diff --git a/2004/1xxx/CVE-2004-1170.json b/2004/1xxx/CVE-2004-1170.json index 46deb266df7..dc01a347213 100644 --- a/2004/1xxx/CVE-2004-1170.json +++ b/2004/1xxx/CVE-2004-1170.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040824 a2ps executing shell commands from file name", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1026.html" - }, - { - "name" : "FLSA:152870", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/419765/100/0/threaded" - }, - { - "name" : "MDKSA-2004:140", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:140" - }, - { - "name" : "57649", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57649-1&searchclause=" - }, - { - "name" : "SUSE-SA:2004:034", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html" - }, - { - "name" : "http://bugs.debian.org/283134", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/283134" - }, - { - "name" : "OpenPKG-SA-2005.003", - "refsource" : "OPENPKG", - "url" : "http://marc.info/?l=bugtraq&m=110598355226660&w=2" - }, - { - "name" : "12375", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12375" - }, - { - "name" : "http://www.securiteam.com/unixfocus/5MP0N2KDPA.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/unixfocus/5MP0N2KDPA.html" - }, - { - "name" : "11025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11025" - }, - { - "name" : "gnu-a2ps-gain-privileges(17127)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17127" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/283134", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/283134" + }, + { + "name": "20040824 a2ps executing shell commands from file name", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1026.html" + }, + { + "name": "OpenPKG-SA-2005.003", + "refsource": "OPENPKG", + "url": "http://marc.info/?l=bugtraq&m=110598355226660&w=2" + }, + { + "name": "SUSE-SA:2004:034", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html" + }, + { + "name": "http://www.securiteam.com/unixfocus/5MP0N2KDPA.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/unixfocus/5MP0N2KDPA.html" + }, + { + "name": "FLSA:152870", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/419765/100/0/threaded" + }, + { + "name": "57649", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57649-1&searchclause=" + }, + { + "name": "12375", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12375" + }, + { + "name": "gnu-a2ps-gain-privileges(17127)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17127" + }, + { + "name": "MDKSA-2004:140", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:140" + }, + { + "name": "11025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11025" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1194.json b/2004/1xxx/CVE-2004-1194.json index 19f9129803c..423c3eeffee 100644 --- a/2004/1xxx/CVE-2004-1194.json +++ b/2004/1xxx/CVE-2004-1194.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Star Wars Battlefront 1.11 and earlier allows remote attackers to cause a denial of service (application crash) via a long nickname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041124 Limited buffer-overflow and arbitrary memory access in Star Wars", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110132227932050&w=2" - }, - { - "name" : "11750", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11750" - }, - { - "name" : "star-wars-nickname-bo(18256)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18256" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Star Wars Battlefront 1.11 and earlier allows remote attackers to cause a denial of service (application crash) via a long nickname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11750", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11750" + }, + { + "name": "20041124 Limited buffer-overflow and arbitrary memory access in Star Wars", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110132227932050&w=2" + }, + { + "name": "star-wars-nickname-bo(18256)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18256" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1324.json b/2004/1xxx/CVE-2004-1324.json index 3f58e38f221..266cee37766 100644 --- a/2004/1xxx/CVE-2004-1324.json +++ b/2004/1xxx/CVE-2004-1324.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041218 MS Windows Media Player 9 Vulns (2)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110352518211306&w=2" - }, - { - "name" : "12031", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12031" - }, - { - "name" : "mediaplayer-mp3-code-execution(18576)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18576" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041218 MS Windows Media Player 9 Vulns (2)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110352518211306&w=2" + }, + { + "name": "mediaplayer-mp3-code-execution(18576)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18576" + }, + { + "name": "12031", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12031" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1837.json b/2004/1xxx/CVE-2004-1837.json index 1753582c396..4a740d32cca 100644 --- a/2004/1xxx/CVE-2004-1837.json +++ b/2004/1xxx/CVE-2004-1837.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before 3.0.16-pre2 and 3.2.x before 3.2.0-pre4 allows remote attackers to inject arbitrary web script or HTML via the certain survey fields or error messages for malformed query strings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040322 Mod_Survey security advisory: Script injection bug", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107997967421972&w=2" - }, - { - "name" : "9941", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9941" - }, - { - "name" : "1009516", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009516" - }, - { - "name" : "modsurvey-xss(15582)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15582" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before 3.0.16-pre2 and 3.2.x before 3.2.0-pre4 allows remote attackers to inject arbitrary web script or HTML via the certain survey fields or error messages for malformed query strings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040322 Mod_Survey security advisory: Script injection bug", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107997967421972&w=2" + }, + { + "name": "9941", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9941" + }, + { + "name": "modsurvey-xss(15582)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15582" + }, + { + "name": "1009516", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009516" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0021.json b/2008/0xxx/CVE-2008-0021.json index 5b957147b72..6cea810e6c8 100644 --- a/2008/0xxx/CVE-2008-0021.json +++ b/2008/0xxx/CVE-2008-0021.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0021", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0021", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0416.json b/2008/0xxx/CVE-2008-0416.json index d4ac3dcc8f4..cf964bc103e 100644 --- a/2008/0xxx/CVE-2008-0416.json +++ b/2008/0xxx/CVE-2008-0416.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) \"zero-length non-ASCII sequences\" in certain Asian character sets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-0416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=404252,381412,407161", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=404252,381412,407161" - }, - { - "name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-13.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-13.html" - }, - { - "name" : "DSA-1484", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1484" - }, - { - "name" : "DSA-1485", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1485" - }, - { - "name" : "DSA-1489", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1489" - }, - { - "name" : "GLSA-200805-18", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml" - }, - { - "name" : "239546", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1" - }, - { - "name" : "238492", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1" - }, - { - "name" : "TLSA-2008-9", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.com/security/2008/TLSA-2008-9.txt" - }, - { - "name" : "USN-576-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/576-1/" - }, - { - "name" : "USN-592-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-592-1" - }, - { - "name" : "TA08-087A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-087A.html" - }, - { - "name" : "JVN#21563357", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN21563357/index.html" - }, - { - "name" : "JVNDB-2008-000021", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000021.html" - }, - { - "name" : "29303", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29303" - }, - { - "name" : "ADV-2008-2091", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2091/references" - }, - { - "name" : "ADV-2008-1793", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1793/references" - }, - { - "name" : "28839", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28839" - }, - { - "name" : "28864", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28864" - }, - { - "name" : "28865", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28865" - }, - { - "name" : "28879", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28879" - }, - { - "name" : "29541", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29541" - }, - { - "name" : "30327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30327" - }, - { - "name" : "31043", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31043" - }, - { - "name" : "30620", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30620" - }, - { - "name" : "firefox-character-encoding-xss(40488)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40488" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) \"zero-length non-ASCII sequences\" in certain Asian character sets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TLSA-2008-9", + "refsource": "TURBO", + "url": "http://www.turbolinux.com/security/2008/TLSA-2008-9.txt" + }, + { + "name": "29541", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29541" + }, + { + "name": "firefox-character-encoding-xss(40488)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40488" + }, + { + "name": "JVNDB-2008-000021", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000021.html" + }, + { + "name": "30620", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30620" + }, + { + "name": "28865", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28865" + }, + { + "name": "28879", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28879" + }, + { + "name": "30327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30327" + }, + { + "name": "238492", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1" + }, + { + "name": "USN-592-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-592-1" + }, + { + "name": "DSA-1489", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1489" + }, + { + "name": "239546", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1" + }, + { + "name": "28864", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28864" + }, + { + "name": "DSA-1485", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1485" + }, + { + "name": "ADV-2008-1793", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1793/references" + }, + { + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=404252,381412,407161", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=404252,381412,407161" + }, + { + "name": "ADV-2008-2091", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2091/references" + }, + { + "name": "JVN#21563357", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN21563357/index.html" + }, + { + "name": "TA08-087A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-087A.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-13.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-13.html" + }, + { + "name": "DSA-1484", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1484" + }, + { + "name": "29303", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29303" + }, + { + "name": "GLSA-200805-18", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml" + }, + { + "name": "31043", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31043" + }, + { + "name": "28839", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28839" + }, + { + "name": "USN-576-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/576-1/" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0515.json b/2008/0xxx/CVE-2008-0515.json index 52abf574857..9598fa15152 100644 --- a/2008/0xxx/CVE-2008-0515.json +++ b/2008/0xxx/CVE-2008-0515.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in the musepoes (com_musepoes) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5011", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5011" - }, - { - "name" : "27507", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27507" - }, - { - "name" : "ADV-2008-0358", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0358" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in the musepoes (com_musepoes) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0358", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0358" + }, + { + "name": "5011", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5011" + }, + { + "name": "27507", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27507" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3165.json b/2008/3xxx/CVE-2008-3165.json index 257de347d77..918e2f3159f 100644 --- a/2008/3xxx/CVE-2008-3165.json +++ b/2008/3xxx/CVE-2008-3165.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in rss.php in fuzzylime (cms) 3.01a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter, as demonstrated using content.php, a different vector than CVE-2007-4805." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6009", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6009" - }, - { - "name" : "30103", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30103" - }, - { - "name" : "30930", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30930" - }, - { - "name" : "3995", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3995" - }, - { - "name" : "fuzzylimecms-content-command-execution(43606)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43606" - }, - { - "name" : "fuzzylimecms-rss-file-include(43605)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43605" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in rss.php in fuzzylime (cms) 3.01a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter, as demonstrated using content.php, a different vector than CVE-2007-4805." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30103", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30103" + }, + { + "name": "fuzzylimecms-rss-file-include(43605)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43605" + }, + { + "name": "3995", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3995" + }, + { + "name": "6009", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6009" + }, + { + "name": "fuzzylimecms-content-command-execution(43606)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43606" + }, + { + "name": "30930", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30930" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3262.json b/2008/3xxx/CVE-2008-3262.json index 1a4eb17a9fc..8f70ef7489c 100644 --- a/2008/3xxx/CVE-2008-3262.json +++ b/2008/3xxx/CVE-2008-3262.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Claroline before 1.8.10 allows remote attackers to change passwords, related to lack of a requirement for the previous password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080718 [DSECRG-08-030] Claroline 1.8.9 Multiple Security Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494539/100/0/threaded" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=613634", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=613634" - }, - { - "name" : "http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.9_and_1.8.10", - "refsource" : "CONFIRM", - "url" : "http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.9_and_1.8.10" - }, - { - "name" : "31116", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31116" - }, - { - "name" : "4020", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4020" - }, - { - "name" : "claroline-unknown-unspecified(43854)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43854" - }, - { - "name" : "claroline-unspecified-csrf(43974)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43974" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Claroline before 1.8.10 allows remote attackers to change passwords, related to lack of a requirement for the previous password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080718 [DSECRG-08-030] Claroline 1.8.9 Multiple Security Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494539/100/0/threaded" + }, + { + "name": "4020", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4020" + }, + { + "name": "claroline-unspecified-csrf(43974)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43974" + }, + { + "name": "claroline-unknown-unspecified(43854)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43854" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=613634", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=613634" + }, + { + "name": "http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.9_and_1.8.10", + "refsource": "CONFIRM", + "url": "http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.9_and_1.8.10" + }, + { + "name": "31116", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31116" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3682.json b/2008/3xxx/CVE-2008-3682.json index f9400e3c859..27b6cb43116 100644 --- a/2008/3xxx/CVE-2008-3682.json +++ b/2008/3xxx/CVE-2008-3682.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3682", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in dpage.php in YPN PHP Realty allows remote attackers to execute arbitrary SQL commands via the docID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstorm.linuxsecurity.com/0808-exploits/phprealty-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstorm.linuxsecurity.com/0808-exploits/phprealty-sql.txt" - }, - { - "name" : "30678", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30678" - }, - { - "name" : "31484", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31484" - }, - { - "name" : "phprealty-dpage-sql-injection(44431)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in dpage.php in YPN PHP Realty allows remote attackers to execute arbitrary SQL commands via the docID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstorm.linuxsecurity.com/0808-exploits/phprealty-sql.txt", + "refsource": "MISC", + "url": "http://packetstorm.linuxsecurity.com/0808-exploits/phprealty-sql.txt" + }, + { + "name": "30678", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30678" + }, + { + "name": "phprealty-dpage-sql-injection(44431)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44431" + }, + { + "name": "31484", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31484" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3847.json b/2008/3xxx/CVE-2008-3847.json index 6d0ba628dc3..4effb637f5d 100644 --- a/2008/3xxx/CVE-2008-3847.json +++ b/2008/3xxx/CVE-2008-3847.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in AN Guestbook (ANG) before 0.7.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=860304", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=860304" - }, - { - "name" : "30830", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30830" - }, - { - "name" : "31608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31608" - }, - { - "name" : "anguestbook-unspecified-xss(44671)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in AN Guestbook (ANG) before 0.7.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "anguestbook-unspecified-xss(44671)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44671" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=860304", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=860304" + }, + { + "name": "30830", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30830" + }, + { + "name": "31608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31608" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4066.json b/2008/4xxx/CVE-2008-4066.json index 599b4bd33c9..3b79545eec2 100644 --- a/2008/4xxx/CVE-2008-4066.json +++ b/2008/4xxx/CVE-2008-4066.json @@ -1,277 +1,277 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a \"jav�ascript\" sequence, aka \"HTML escaped low surrogates bug.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-4066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/bluehat/archive/2008/08/14/targeted-fuzzing.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/bluehat/archive/2008/08/14/targeted-fuzzing.aspx" - }, - { - "name" : "http://www.thespanner.co.uk/2008/06/30/javascript-protocol-fuzz-results/", - "refsource" : "MISC", - "url" : "http://www.thespanner.co.uk/2008/06/30/javascript-protocol-fuzz-results/" - }, - { - "name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-43.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-43.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=448166", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=448166" - }, - { - "name" : "http://download.novell.com/Download?buildid=WZXONb-tqBw~", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=WZXONb-tqBw~" - }, - { - "name" : "DSA-1669", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1669" - }, - { - "name" : "DSA-1649", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1649" - }, - { - "name" : "FEDORA-2008-8401", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html" - }, - { - "name" : "FEDORA-2008-8429", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html" - }, - { - "name" : "MDVSA-2008:205", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:205" - }, - { - "name" : "MDVSA-2008:206", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:206" - }, - { - "name" : "RHSA-2008:0908", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0908.html" - }, - { - "name" : "RHSA-2008:0882", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0882.html" - }, - { - "name" : "SSA:2008-269-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232" - }, - { - "name" : "SSA:2008-269-02", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422" - }, - { - "name" : "SSA:2008-270-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123" - }, - { - "name" : "256408", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" - }, - { - "name" : "SUSE-SA:2008:050", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html" - }, - { - "name" : "USN-647-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-647-1" - }, - { - "name" : "USN-645-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-645-1" - }, - { - "name" : "USN-645-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-645-2" - }, - { - "name" : "JVN#96950482", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN96950482/index.html" - }, - { - "name" : "JVNDB-2011-000058", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000058.html" - }, - { - "name" : "31346", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31346" - }, - { - "name" : "oval:org.mitre.oval:def:8880", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8880" - }, - { - "name" : "34501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34501" - }, - { - "name" : "32185", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32185" - }, - { - "name" : "32196", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32196" - }, - { - "name" : "ADV-2008-2661", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2661" - }, - { - "name" : "1020920", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020920" - }, - { - "name" : "32042", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32042" - }, - { - "name" : "32025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32025" - }, - { - "name" : "32092", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32092" - }, - { - "name" : "32144", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32144" - }, - { - "name" : "32044", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32044" - }, - { - "name" : "32082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32082" - }, - { - "name" : "32845", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32845" - }, - { - "name" : "31984", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31984" - }, - { - "name" : "31985", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31985" - }, - { - "name" : "32007", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32007" - }, - { - "name" : "32010", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32010" - }, - { - "name" : "32012", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32012" - }, - { - "name" : "ADV-2009-0977", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0977" - }, - { - "name" : "firefox-htmlparser-security-bypass(45358)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45358" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a \"jav�ascript\" sequence, aka \"HTML escaped low surrogates bug.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-43.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-43.html" + }, + { + "name": "32025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32025" + }, + { + "name": "SSA:2008-269-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232" + }, + { + "name": "oval:org.mitre.oval:def:8880", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8880" + }, + { + "name": "1020920", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020920" + }, + { + "name": "JVNDB-2011-000058", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000058.html" + }, + { + "name": "FEDORA-2008-8401", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html" + }, + { + "name": "USN-645-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-645-1" + }, + { + "name": "http://www.thespanner.co.uk/2008/06/30/javascript-protocol-fuzz-results/", + "refsource": "MISC", + "url": "http://www.thespanner.co.uk/2008/06/30/javascript-protocol-fuzz-results/" + }, + { + "name": "MDVSA-2008:206", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:206" + }, + { + "name": "32144", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32144" + }, + { + "name": "32010", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32010" + }, + { + "name": "ADV-2009-0977", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0977" + }, + { + "name": "USN-645-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-645-2" + }, + { + "name": "31346", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31346" + }, + { + "name": "31985", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31985" + }, + { + "name": "SUSE-SA:2008:050", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html" + }, + { + "name": "31984", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31984" + }, + { + "name": "32185", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32185" + }, + { + "name": "32196", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32196" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=448166", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=448166" + }, + { + "name": "firefox-htmlparser-security-bypass(45358)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45358" + }, + { + "name": "DSA-1669", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1669" + }, + { + "name": "32042", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32042" + }, + { + "name": "ADV-2008-2661", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2661" + }, + { + "name": "SSA:2008-269-02", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422" + }, + { + "name": "256408", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" + }, + { + "name": "32092", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32092" + }, + { + "name": "MDVSA-2008:205", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:205" + }, + { + "name": "http://download.novell.com/Download?buildid=WZXONb-tqBw~", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=WZXONb-tqBw~" + }, + { + "name": "FEDORA-2008-8429", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html" + }, + { + "name": "JVN#96950482", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN96950482/index.html" + }, + { + "name": "USN-647-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-647-1" + }, + { + "name": "32007", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32007" + }, + { + "name": "RHSA-2008:0882", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0882.html" + }, + { + "name": "32845", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32845" + }, + { + "name": "http://blogs.technet.com/bluehat/archive/2008/08/14/targeted-fuzzing.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/bluehat/archive/2008/08/14/targeted-fuzzing.aspx" + }, + { + "name": "DSA-1649", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1649" + }, + { + "name": "32012", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32012" + }, + { + "name": "SSA:2008-270-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123" + }, + { + "name": "32044", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32044" + }, + { + "name": "RHSA-2008:0908", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0908.html" + }, + { + "name": "34501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34501" + }, + { + "name": "32082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32082" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4597.json b/2008/4xxx/CVE-2008-4597.json index 930b8bbbbc3..a6dd506fc09 100644 --- a/2008/4xxx/CVE-2008-4597.json +++ b/2008/4xxx/CVE-2008-4597.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Shindig-Integrator 5.x, a module for Drupal, does not properly restrict generated page access, which allows remote attackers to gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/321758", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/321758" - }, - { - "name" : "32285", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32285" - }, - { - "name" : "shindigintegrator-unspec-priv-escalation(46069)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46069" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Shindig-Integrator 5.x, a module for Drupal, does not properly restrict generated page access, which allows remote attackers to gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32285", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32285" + }, + { + "name": "http://drupal.org/node/321758", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/321758" + }, + { + "name": "shindigintegrator-unspec-priv-escalation(46069)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46069" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4715.json b/2008/4xxx/CVE-2008-4715.json index 89a17ff5a42..b14e98c76dc 100644 --- a/2008/4xxx/CVE-2008-4715.json +++ b/2008/4xxx/CVE-2008-4715.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Jpad (com_jpad) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5493", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5493" - }, - { - "name" : "28923", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28923" - }, - { - "name" : "4485", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4485" - }, - { - "name" : "jpad-index-sql-injection(41983)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41983" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Jpad (com_jpad) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jpad-index-sql-injection(41983)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41983" + }, + { + "name": "28923", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28923" + }, + { + "name": "5493", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5493" + }, + { + "name": "4485", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4485" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6543.json b/2008/6xxx/CVE-2008-6543.json index 2cbef2e3407..609133c17f0 100644 --- a/2008/6xxx/CVE-2008-6543.json +++ b/2008/6xxx/CVE-2008-6543.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in ComScripts TEAM Quick Classifieds 1.0 via the DOCUMENT_ROOT parameter to (1) index.php3, (2) locate.php3, (3) search_results.php3, (4) classifieds/index.php3, and (5) classifieds/view.php3; (6) index.php3, (7) manager.php3, (8) pass.php3, (9) remember.php3 (10) sign-up.php3, (11) update.php3, (12) userSet.php3, and (13) verify.php3 in controlcenter/; (14) alterCats.php3, (15) alterFeatured.php3, (16) alterHomepage.php3, (17) alterNews.php3, (18) alterTheme.php3, (19) color_help.php3, (20) createdb.php3, (21) createFeatured.php3, (22) createHomepage.php3, (23) createL.php3, (24) createM.php3, (25) createNews.php3, (26) createP.php3, (27) createS.php3, (28) createT.php3, (29) index.php3, (30) mailadmin.php3, and (31) setUp.php3 in controlpannel/; (32) include/sendit.php3 and (33) include/sendit2.php3; and possibly (34) include/adminHead.inc, (35) include/usersHead.inc, and (36) style/default.scheme.inc." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/bid/28417/exploit", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/bid/28417/exploit" - }, - { - "name" : "28417", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28417" - }, - { - "name" : "quickclassifieds-documentroot-file-include(42469)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in ComScripts TEAM Quick Classifieds 1.0 via the DOCUMENT_ROOT parameter to (1) index.php3, (2) locate.php3, (3) search_results.php3, (4) classifieds/index.php3, and (5) classifieds/view.php3; (6) index.php3, (7) manager.php3, (8) pass.php3, (9) remember.php3 (10) sign-up.php3, (11) update.php3, (12) userSet.php3, and (13) verify.php3 in controlcenter/; (14) alterCats.php3, (15) alterFeatured.php3, (16) alterHomepage.php3, (17) alterNews.php3, (18) alterTheme.php3, (19) color_help.php3, (20) createdb.php3, (21) createFeatured.php3, (22) createHomepage.php3, (23) createL.php3, (24) createM.php3, (25) createNews.php3, (26) createP.php3, (27) createS.php3, (28) createT.php3, (29) index.php3, (30) mailadmin.php3, and (31) setUp.php3 in controlpannel/; (32) include/sendit.php3 and (33) include/sendit2.php3; and possibly (34) include/adminHead.inc, (35) include/usersHead.inc, and (36) style/default.scheme.inc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "quickclassifieds-documentroot-file-include(42469)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42469" + }, + { + "name": "http://www.securityfocus.com/bid/28417/exploit", + "refsource": "MISC", + "url": "http://www.securityfocus.com/bid/28417/exploit" + }, + { + "name": "28417", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28417" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6568.json b/2008/6xxx/CVE-2008-6568.json index 18acf1cafe6..84e24d82457 100644 --- a/2008/6xxx/CVE-2008-6568.json +++ b/2008/6xxx/CVE-2008-6568.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in Yehe 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the envoyer feature. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "28355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28355" - }, - { - "name" : "yehe-envoyer-file-upload(42279)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42279" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in Yehe 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the envoyer feature. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "yehe-envoyer-file-upload(42279)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42279" + }, + { + "name": "28355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28355" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2380.json b/2013/2xxx/CVE-2013-2380.json index a07af9ba4f3..835d293f6c4 100644 --- a/2013/2xxx/CVE-2013-2380.json +++ b/2013/2xxx/CVE-2013-2380.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware R27.7.4 and earlier and R28.2.6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this might be a duplicate of CVE-2013-1537 and CVE-2013-2415. If so, then CVE-2013-2380 might be REJECTed in the future." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-2380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware R27.7.4 and earlier and R28.2.6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this might be a duplicate of CVE-2013-1537 and CVE-2013-2415. If so, then CVE-2013-2380 might be REJECTed in the future." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2523.json b/2013/2xxx/CVE-2013-2523.json index 3058a83567c..82ac8e7512d 100644 --- a/2013/2xxx/CVE-2013-2523.json +++ b/2013/2xxx/CVE-2013-2523.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2523", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2523", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2781.json b/2013/2xxx/CVE-2013-2781.json index deca4116805..850583fa07f 100644 --- a/2013/2xxx/CVE-2013-2781.json +++ b/2013/2xxx/CVE-2013-2781.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the server application in 3S CODESYS Gateway 2.3.9.27 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2013-2781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-142-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-142-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the server application in 3S CODESYS Gateway 2.3.9.27 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-142-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-142-01" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2864.json b/2013/2xxx/CVE-2013-2864.json index 7e128d82d3b..d6075ab59cd 100644 --- a/2013/2xxx/CVE-2013-2864.json +++ b/2013/2xxx/CVE-2013-2864.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PDF functionality in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=239134", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=239134" - }, - { - "name" : "oval:org.mitre.oval:def:16736", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16736" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PDF functionality in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16736", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16736" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=239134", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=239134" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6601.json b/2013/6xxx/CVE-2013-6601.json index beac619966e..96c1342f6ff 100644 --- a/2013/6xxx/CVE-2013-6601.json +++ b/2013/6xxx/CVE-2013-6601.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6601", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6601", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6685.json b/2013/6xxx/CVE-2013-6685.json index 87d0fc509af..61f42bec6a9 100644 --- a/2013/6xxx/CVE-2013-6685.json +++ b/2013/6xxx/CVE-2013-6685.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its filesystem, aka Bug ID CSCui04382." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-6685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131112 Cisco Unified IP Phone 8900/9900 Series Insecure File Permissions Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6685" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its filesystem, aka Bug ID CSCui04382." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131112 Cisco Unified IP Phone 8900/9900 Series Insecure File Permissions Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6685" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7168.json b/2013/7xxx/CVE-2013-7168.json index cdf087cacd8..2b3ad419de0 100644 --- a/2013/7xxx/CVE-2013-7168.json +++ b/2013/7xxx/CVE-2013-7168.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7168", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-7168", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10269.json b/2017/10xxx/CVE-2017-10269.json index 0203a518bf1..2ff2c187ac3 100644 --- a/2017/10xxx/CVE-2017-10269.json +++ b/2017/10xxx/CVE-2017-10269.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Tuxedo", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.1.1" - }, - { - "version_affected" : "=", - "version_value" : "12.1.1" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. While the vulnerability is in Oracle Tuxedo, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Tuxedo accessible data as well as unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. While the vulnerability is in Oracle Tuxedo, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Tuxedo accessible data as well as unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tuxedo", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1.1" + }, + { + "version_affected": "=", + "version_value": "12.1.1" + }, + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html" - }, - { - "name" : "101841", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101841" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. While the vulnerability is in Oracle Tuxedo, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Tuxedo accessible data as well as unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. While the vulnerability is in Oracle Tuxedo, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Tuxedo accessible data as well as unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html" + }, + { + "name": "101841", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101841" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10580.json b/2017/10xxx/CVE-2017-10580.json index 3e2f25d6212..15e2e68b706 100644 --- a/2017/10xxx/CVE-2017-10580.json +++ b/2017/10xxx/CVE-2017-10580.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10580", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10580", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10582.json b/2017/10xxx/CVE-2017-10582.json index f4a1334c079..0ece3c6e53d 100644 --- a/2017/10xxx/CVE-2017-10582.json +++ b/2017/10xxx/CVE-2017-10582.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10582", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10582", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10972.json b/2017/10xxx/CVE-2017-10972.json index 4acb062a168..9dd1e6bde6e 100644 --- a/2017/10xxx/CVE-2017-10972.json +++ b/2017/10xxx/CVE-2017-10972.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10972", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1035283", - "refsource" : "MISC", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1035283" - }, - { - "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced", - "refsource" : "MISC", - "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced" - }, - { - "name" : "DSA-3905", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3905" - }, - { - "name" : "99543", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99543" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3905", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3905" + }, + { + "name": "99543", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99543" + }, + { + "name": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced", + "refsource": "MISC", + "url": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1035283", + "refsource": "MISC", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1035283" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14045.json b/2017/14xxx/CVE-2017-14045.json index 431fc209646..8bc362c3feb 100644 --- a/2017/14xxx/CVE-2017-14045.json +++ b/2017/14xxx/CVE-2017-14045.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14045", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14045", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14134.json b/2017/14xxx/CVE-2017-14134.json index 707bb775768..d1779b2430a 100644 --- a/2017/14xxx/CVE-2017-14134.json +++ b/2017/14xxx/CVE-2017-14134.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Reflected XSS Vulnerability affects the forgotten password page of Maplesoft Maple T.A. 2016.0.6 (Customer Hosted) via the emailAddress parameter to passwordreset/PasswordReset.do, aka Open Bug Bounty ID OBB-286688." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.openbugbounty.org/reports/286688/", - "refsource" : "MISC", - "url" : "https://www.openbugbounty.org/reports/286688/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Reflected XSS Vulnerability affects the forgotten password page of Maplesoft Maple T.A. 2016.0.6 (Customer Hosted) via the emailAddress parameter to passwordreset/PasswordReset.do, aka Open Bug Bounty ID OBB-286688." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.openbugbounty.org/reports/286688/", + "refsource": "MISC", + "url": "https://www.openbugbounty.org/reports/286688/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14537.json b/2017/14xxx/CVE-2017-14537.json index bc9637ce6bb..ff983e942f0 100644 --- a/2017/14xxx/CVE-2017-14537.json +++ b/2017/14xxx/CVE-2017-14537.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/", - "refsource" : "MISC", - "url" : "https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/" - }, - { - "name" : "103007", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103007" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103007", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103007" + }, + { + "name": "https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/", + "refsource": "MISC", + "url": "https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14596.json b/2017/14xxx/CVE-2017-14596.json index 73c8886e71e..b9917853cdd 100644 --- a/2017/14xxx/CVE-2017-14596.json +++ b/2017/14xxx/CVE-2017-14596.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.ripstech.com/2017/joomla-takeover-in-20-seconds-with-ldap-injection-cve-2017-14596/", - "refsource" : "MISC", - "url" : "https://blog.ripstech.com/2017/joomla-takeover-in-20-seconds-with-ldap-injection-cve-2017-14596/" - }, - { - "name" : "https://developer.joomla.org/security-centre/711-20170902-core-ldap-information-disclosure", - "refsource" : "CONFIRM", - "url" : "https://developer.joomla.org/security-centre/711-20170902-core-ldap-information-disclosure" - }, - { - "name" : "100898", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100898" - }, - { - "name" : "1039407", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://developer.joomla.org/security-centre/711-20170902-core-ldap-information-disclosure", + "refsource": "CONFIRM", + "url": "https://developer.joomla.org/security-centre/711-20170902-core-ldap-information-disclosure" + }, + { + "name": "https://blog.ripstech.com/2017/joomla-takeover-in-20-seconds-with-ldap-injection-cve-2017-14596/", + "refsource": "MISC", + "url": "https://blog.ripstech.com/2017/joomla-takeover-in-20-seconds-with-ldap-injection-cve-2017-14596/" + }, + { + "name": "1039407", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039407" + }, + { + "name": "100898", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100898" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15258.json b/2017/15xxx/CVE-2017-15258.json index 90323b65035..e9d034b4257 100644 --- a/2017/15xxx/CVE-2017-15258.json +++ b/2017/15xxx/CVE-2017-15258.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a \"Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000161a9c.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15258", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15258" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a \"Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000161a9c.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15258", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15258" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15530.json b/2017/15xxx/CVE-2017-15530.json index ced689bc5a9..75f1840afcf 100644 --- a/2017/15xxx/CVE-2017-15530.json +++ b/2017/15xxx/CVE-2017-15530.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@symantec.com", - "DATE_PUBLIC" : "2017-12-13T00:00:00", - "ID" : "CVE-2017-15530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Norton Family Android App", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to 4.4.1.10" - } - ] - } - } - ] - }, - "vendor_name" : "Symantec Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the application they will take note of anything that may seem out of place or any bit of information they can use to their advantage such as error messages, system information, user data, version numbers, component names, URL paths, or even simple typos and misspellings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "DATE_PUBLIC": "2017-12-13T00:00:00", + "ID": "CVE-2017-15530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Norton Family Android App", + "version": { + "version_data": [ + { + "version_value": "Prior to 4.4.1.10" + } + ] + } + } + ] + }, + "vendor_name": "Symantec Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171213_00", - "refsource" : "CONFIRM", - "url" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171213_00" - }, - { - "name" : "102120", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the application they will take note of anything that may seem out of place or any bit of information they can use to their advantage such as error messages, system information, user data, version numbers, component names, URL paths, or even simple typos and misspellings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171213_00", + "refsource": "CONFIRM", + "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171213_00" + }, + { + "name": "102120", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102120" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9389.json b/2017/9xxx/CVE-2017-9389.json index 72722c61408..77fe6cbace9 100644 --- a/2017/9xxx/CVE-2017-9389.json +++ b/2017/9xxx/CVE-2017-9389.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9389", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9389", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9572.json b/2017/9xxx/CVE-2017-9572.json index 34f3bef626e..525a21688a1 100644 --- a/2017/9xxx/CVE-2017-9572.json +++ b/2017/9xxx/CVE-2017-9572.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9572", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The athens-state-bank-mobile-banking/id719748589 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The athens-state-bank-mobile-banking/id719748589 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9787.json b/2017/9xxx/CVE-2017-9787.json index 60142be7f89..2b571370e38 100644 --- a/2017/9xxx/CVE-2017-9787.json +++ b/2017/9xxx/CVE-2017-9787.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2017-07-13T00:00:00", - "ID" : "CVE-2017-9787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Struts", - "version" : { - "version_data" : [ - { - "version_value" : "2.3.x prior to 2.3.33" - }, - { - "version_value" : "2.5 to 2.5.10.1" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS Attack" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2017-07-13T00:00:00", + "ID": "CVE-2017-9787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Struts", + "version": { + "version_data": [ + { + "version_value": "2.3.x prior to 2.3.33" + }, + { + "version_value": "2.5 to 2.5.10.1" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[announcements] 20170713 Apache Struts 2.5.12 GA with Security Fixes Release", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E" - }, - { - "name" : "[announcements] 20170810 [ANN] Apache Struts: S2-049 Security Bulletin update", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/de3d325f0433cd3b42258b6a302c0d7a72b69eedc1480ed561d3b065@%3Cannouncements.struts.apache.org%3E" - }, - { - "name" : "http://struts.apache.org/docs/s2-049.html", - "refsource" : "CONFIRM", - "url" : "http://struts.apache.org/docs/s2-049.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180706-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180706-0002/" - }, - { - "name" : "99562", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99562" - }, - { - "name" : "1039115", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039115" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS Attack" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html" + }, + { + "name": "1039115", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039115" + }, + { + "name": "[announcements] 20170810 [ANN] Apache Struts: S2-049 Security Bulletin update", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/de3d325f0433cd3b42258b6a302c0d7a72b69eedc1480ed561d3b065@%3Cannouncements.struts.apache.org%3E" + }, + { + "name": "99562", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99562" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180706-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180706-0002/" + }, + { + "name": "http://struts.apache.org/docs/s2-049.html", + "refsource": "CONFIRM", + "url": "http://struts.apache.org/docs/s2-049.html" + }, + { + "name": "[announcements] 20170713 Apache Struts 2.5.12 GA with Security Fixes Release", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9793.json b/2017/9xxx/CVE-2017-9793.json index a85ea7d8056..4a8ad6daafe 100644 --- a/2017/9xxx/CVE-2017-9793.json +++ b/2017/9xxx/CVE-2017-9793.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2017-09-05T00:00:00", - "ID" : "CVE-2017-9793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Struts", - "version" : { - "version_data" : [ - { - "version_value" : "2.3.7 - 2.3.33" - }, - { - "version_value" : "2.5 - 2.5.12" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "A remote attacker may create a DoS attack by sending crafted xml request when using the Struts REST plugin" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2017-09-05T00:00:00", + "ID": "CVE-2017-9793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Struts", + "version": { + "version_data": [ + { + "version_value": "2.3.7 - 2.3.33" + }, + { + "version_value": "2.5 - 2.5.12" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://struts.apache.org/docs/s2-051.html", - "refsource" : "CONFIRM", - "url" : "https://struts.apache.org/docs/s2-051.html" - }, - { - "name" : "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htm", - "refsource" : "CONFIRM", - "url" : "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htm" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180629-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180629-0001/" - }, - { - "name" : "20170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2" - }, - { - "name" : "100611", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100611" - }, - { - "name" : "1039262", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039262" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote attacker may create a DoS attack by sending crafted xml request when using the Struts REST plugin" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html" + }, + { + "name": "1039262", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039262" + }, + { + "name": "20170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2" + }, + { + "name": "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htm", + "refsource": "CONFIRM", + "url": "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htm" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180629-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180629-0001/" + }, + { + "name": "https://struts.apache.org/docs/s2-051.html", + "refsource": "CONFIRM", + "url": "https://struts.apache.org/docs/s2-051.html" + }, + { + "name": "100611", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100611" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9823.json b/2017/9xxx/CVE-2017-9823.json index 7a5083ab8a2..a6f946fd9cc 100644 --- a/2017/9xxx/CVE-2017-9823.json +++ b/2017/9xxx/CVE-2017-9823.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9823", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9823", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0434.json b/2018/0xxx/CVE-2018-0434.json index 1a51bca7b80..fcc9c4d4eea 100644 --- a/2018/0xxx/CVE-2018-0434.json +++ b/2018/0xxx/CVE-2018-0434.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-09-05T16:00:00-0500", - "ID" : "CVE-2018-0434", - "STATE" : "PUBLIC", - "TITLE" : "Cisco SD-WAN Solution Certificate Validation Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco SD-WAN Solution ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "8.1", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-295" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-09-05T16:00:00-0500", + "ID": "CVE-2018-0434", + "STATE": "PUBLIC", + "TITLE": "Cisco SD-WAN Solution Certificate Validation Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco SD-WAN Solution ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180905 Cisco SD-WAN Solution Certificate Validation Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-validation" - }, - { - "name" : "105294", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105294" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20180905-sd-wan-validation", - "defect" : [ - [ - "CSCvi69940" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180905 Cisco SD-WAN Solution Certificate Validation Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-validation" + }, + { + "name": "105294", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105294" + } + ] + }, + "source": { + "advisory": "cisco-sa-20180905-sd-wan-validation", + "defect": [ + [ + "CSCvi69940" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0515.json b/2018/0xxx/CVE-2018-0515.json index f4d98bdf7c5..2b2df8f66a8 100644 --- a/2018/0xxx/CVE-2018-0515.json +++ b/2018/0xxx/CVE-2018-0515.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "\"FLET'S Azukeru Backup Tool\"", - "version" : { - "version_data" : [ - { - "version_value" : "version 1.5.2.6 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in \"FLET'S Azukeru Backup Tool\" version 1.5.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "\"FLET'S Azukeru Backup Tool\"", + "version": { + "version_data": [ + { + "version_value": "version 1.5.2.6 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://flets.com/azukeru/login/news/info_180213.html", - "refsource" : "MISC", - "url" : "https://flets.com/azukeru/login/news/info_180213.html" - }, - { - "name" : "JVN#04564808", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN04564808/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in \"FLET'S Azukeru Backup Tool\" version 1.5.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://flets.com/azukeru/login/news/info_180213.html", + "refsource": "MISC", + "url": "https://flets.com/azukeru/login/news/info_180213.html" + }, + { + "name": "JVN#04564808", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN04564808/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0953.json b/2018/0xxx/CVE-2018-0953.json index 3857a75f855..b43a907a80d 100644 --- a/2018/0xxx/CVE-2018-0953.json +++ b/2018/0xxx/CVE-2018-0953.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-0953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-0953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44694", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44694/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0953", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0953" - }, - { - "name" : "103990", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103990" - }, - { - "name" : "1040844", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040844" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103990", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103990" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0953", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0953" + }, + { + "name": "44694", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44694/" + }, + { + "name": "1040844", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040844" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000117.json b/2018/1000xxx/CVE-2018-1000117.json index 0e61223fcbf..62d019a85c3 100644 --- a/2018/1000xxx/CVE-2018-1000117.json +++ b/2018/1000xxx/CVE-2018-1000117.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "3/5/2018 11:30:13", - "ID" : "CVE-2018-1000117", - "REQUESTER" : "steve.dower@python.org", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CPython", - "version" : { - "version_data" : [ - { - "version_value" : "From 3.2 until 3.6.4 on Windows" - } - ] - } - } - ] - }, - "vendor_name" : "Python Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "3/5/2018 11:30:13", + "ID": "CVE-2018-1000117", + "REQUESTER": "steve.dower@python.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.python.org/issue33001", - "refsource" : "CONFIRM", - "url" : "https://bugs.python.org/issue33001" - }, - { - "name" : "https://github.com/python/cpython/pull/5989", - "refsource" : "CONFIRM", - "url" : "https://github.com/python/cpython/pull/5989" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/python/cpython/pull/5989", + "refsource": "CONFIRM", + "url": "https://github.com/python/cpython/pull/5989" + }, + { + "name": "https://bugs.python.org/issue33001", + "refsource": "CONFIRM", + "url": "https://bugs.python.org/issue33001" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000178.json b/2018/1000xxx/CVE-2018-1000178.json index 4519aa66c82..ea1e56d6dfe 100644 --- a/2018/1000xxx/CVE-2018-1000178.json +++ b/2018/1000xxx/CVE-2018-1000178.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-04-30T20:15:49.357909", - "DATE_REQUESTED" : "2018-04-23T00:00:00", - "ID" : "CVE-2018-1000178", - "REQUESTER" : "nongiach@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "quasselcore, quasselclient", - "version" : { - "version_data" : [ - { - "version_value" : "0.12.4>version" - } - ] - } - } - ] - }, - "vendor_name" : "quassel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-120: heap corruption" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-04-30T20:15:49.357909", + "DATE_REQUESTED": "2018-04-23T00:00:00", + "ID": "CVE-2018-1000178", + "REQUESTER": "nongiach@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180504 [SECURITY] [DLA 1370-1] quassel security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00001.html" - }, - { - "name" : "https://i.imgur.com/JJ4QcNq.png", - "refsource" : "MISC", - "url" : "https://i.imgur.com/JJ4QcNq.png" - }, - { - "name" : "https://github.com/quassel/quassel/blob/master/src/common/protocols/datastream/datastreampeer.cpp#L62", - "refsource" : "CONFIRM", - "url" : "https://github.com/quassel/quassel/blob/master/src/common/protocols/datastream/datastreampeer.cpp#L62" - }, - { - "name" : "DSA-4189", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4189" - }, - { - "name" : "GLSA-201806-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201806-04" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4189", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4189" + }, + { + "name": "[debian-lts-announce] 20180504 [SECURITY] [DLA 1370-1] quassel security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00001.html" + }, + { + "name": "https://github.com/quassel/quassel/blob/master/src/common/protocols/datastream/datastreampeer.cpp#L62", + "refsource": "CONFIRM", + "url": "https://github.com/quassel/quassel/blob/master/src/common/protocols/datastream/datastreampeer.cpp#L62" + }, + { + "name": "GLSA-201806-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201806-04" + }, + { + "name": "https://i.imgur.com/JJ4QcNq.png", + "refsource": "MISC", + "url": "https://i.imgur.com/JJ4QcNq.png" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000408.json b/2018/1000xxx/CVE-2018-1000408.json index 033412cbfc2..940a952b86b 100644 --- a/2018/1000xxx/CVE-2018-1000408.json +++ b/2018/1000xxx/CVE-2018-1000408.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-12-28T04:34:37.678236", - "ID" : "CVE-2018-1000408", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins", - "version" : { - "version_data" : [ - { - "version_value" : "2.145 and earlier, LTS 2.138.1 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on instances using the built-in Jenkins user database security realm that results in the creation of an ephemeral user record in memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-400" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-12-28T04:34:37.678236", + "ID": "CVE-2018-1000408", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1128", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1128" - }, - { - "name" : "106532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on instances using the built-in Jenkins user database security realm that results in the creation of an ephemeral user record in memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1128", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1128" + }, + { + "name": "106532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106532" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000611.json b/2018/1000xxx/CVE-2018-1000611.json index 11f98fc7f34..2307c8d2a4e 100644 --- a/2018/1000xxx/CVE-2018-1000611.json +++ b/2018/1000xxx/CVE-2018-1000611.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-07-08T15:52:41.187352", - "DATE_REQUESTED" : "2018-07-04T21:50:39", - "ID" : "CVE-2018-1000611", - "REQUESTER" : "andrewklaus@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OpenConext EngineBlock", - "version" : { - "version_data" : [ - { - "version_value" : "5.7.0 to 5.7.3" - } - ] - } - } - ] - }, - "vendor_name" : "SURFnet" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SURFnet OpenConext EngineBlock version 5.7.0 to 5.7.3 contains a Cross Site Scripting (XSS) vulnerability that can result in Allows an attacker to inject arbitrary web scripts or HTML into help and login pages. This attack appear to be exploitable via the victim opening a specially crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-07-08T15:52:41.187352", + "DATE_REQUESTED": "2018-07-04T21:50:39", + "ID": "CVE-2018-1000611", + "REQUESTER": "andrewklaus@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/OpenConext/OpenConext-engineblock/pull/563/files", - "refsource" : "CONFIRM", - "url" : "https://github.com/OpenConext/OpenConext-engineblock/pull/563/files" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SURFnet OpenConext EngineBlock version 5.7.0 to 5.7.3 contains a Cross Site Scripting (XSS) vulnerability that can result in Allows an attacker to inject arbitrary web scripts or HTML into help and login pages. This attack appear to be exploitable via the victim opening a specially crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/OpenConext/OpenConext-engineblock/pull/563/files", + "refsource": "CONFIRM", + "url": "https://github.com/OpenConext/OpenConext-engineblock/pull/563/files" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16070.json b/2018/16xxx/CVE-2018-16070.json index 3174e825cd8..9ac90084fa6 100644 --- a/2018/16xxx/CVE-2018-16070.json +++ b/2018/16xxx/CVE-2018-16070.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16070", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16070", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16605.json b/2018/16xxx/CVE-2018-16605.json index 16db89193ac..adb6a76fb89 100644 --- a/2018/16xxx/CVE-2018-16605.json +++ b/2018/16xxx/CVE-2018-16605.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "D-Link DIR-600M devices allow XSS via the Hostname and Username fields in the Dynamic DNS Configuration page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.youtube.com/watch?v=BvZJ_e2BH_M&feature=youtu.be", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=BvZJ_e2BH_M&feature=youtu.be" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-Link DIR-600M devices allow XSS via the Hostname and Username fields in the Dynamic DNS Configuration page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.youtube.com/watch?v=BvZJ_e2BH_M&feature=youtu.be", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=BvZJ_e2BH_M&feature=youtu.be" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16864.json b/2018/16xxx/CVE-2018-16864.json index eb99892009a..b9a4b076b68 100644 --- a/2018/16xxx/CVE-2018-16864.json +++ b/2018/16xxx/CVE-2018-16864.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psampaio@redhat.com", - "ID" : "CVE-2018-16864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "systemd", - "version" : { - "version_data" : [ - { - "version_value" : "through v240" - } - ] - } - } - ] - }, - "vendor_name" : "The systemd Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "7.4/CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-770" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-16864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "systemd", + "version": { + "version_data": [ + { + "version_value": "through v240" + } + ] + } + } + ] + }, + "vendor_name": "The systemd Project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190123 [SECURITY] [DLA 1639-1] systemd security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html" - }, - { - "name" : "https://www.qualys.com/2019/01/09/system-down/system-down.txt", - "refsource" : "MISC", - "url" : "https://www.qualys.com/2019/01/09/system-down/system-down.txt" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16864", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16864" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190117-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190117-0001/" - }, - { - "name" : "DSA-4367", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4367" - }, - { - "name" : "GLSA-201903-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201903-07" - }, - { - "name" : "RHSA-2019:0049", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0049" - }, - { - "name" : "RHSA-2019:0204", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0204" - }, - { - "name" : "RHSA-2019:0271", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0271" - }, - { - "name" : "RHSA-2019:0342", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0342" - }, - { - "name" : "RHSA-2019:0361", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0361" - }, - { - "name" : "USN-3855-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3855-1/" - }, - { - "name" : "106523", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.4/CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106523", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106523" + }, + { + "name": "RHSA-2019:0342", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0342" + }, + { + "name": "[debian-lts-announce] 20190123 [SECURITY] [DLA 1639-1] systemd security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html" + }, + { + "name": "DSA-4367", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4367" + }, + { + "name": "RHSA-2019:0204", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0204" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190117-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190117-0001/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16864", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16864" + }, + { + "name": "https://www.qualys.com/2019/01/09/system-down/system-down.txt", + "refsource": "MISC", + "url": "https://www.qualys.com/2019/01/09/system-down/system-down.txt" + }, + { + "name": "USN-3855-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3855-1/" + }, + { + "name": "RHSA-2019:0049", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0049" + }, + { + "name": "RHSA-2019:0271", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0271" + }, + { + "name": "RHSA-2019:0361", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0361" + }, + { + "name": "GLSA-201903-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201903-07" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16989.json b/2018/16xxx/CVE-2018-16989.json index 575f1294a2f..046f55f25f4 100644 --- a/2018/16xxx/CVE-2018-16989.json +++ b/2018/16xxx/CVE-2018-16989.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16989", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16989", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4240.json b/2018/4xxx/CVE-2018-4240.json index 8b32f8b6ad9..5941cdc7965 100644 --- a/2018/4xxx/CVE-2018-4240.json +++ b/2018/4xxx/CVE-2018-4240.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the \"Messages\" component. It allows remote attackers to cause a denial of service via a crafted message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45391", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45391/" - }, - { - "name" : "https://support.apple.com/HT208848", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208848" - }, - { - "name" : "https://support.apple.com/HT208849", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208849" - }, - { - "name" : "https://support.apple.com/HT208850", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208850" - }, - { - "name" : "https://support.apple.com/HT208851", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208851" - }, - { - "name" : "1041027", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the \"Messages\" component. It allows remote attackers to cause a denial of service via a crafted message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208850", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208850" + }, + { + "name": "https://support.apple.com/HT208851", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208851" + }, + { + "name": "1041027", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041027" + }, + { + "name": "https://support.apple.com/HT208848", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208848" + }, + { + "name": "https://support.apple.com/HT208849", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208849" + }, + { + "name": "45391", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45391/" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4408.json b/2018/4xxx/CVE-2018-4408.json index ec04fab0d0d..3c7539e8dce 100644 --- a/2018/4xxx/CVE-2018-4408.json +++ b/2018/4xxx/CVE-2018-4408.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4408", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4408", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4548.json b/2018/4xxx/CVE-2018-4548.json index 4313a0ebe51..bc0d746e14a 100644 --- a/2018/4xxx/CVE-2018-4548.json +++ b/2018/4xxx/CVE-2018-4548.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4548", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4548", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4615.json b/2018/4xxx/CVE-2018-4615.json index a7153b3b755..80d1d893de7 100644 --- a/2018/4xxx/CVE-2018-4615.json +++ b/2018/4xxx/CVE-2018-4615.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4615", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4615", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file