENT-LOG-EXPLORER-XML-INJECTION-INFO-DISCLOSURE.txt", - "refsource" : "MISC", - "url" : "http://hyp3rlinx.altervista.org/advisories/FSPRO-LABS-EVENT-LOG-EXPLORER-XML-INJECTION-INFO-DISCLOSURE.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/149195/FsPro-Labs-Event-Log-Explorer-4.6.1.2115-XML-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/149195/FsPro-Labs-Event-Log-Explorer-4.6.1.2115-XML-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FsPro Labs Event Log Explorer 4.6.1.2115 has \".elx\" FileType XML External Entity Injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hyp3rlinx.altervista.org/advisories/FSPRO-LABS-EVENT-LOG-EXPLORER-XML-INJECTION-INFO-DISCLOSURE.txt", + "refsource": "MISC", + "url": "http://hyp3rlinx.altervista.org/advisories/FSPRO-LABS-EVENT-LOG-EXPLORER-XML-INJECTION-INFO-DISCLOSURE.txt" + }, + { + "name": "45319", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45319/" + }, + { + "name": "http://packetstormsecurity.com/files/149195/FsPro-Labs-Event-Log-Explorer-4.6.1.2115-XML-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/149195/FsPro-Labs-Event-Log-Explorer-4.6.1.2115-XML-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16773.json b/2018/16xxx/CVE-2018-16773.json index c7cf0c99f48..34347227336 100644 --- a/2018/16xxx/CVE-2018-16773.json +++ b/2018/16xxx/CVE-2018-16773.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/teameasy/EasyCMS/issues/6", - "refsource" : "MISC", - "url" : "https://github.com/teameasy/EasyCMS/issues/6" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/teameasy/EasyCMS/issues/6", + "refsource": "MISC", + "url": "https://github.com/teameasy/EasyCMS/issues/6" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4612.json b/2018/4xxx/CVE-2018-4612.json index 72788dae8ad..274b0e720df 100644 --- a/2018/4xxx/CVE-2018-4612.json +++ b/2018/4xxx/CVE-2018-4612.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4612", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4612", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4643.json b/2018/4xxx/CVE-2018-4643.json index 0fd56f49d09..2f345a27b90 100644 --- a/2018/4xxx/CVE-2018-4643.json +++ b/2018/4xxx/CVE-2018-4643.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4643", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4643", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4840.json b/2018/4xxx/CVE-2018-4840.json index bfaebb7d2e1..c4507d4fd16 100644 --- a/2018/4xxx/CVE-2018-4840.json +++ b/2018/4xxx/CVE-2018-4840.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "DATE_PUBLIC" : "2018-03-08T00:00:00", - "ID" : "CVE-2018-4840", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DIGSI 4, EN100 Ethernet module IEC 61850 variant, EN100 Ethernet module PROFINET IO variant, EN100 Ethernet module Modbus TCP variant, EN100 Ethernet module DNP3 variant, EN100 Ethernet module IEC 104 variant", - "version" : { - "version_data" : [ - { - "version_value" : "DIGSI 4 : All versions < V4.92" - }, - { - "version_value" : "EN100 Ethernet module IEC 61850 variant : All versions < V4.30" - }, - { - "version_value" : "EN100 Ethernet module PROFINET IO variant : All versions" - }, - { - "version_value" : "EN100 Ethernet module Modbus TCP variant : All versions" - }, - { - "version_value" : "EN100 Ethernet module DNP3 variant : All versions" - }, - { - "version_value" : "EN100 Ethernet module IEC 104 variant : All versions" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in Siemens DIGSI 4 (All versions < V4.92), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 104 variant (All versions). The device engineering mechanism allows an unauthenticated remote user to upload a modified device configuration overwriting access authorization passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-306: Missing Authentication for Critical Function" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "DATE_PUBLIC": "2018-03-08T00:00:00", + "ID": "CVE-2018-4840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DIGSI 4, EN100 Ethernet module IEC 61850 variant, EN100 Ethernet module PROFINET IO variant, EN100 Ethernet module Modbus TCP variant, EN100 Ethernet module DNP3 variant, EN100 Ethernet module IEC 104 variant", + "version": { + "version_data": [ + { + "version_value": "DIGSI 4 : All versions < V4.92" + }, + { + "version_value": "EN100 Ethernet module IEC 61850 variant : All versions < V4.30" + }, + { + "version_value": "EN100 Ethernet module PROFINET IO variant : All versions" + }, + { + "version_value": "EN100 Ethernet module Modbus TCP variant : All versions" + }, + { + "version_value": "EN100 Ethernet module DNP3 variant : All versions" + }, + { + "version_value": "EN100 Ethernet module IEC 104 variant : All versions" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in Siemens DIGSI 4 (All versions < V4.92), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 104 variant (All versions). The device engineering mechanism allows an unauthenticated remote user to upload a modified device configuration overwriting access authorization passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf" + } + ] + } +} \ No newline at end of file