From 63d70ea461d419c73e15a1b1ed31463150b209c3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:08:03 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/1xxx/CVE-2004-1415.json | 150 +++---- 2004/1xxx/CVE-2004-1551.json | 130 +++--- 2008/0xxx/CVE-2008-0205.json | 150 +++---- 2008/0xxx/CVE-2008-0331.json | 160 ++++---- 2008/0xxx/CVE-2008-0469.json | 180 ++++----- 2008/0xxx/CVE-2008-0790.json | 170 ++++---- 2008/0xxx/CVE-2008-0820.json | 180 ++++----- 2008/1xxx/CVE-2008-1236.json | 610 ++++++++++++++--------------- 2008/3xxx/CVE-2008-3087.json | 140 +++---- 2008/3xxx/CVE-2008-3093.json | 160 ++++---- 2008/3xxx/CVE-2008-3329.json | 140 +++---- 2008/3xxx/CVE-2008-3661.json | 150 +++---- 2008/3xxx/CVE-2008-3813.json | 160 ++++---- 2008/4xxx/CVE-2008-4134.json | 180 ++++----- 2008/4xxx/CVE-2008-4349.json | 150 +++---- 2008/4xxx/CVE-2008-4385.json | 180 ++++----- 2008/4xxx/CVE-2008-4577.json | 280 ++++++------- 2008/4xxx/CVE-2008-4601.json | 150 +++---- 2008/4xxx/CVE-2008-4663.json | 180 ++++----- 2008/4xxx/CVE-2008-4843.json | 34 +- 2008/7xxx/CVE-2008-7224.json | 150 +++---- 2013/2xxx/CVE-2013-2375.json | 160 ++++---- 2013/2xxx/CVE-2013-2381.json | 150 +++---- 2013/2xxx/CVE-2013-2714.json | 34 +- 2013/3xxx/CVE-2013-3079.json | 120 +++--- 2013/3xxx/CVE-2013-3367.json | 34 +- 2013/6xxx/CVE-2013-6018.json | 120 +++--- 2013/6xxx/CVE-2013-6037.json | 130 +++--- 2013/6xxx/CVE-2013-6610.json | 34 +- 2013/6xxx/CVE-2013-6853.json | 160 ++++---- 2013/7xxx/CVE-2013-7342.json | 130 +++--- 2013/7xxx/CVE-2013-7458.json | 210 +++++----- 2017/10xxx/CVE-2017-10147.json | 186 ++++----- 2017/10xxx/CVE-2017-10283.json | 180 ++++----- 2017/10xxx/CVE-2017-10320.json | 162 ++++---- 2017/10xxx/CVE-2017-10854.json | 130 +++--- 2017/14xxx/CVE-2017-14211.json | 34 +- 2017/14xxx/CVE-2017-14465.json | 122 +++--- 2017/15xxx/CVE-2017-15381.json | 120 +++--- 2017/15xxx/CVE-2017-15705.json | 182 ++++----- 2017/9xxx/CVE-2017-9014.json | 34 +- 2017/9xxx/CVE-2017-9179.json | 120 +++--- 2017/9xxx/CVE-2017-9478.json | 120 +++--- 2017/9xxx/CVE-2017-9971.json | 34 +- 2018/0xxx/CVE-2018-0200.json | 140 +++---- 2018/0xxx/CVE-2018-0419.json | 142 +++---- 2018/0xxx/CVE-2018-0456.json | 188 ++++----- 2018/0xxx/CVE-2018-0577.json | 130 +++--- 2018/1000xxx/CVE-2018-1000531.json | 126 +++--- 2018/16xxx/CVE-2018-16314.json | 120 +++--- 2018/19xxx/CVE-2018-19067.json | 120 +++--- 2018/19xxx/CVE-2018-19141.json | 130 +++--- 2018/19xxx/CVE-2018-19309.json | 34 +- 2018/19xxx/CVE-2018-19681.json | 34 +- 2018/1xxx/CVE-2018-1024.json | 34 +- 2018/1xxx/CVE-2018-1642.json | 34 +- 2018/4xxx/CVE-2018-4084.json | 140 +++---- 2018/4xxx/CVE-2018-4347.json | 34 +- 2018/4xxx/CVE-2018-4385.json | 34 +- 2018/4xxx/CVE-2018-4854.json | 138 +++---- 60 files changed, 4034 insertions(+), 4034 deletions(-) diff --git a/2004/1xxx/CVE-2004-1415.json b/2004/1xxx/CVE-2004-1415.json index 52c1b6ac0cd..9241ca20e9c 100644 --- a/2004/1xxx/CVE-2004-1415.json +++ b/2004/1xxx/CVE-2004-1415.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in (1) disp_album.php and possibly (2) disp_img.php in 2Bgal 2.4 and 2.5.1 allows remote attackers to execute arbitrary SQL commands via the id_album parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041222 2Bgal : 2.4 & 2.5.1 SQL injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110375900916558&w=2" - }, - { - "name" : "12083", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12083" - }, - { - "name" : "13620", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13620" - }, - { - "name" : "2bgal-dispalbum-sql-injection(18645)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18645" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in (1) disp_album.php and possibly (2) disp_img.php in 2Bgal 2.4 and 2.5.1 allows remote attackers to execute arbitrary SQL commands via the id_album parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2bgal-dispalbum-sql-injection(18645)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18645" + }, + { + "name": "20041222 2Bgal : 2.4 & 2.5.1 SQL injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110375900916558&w=2" + }, + { + "name": "12083", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12083" + }, + { + "name": "13620", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13620" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1551.json b/2004/1xxx/CVE-2004-1551.json index 92578bfea7a..141eeb93827 100644 --- a/2004/1xxx/CVE-2004-1551.json +++ b/2004/1xxx/CVE-2004-1551.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1551", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the (1) email or (2) file modules in paFileDB 3.1 Final allows remote attackers to execute arbitrary web script or HTML via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1551", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040925 New XSS vulnerabilities in paFileDB 3.1 final", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109613031414184&w=2" - }, - { - "name" : "pafiledb-pafiledb-xss(17504)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17504" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the (1) email or (2) file modules in paFileDB 3.1 Final allows remote attackers to execute arbitrary web script or HTML via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pafiledb-pafiledb-xss(17504)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17504" + }, + { + "name": "20040925 New XSS vulnerabilities in paFileDB 3.1 final", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109613031414184&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0205.json b/2008/0xxx/CVE-2008-0205.json index 6dcd91688d3..a5750240343 100644 --- a/2008/0xxx/CVE-2008-0205.json +++ b/2008/0xxx/CVE-2008-0205.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080103 securityvulns.com russian vulnerabilities digest", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485786/100/0/threaded" - }, - { - "name" : "20080103 securityvulns.com russian vulnerabilities digest", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html" - }, - { - "name" : "http://websecurity.com.ua/1576/", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/1576/" - }, - { - "name" : "3539", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080103 securityvulns.com russian vulnerabilities digest", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html" + }, + { + "name": "20080103 securityvulns.com russian vulnerabilities digest", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded" + }, + { + "name": "http://websecurity.com.ua/1576/", + "refsource": "MISC", + "url": "http://websecurity.com.ua/1576/" + }, + { + "name": "3539", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3539" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0331.json b/2008/0xxx/CVE-2008-0331.json index 1f67f99aca1..fdea2004841 100644 --- a/2008/0xxx/CVE-2008-0331.json +++ b/2008/0xxx/CVE-2008-0331.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Funkwerk System Software before 7.4.1 PATCH 9 for certain Funkwerk Router / VPN devices allows remote attackers to cause a denial of service (panic and reboot) via unspecified DNS requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.funkwerk-ec.com/portal/downloadcenter/dateien/x2300/r7401p09/readme_741p9_en.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.funkwerk-ec.com/portal/downloadcenter/dateien/x2300/r7401p09/readme_741p9_en.pdf" - }, - { - "name" : "27314", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27314" - }, - { - "name" : "42782", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42782" - }, - { - "name" : "28085", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28085" - }, - { - "name" : "x2300-dns-dos(39731)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39731" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Funkwerk System Software before 7.4.1 PATCH 9 for certain Funkwerk Router / VPN devices allows remote attackers to cause a denial of service (panic and reboot) via unspecified DNS requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42782", + "refsource": "OSVDB", + "url": "http://osvdb.org/42782" + }, + { + "name": "x2300-dns-dos(39731)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39731" + }, + { + "name": "27314", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27314" + }, + { + "name": "28085", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28085" + }, + { + "name": "http://www.funkwerk-ec.com/portal/downloadcenter/dateien/x2300/r7401p09/readme_741p9_en.pdf", + "refsource": "CONFIRM", + "url": "http://www.funkwerk-ec.com/portal/downloadcenter/dateien/x2300/r7401p09/readme_741p9_en.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0469.json b/2008/0xxx/CVE-2008-0469.json index a4048f192d6..1455f2df1d7 100644 --- a/2008/0xxx/CVE-2008-0469.json +++ b/2008/0xxx/CVE-2008-0469.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Tiger Php News System (TPNS) 1.0b and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newscat action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080124 Tiger PHP News System SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/486961/100/0/threaded" - }, - { - "name" : "4984", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4984" - }, - { - "name" : "27445", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27445" - }, - { - "name" : "ADV-2008-0312", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0312" - }, - { - "name" : "28641", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28641" - }, - { - "name" : "3587", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3587" - }, - { - "name" : "tigerphpnewssystem-catid-sql-injection(39908)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39908" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Tiger Php News System (TPNS) 1.0b and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newscat action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0312", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0312" + }, + { + "name": "4984", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4984" + }, + { + "name": "tigerphpnewssystem-catid-sql-injection(39908)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39908" + }, + { + "name": "27445", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27445" + }, + { + "name": "20080124 Tiger PHP News System SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/486961/100/0/threaded" + }, + { + "name": "28641", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28641" + }, + { + "name": "3587", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3587" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0790.json b/2008/0xxx/CVE-2008-0790.json index 47dad46e51d..3efc1672e95 100644 --- a/2008/0xxx/CVE-2008-0790.json +++ b/2008/0xxx/CVE-2008-0790.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080212 Directory traversal and DoS in WinIPDS G52-33-021", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488015/100/0/threaded" - }, - { - "name" : "20080313 Re: Directory traversal and DoS in WinIPDS G52-33-021", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489499/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/winipds-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/winipds-adv.txt" - }, - { - "name" : "27757", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27757" - }, - { - "name" : "28934", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28934" - }, - { - "name" : "3658", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27757", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27757" + }, + { + "name": "http://aluigi.altervista.org/adv/winipds-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/winipds-adv.txt" + }, + { + "name": "3658", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3658" + }, + { + "name": "20080212 Directory traversal and DoS in WinIPDS G52-33-021", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488015/100/0/threaded" + }, + { + "name": "28934", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28934" + }, + { + "name": "20080313 Re: Directory traversal and DoS in WinIPDS G52-33-021", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489499/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0820.json b/2008/0xxx/CVE-2008-0820.json index 0985591f02c..120be048d61 100644 --- a/2008/0xxx/CVE-2008-0820.json +++ b/2008/0xxx/CVE-2008-0820.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Cross-site scripting (XSS) vulnerability in index.php in Etomite 0.6.1.4 Final allows remote attackers to inject arbitrary web script or HTML via $_SERVER['PHP_INFO']. NOTE: the vendor disputes this issue in a followup, stating that the affected variable is $_SERVER['PHP_SELF'], and \"This is not an Etomite specific exploit and I would like the report rescinded.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080214 etomite xss", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488122/100/0/threaded" - }, - { - "name" : "20080218 Re: etomite xss", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488304/100/100/threaded" - }, - { - "name" : "http://www.etomite.com/forums/index.php?showtopic=7647", - "refsource" : "MISC", - "url" : "http://www.etomite.com/forums/index.php?showtopic=7647" - }, - { - "name" : "27794", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27794" - }, - { - "name" : "28964", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28964" - }, - { - "name" : "3669", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3669" - }, - { - "name" : "etomite-index-xss(40525)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Cross-site scripting (XSS) vulnerability in index.php in Etomite 0.6.1.4 Final allows remote attackers to inject arbitrary web script or HTML via $_SERVER['PHP_INFO']. NOTE: the vendor disputes this issue in a followup, stating that the affected variable is $_SERVER['PHP_SELF'], and \"This is not an Etomite specific exploit and I would like the report rescinded.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3669", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3669" + }, + { + "name": "20080218 Re: etomite xss", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488304/100/100/threaded" + }, + { + "name": "http://www.etomite.com/forums/index.php?showtopic=7647", + "refsource": "MISC", + "url": "http://www.etomite.com/forums/index.php?showtopic=7647" + }, + { + "name": "27794", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27794" + }, + { + "name": "etomite-index-xss(40525)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40525" + }, + { + "name": "28964", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28964" + }, + { + "name": "20080214 etomite xss", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488122/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1236.json b/2008/1xxx/CVE-2008-1236.json index accae621c0b..62559c69da3 100644 --- a/2008/1xxx/CVE-2008-1236.json +++ b/2008/1xxx/CVE-2008-1236.json @@ -1,307 +1,307 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the layout engine." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-1236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080327 rPSA-2008-0128-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490196/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-15.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-15.html" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128" - }, - { - "name" : "DSA-1532", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1532" - }, - { - "name" : "DSA-1534", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1534" - }, - { - "name" : "DSA-1535", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1535" - }, - { - "name" : "DSA-1574", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1574" - }, - { - "name" : "FEDORA-2008-3519", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00058.html" - }, - { - "name" : "FEDORA-2008-3557", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00074.html" - }, - { - "name" : "GLSA-200805-18", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml" - }, - { - "name" : "MDVSA-2008:080", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:080" - }, - { - "name" : "MDVSA-2008:155", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155" - }, - { - "name" : "RHSA-2008:0208", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-0208.html" - }, - { - "name" : "RHSA-2008:0207", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0207.html" - }, - { - "name" : "RHSA-2008:0209", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0209.html" - }, - { - "name" : "SSA:2008-128-02", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.447313" - }, - { - "name" : "239546", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1" - }, - { - "name" : "238492", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1" - }, - { - "name" : "SUSE-SA:2008:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html" - }, - { - "name" : "USN-592-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-592-1" - }, - { - "name" : "USN-605-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-605-1" - }, - { - "name" : "TA08-087A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-087A.html" - }, - { - "name" : "28448", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28448" - }, - { - "name" : "oval:org.mitre.oval:def:11788", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11788" - }, - { - "name" : "ADV-2008-0999", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0999/references" - }, - { - "name" : "ADV-2008-0998", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0998/references" - }, - { - "name" : "ADV-2008-2091", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2091/references" - }, - { - "name" : "ADV-2008-1793", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1793/references" - }, - { - "name" : "1019695", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019695" - }, - { - "name" : "29391", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29391" - }, - { - "name" : "29560", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29560" - }, - { - "name" : "29548", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29548" - }, - { - "name" : "29550", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29550" - }, - { - "name" : "29539", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29539" - }, - { - "name" : "29558", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29558" - }, - { - "name" : "29616", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29616" - }, - { - "name" : "29526", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29526" - }, - { - "name" : "29541", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29541" - }, - { - "name" : "29547", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29547" - }, - { - "name" : "29645", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29645" - }, - { - "name" : "29607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29607" - }, - { - "name" : "30016", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30016" - }, - { - "name" : "30094", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30094" - }, - { - "name" : "30327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30327" - }, - { - "name" : "30370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30370" - }, - { - "name" : "31043", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31043" - }, - { - "name" : "30192", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30192" - }, - { - "name" : "30620", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30620" - }, - { - "name" : "30105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30105" - }, - { - "name" : "mozilla-layoutengine-code-execution(41445)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the layout engine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080327 rPSA-2008-0128-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490196/100/0/threaded" + }, + { + "name": "1019695", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019695" + }, + { + "name": "29541", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29541" + }, + { + "name": "29539", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29539" + }, + { + "name": "ADV-2008-0999", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0999/references" + }, + { + "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-15.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-15.html" + }, + { + "name": "30620", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30620" + }, + { + "name": "29560", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29560" + }, + { + "name": "DSA-1532", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1532" + }, + { + "name": "30327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30327" + }, + { + "name": "238492", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1" + }, + { + "name": "USN-592-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-592-1" + }, + { + "name": "29616", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29616" + }, + { + "name": "29550", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29550" + }, + { + "name": "29645", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29645" + }, + { + "name": "USN-605-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-605-1" + }, + { + "name": "29607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29607" + }, + { + "name": "239546", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1" + }, + { + "name": "MDVSA-2008:155", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155" + }, + { + "name": "ADV-2008-1793", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1793/references" + }, + { + "name": "DSA-1574", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1574" + }, + { + "name": "29558", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29558" + }, + { + "name": "29548", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29548" + }, + { + "name": "30370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30370" + }, + { + "name": "RHSA-2008:0208", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-0208.html" + }, + { + "name": "29526", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29526" + }, + { + "name": "ADV-2008-2091", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2091/references" + }, + { + "name": "SUSE-SA:2008:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html" + }, + { + "name": "TA08-087A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-087A.html" + }, + { + "name": "29391", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29391" + }, + { + "name": "30192", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30192" + }, + { + "name": "SSA:2008-128-02", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.447313" + }, + { + "name": "RHSA-2008:0209", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0209.html" + }, + { + "name": "28448", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28448" + }, + { + "name": "RHSA-2008:0207", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0207.html" + }, + { + "name": "30016", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30016" + }, + { + "name": "DSA-1534", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1534" + }, + { + "name": "FEDORA-2008-3519", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00058.html" + }, + { + "name": "29547", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29547" + }, + { + "name": "oval:org.mitre.oval:def:11788", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11788" + }, + { + "name": "30105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30105" + }, + { + "name": "30094", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30094" + }, + { + "name": "GLSA-200805-18", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128" + }, + { + "name": "mozilla-layoutengine-code-execution(41445)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41445" + }, + { + "name": "31043", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31043" + }, + { + "name": "FEDORA-2008-3557", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00074.html" + }, + { + "name": "ADV-2008-0998", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0998/references" + }, + { + "name": "DSA-1535", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1535" + }, + { + "name": "MDVSA-2008:080", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:080" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3087.json b/2008/3xxx/CVE-2008-3087.json index 6a749271ea5..ba4e9346f98 100644 --- a/2008/3xxx/CVE-2008-3087.json +++ b/2008/3xxx/CVE-2008-3087.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Kasseler CMS 1.3.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to index.php, possibly related to the phpManual module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6007", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6007" - }, - { - "name" : "30946", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30946" - }, - { - "name" : "kasselercms-index-file-include(43600)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Kasseler CMS 1.3.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to index.php, possibly related to the phpManual module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30946", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30946" + }, + { + "name": "6007", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6007" + }, + { + "name": "kasselercms-index-file-include(43600)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43600" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3093.json b/2008/3xxx/CVE-2008-3093.json index 2523f88cf3f..6dd689febd0 100644 --- a/2008/3xxx/CVE-2008-3093.json +++ b/2008/3xxx/CVE-2008-3093.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in ImperialBB 2.3.5 and earlier allows remote authenticated users to upload and execute arbitrary PHP code by placing a .php filename in the Upload_Avatar parameter and sending the image/gif content type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6008", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6008" - }, - { - "name" : "http://phplizardo.breizh-web.net/blog/2008/07/05/advisory-1-imperialbb", - "refsource" : "MISC", - "url" : "http://phplizardo.breizh-web.net/blog/2008/07/05/advisory-1-imperialbb" - }, - { - "name" : "30100", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30100" - }, - { - "name" : "30939", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30939" - }, - { - "name" : "imperialbb-avatar-file-upload(43608)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in ImperialBB 2.3.5 and earlier allows remote authenticated users to upload and execute arbitrary PHP code by placing a .php filename in the Upload_Avatar parameter and sending the image/gif content type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30939", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30939" + }, + { + "name": "http://phplizardo.breizh-web.net/blog/2008/07/05/advisory-1-imperialbb", + "refsource": "MISC", + "url": "http://phplizardo.breizh-web.net/blog/2008/07/05/advisory-1-imperialbb" + }, + { + "name": "30100", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30100" + }, + { + "name": "6008", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6008" + }, + { + "name": "imperialbb-avatar-file-upload(43608)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43608" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3329.json b/2008/3xxx/CVE-2008-3329.json index 214eb82f26a..122f9700898 100644 --- a/2008/3xxx/CVE-2008-3329.json +++ b/2008/3xxx/CVE-2008-3329.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Links before 2.1, when \"only proxies\" is enabled, has unknown impact and attack vectors related to providing \"URLs to external programs.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://links.twibright.com/download/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://links.twibright.com/download/ChangeLog" - }, - { - "name" : "30422", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30422" - }, - { - "name" : "links-onlyproxies-unspecified(44035)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44035" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Links before 2.1, when \"only proxies\" is enabled, has unknown impact and attack vectors related to providing \"URLs to external programs.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://links.twibright.com/download/ChangeLog", + "refsource": "CONFIRM", + "url": "http://links.twibright.com/download/ChangeLog" + }, + { + "name": "links-onlyproxies-unspecified(44035)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44035" + }, + { + "name": "30422", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30422" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3661.json b/2008/3xxx/CVE-2008-3661.json index ddbfc16cb05..4c88a1d196c 100644 --- a/2008/3xxx/CVE-2008-3661.json +++ b/2008/3xxx/CVE-2008-3661.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080920 drupal: Session hijacking vulnerability, CVE-2008-3661", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496575/100/0/threaded" - }, - { - "name" : "http://int21.de/cve/CVE-2008-3661-drupal.html", - "refsource" : "MISC", - "url" : "http://int21.de/cve/CVE-2008-3661-drupal.html" - }, - { - "name" : "31285", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31285" - }, - { - "name" : "drupal-cookie-session-hijacking(45298)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31285", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31285" + }, + { + "name": "drupal-cookie-session-hijacking(45298)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45298" + }, + { + "name": "http://int21.de/cve/CVE-2008-3661-drupal.html", + "refsource": "MISC", + "url": "http://int21.de/cve/CVE-2008-3661-drupal.html" + }, + { + "name": "20080920 drupal: Session hijacking vulnerability, CVE-2008-3661", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496575/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3813.json b/2008/3xxx/CVE-2008-3813.json index 31484fa92a2..4ac1c7c1385 100644 --- a/2008/3xxx/CVE-2008-3813.json +++ b/2008/3xxx/CVE-2008-3813.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mgmt daemon process is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted L2TP packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2008-3813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080924 Cisco IOS Software Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0157a.shtml" - }, - { - "name" : "oval:org.mitre.oval:def:5362", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5362" - }, - { - "name" : "ADV-2008-2670", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2670" - }, - { - "name" : "1020938", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020938" - }, - { - "name" : "31990", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31990" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mgmt daemon process is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted L2TP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31990", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31990" + }, + { + "name": "oval:org.mitre.oval:def:5362", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5362" + }, + { + "name": "ADV-2008-2670", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2670" + }, + { + "name": "1020938", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020938" + }, + { + "name": "20080924 Cisco IOS Software Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0157a.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4134.json b/2008/4xxx/CVE-2008-4134.json index de871d4766d..3bd29abe389 100644 --- a/2008/4xxx/CVE-2008-4134.json +++ b/2008/4xxx/CVE-2008-4134.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in manager/static/view.php in phpRealty 0.03 and earlier, and possibly other versions before 0.05, allows remote attackers to execute arbitrary PHP code via a URL in the INC parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6473", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6473" - }, - { - "name" : "http://php-realty.com/", - "refsource" : "CONFIRM", - "url" : "http://php-realty.com/" - }, - { - "name" : "31213", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31213" - }, - { - "name" : "31874", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31874" - }, - { - "name" : "4277", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4277" - }, - { - "name" : "ADV-2008-2611", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2611" - }, - { - "name" : "phprealty-view-file-include(45181)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45181" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in manager/static/view.php in phpRealty 0.03 and earlier, and possibly other versions before 0.05, allows remote attackers to execute arbitrary PHP code via a URL in the INC parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phprealty-view-file-include(45181)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45181" + }, + { + "name": "ADV-2008-2611", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2611" + }, + { + "name": "http://php-realty.com/", + "refsource": "CONFIRM", + "url": "http://php-realty.com/" + }, + { + "name": "31213", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31213" + }, + { + "name": "6473", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6473" + }, + { + "name": "4277", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4277" + }, + { + "name": "31874", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31874" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4349.json b/2008/4xxx/CVE-2008-4349.json index a7ee601b266..63e477d5508 100644 --- a/2008/4xxx/CVE-2008-4349.json +++ b/2008/4xxx/CVE-2008-4349.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in news.php in s0nic Paranews 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) page parameter in a details action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstorm.linuxsecurity.com/0809-exploits/paranews-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstorm.linuxsecurity.com/0809-exploits/paranews-xss.txt" - }, - { - "name" : "31152", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31152" - }, - { - "name" : "31786", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31786" - }, - { - "name" : "paranews-news-xss(45101)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in news.php in s0nic Paranews 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) page parameter in a details action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31786", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31786" + }, + { + "name": "paranews-news-xss(45101)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45101" + }, + { + "name": "31152", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31152" + }, + { + "name": "http://packetstorm.linuxsecurity.com/0809-exploits/paranews-xss.txt", + "refsource": "MISC", + "url": "http://packetstorm.linuxsecurity.com/0809-exploits/paranews-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4385.json b/2008/4xxx/CVE-2008-4385.json index 9cf1bc87f6c..87eed502332 100644 --- a/2008/4xxx/CVE-2008-4385.json +++ b/2008/4xxx/CVE-2008-4385.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Analysis, allows remote attackers to force the download and execution of arbitrary programs via by specifiying a malicious website argument to the Init method in (1) a certain ActiveX control (sysreqlab2.cab, sysreqlab.dll, sysreqlabsli.dll, or sysreqlab2.dll) and (2) a certain Java applet in RLApplet.class in sysreqlab2.jar or sysreqlab.jar." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2008-4385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081016 SEC Consult SA-20081016-0 :: Remote command execution in InstantExpert Analysis", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497400" - }, - { - "name" : "http://www.sec-consult.com/files/20081016-0_sysreqlab.txt", - "refsource" : "MISC", - "url" : "http://www.sec-consult.com/files/20081016-0_sysreqlab.txt" - }, - { - "name" : "http://www.systemrequirementslab.com/bulletins/security_bulletin_1.html", - "refsource" : "CONFIRM", - "url" : "http://www.systemrequirementslab.com/bulletins/security_bulletin_1.html" - }, - { - "name" : "VU#166651", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/166651" - }, - { - "name" : "31752", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31752" - }, - { - "name" : "32236", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32236" - }, - { - "name" : "srl-activex-javaapplet-code-execution(45873)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Analysis, allows remote attackers to force the download and execution of arbitrary programs via by specifiying a malicious website argument to the Init method in (1) a certain ActiveX control (sysreqlab2.cab, sysreqlab.dll, sysreqlabsli.dll, or sysreqlab2.dll) and (2) a certain Java applet in RLApplet.class in sysreqlab2.jar or sysreqlab.jar." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32236", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32236" + }, + { + "name": "http://www.systemrequirementslab.com/bulletins/security_bulletin_1.html", + "refsource": "CONFIRM", + "url": "http://www.systemrequirementslab.com/bulletins/security_bulletin_1.html" + }, + { + "name": "http://www.sec-consult.com/files/20081016-0_sysreqlab.txt", + "refsource": "MISC", + "url": "http://www.sec-consult.com/files/20081016-0_sysreqlab.txt" + }, + { + "name": "31752", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31752" + }, + { + "name": "VU#166651", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/166651" + }, + { + "name": "20081016 SEC Consult SA-20081016-0 :: Remote command execution in InstantExpert Analysis", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497400" + }, + { + "name": "srl-activex-javaapplet-code-execution(45873)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45873" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4577.json b/2008/4xxx/CVE-2008-4577.json index 1a167c4080b..b0149490410 100644 --- a/2008/4xxx/CVE-2008-4577.json +++ b/2008/4xxx/CVE-2008-4577.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-4577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Dovecot-news] 20081005 v1.1.4 released", - "refsource" : "MLIST", - "url" : "http://www.dovecot.org/list/dovecot-news/2008-October/000085.html" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=240409", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=240409" - }, - { - "name" : "FEDORA-2008-9202", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00816.html" - }, - { - "name" : "FEDORA-2008-9232", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00844.html" - }, - { - "name" : "GLSA-200812-16", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200812-16.xml" - }, - { - "name" : "MDVSA-2008:232", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:232" - }, - { - "name" : "RHSA-2009:0205", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0205.html" - }, - { - "name" : "SUSE-SR:2009:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" - }, - { - "name" : "USN-838-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-838-1" - }, - { - "name" : "31587", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31587" - }, - { - "name" : "oval:org.mitre.oval:def:10376", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10376" - }, - { - "name" : "36904", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36904" - }, - { - "name" : "ADV-2008-2745", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2745" - }, - { - "name" : "32164", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32164" - }, - { - "name" : "33149", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33149" - }, - { - "name" : "33624", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33624" - }, - { - "name" : "32471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32471" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32164", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32164" + }, + { + "name": "32471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32471" + }, + { + "name": "33149", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33149" + }, + { + "name": "ADV-2008-2745", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2745" + }, + { + "name": "FEDORA-2008-9202", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00816.html" + }, + { + "name": "oval:org.mitre.oval:def:10376", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10376" + }, + { + "name": "31587", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31587" + }, + { + "name": "FEDORA-2008-9232", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00844.html" + }, + { + "name": "MDVSA-2008:232", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:232" + }, + { + "name": "USN-838-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-838-1" + }, + { + "name": "SUSE-SR:2009:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" + }, + { + "name": "GLSA-200812-16", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200812-16.xml" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=240409", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=240409" + }, + { + "name": "RHSA-2009:0205", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0205.html" + }, + { + "name": "33624", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33624" + }, + { + "name": "[Dovecot-news] 20081005 v1.1.4 released", + "refsource": "MLIST", + "url": "http://www.dovecot.org/list/dovecot-news/2008-October/000085.html" + }, + { + "name": "36904", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36904" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4601.json b/2008/4xxx/CVE-2008-4601.json index f79e2585550..838430a7dcb 100644 --- a/2008/4xxx/CVE-2008-4601.json +++ b/2008/4xxx/CVE-2008-4601.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the login feature in Habari CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the habari_username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstorm.linuxsecurity.com/0810-exploits/habaricms-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstorm.linuxsecurity.com/0810-exploits/habaricms-xss.txt" - }, - { - "name" : "31794", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31794" - }, - { - "name" : "32311", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32311" - }, - { - "name" : "habari-habariusername-xss(45951)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45951" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the login feature in Habari CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the habari_username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31794", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31794" + }, + { + "name": "habari-habariusername-xss(45951)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45951" + }, + { + "name": "http://packetstorm.linuxsecurity.com/0810-exploits/habaricms-xss.txt", + "refsource": "MISC", + "url": "http://packetstorm.linuxsecurity.com/0810-exploits/habaricms-xss.txt" + }, + { + "name": "32311", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32311" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4663.json b/2008/4xxx/CVE-2008-4663.json index 73fdeb42107..13195ed93ea 100644 --- a/2008/4xxx/CVE-2008-4663.json +++ b/2008/4xxx/CVE-2008-4663.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in analysis.cgi 1.44, as used in K's CGI Access Log Kaiseki (1) jcode.pl and (2) Jcode.pm, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kumacchi.com/cgiroom/cgis/accesslogex/accesslogex.html", - "refsource" : "CONFIRM", - "url" : "http://www.kumacchi.com/cgiroom/cgis/accesslogex/accesslogex.html" - }, - { - "name" : "http://www.kumacchi.com/cgiroom/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.kumacchi.com/cgiroom/index.html" - }, - { - "name" : "JVN#46869708", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN46869708/index.html" - }, - { - "name" : "JVN#72065744", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN72065744/index.html" - }, - { - "name" : "JVNDB-2008-000043", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000043.html" - }, - { - "name" : "JVNDB-2008-000044", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000044.html" - }, - { - "name" : "accesslogkaiseki-analysis-xss(46053)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in analysis.cgi 1.44, as used in K's CGI Access Log Kaiseki (1) jcode.pl and (2) Jcode.pm, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kumacchi.com/cgiroom/index.html", + "refsource": "CONFIRM", + "url": "http://www.kumacchi.com/cgiroom/index.html" + }, + { + "name": "JVN#72065744", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN72065744/index.html" + }, + { + "name": "JVNDB-2008-000044", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000044.html" + }, + { + "name": "JVN#46869708", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN46869708/index.html" + }, + { + "name": "accesslogkaiseki-analysis-xss(46053)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46053" + }, + { + "name": "http://www.kumacchi.com/cgiroom/cgis/accesslogex/accesslogex.html", + "refsource": "CONFIRM", + "url": "http://www.kumacchi.com/cgiroom/cgis/accesslogex/accesslogex.html" + }, + { + "name": "JVNDB-2008-000043", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000043.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4843.json b/2008/4xxx/CVE-2008-4843.json index fc54237eae0..d2136c392ce 100644 --- a/2008/4xxx/CVE-2008-4843.json +++ b/2008/4xxx/CVE-2008-4843.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4843", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-4843", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7224.json b/2008/7xxx/CVE-2008-7224.json index 81366654564..adcc6df7f58 100644 --- a/2008/7xxx/CVE-2008-7224.json +++ b/2008/7xxx/CVE-2008-7224.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows remote attackers to cause a denial of service (crash) via a crafted link." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[elinks-users] 20080204 [ANNOUNCE] ELinks 0.11.4rc0", - "refsource" : "MLIST", - "url" : "http://linuxfromscratch.org/pipermail/elinks-users/2008-February/001604.html" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380347", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380347" - }, - { - "name" : "41949", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41949" - }, - { - "name" : "oval:org.mitre.oval:def:10126", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows remote attackers to cause a denial of service (crash) via a crafted link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:10126", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10126" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380347", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380347" + }, + { + "name": "[elinks-users] 20080204 [ANNOUNCE] ELinks 0.11.4rc0", + "refsource": "MLIST", + "url": "http://linuxfromscratch.org/pipermail/elinks-users/2008-February/001604.html" + }, + { + "name": "41949", + "refsource": "OSVDB", + "url": "http://osvdb.org/41949" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2375.json b/2013/2xxx/CVE-2013-2375.json index bbbdd4e56b7..7a36b6e8c4b 100644 --- a/2013/2xxx/CVE-2013-2375.json +++ b/2013/2xxx/CVE-2013-2375.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-2375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "GLSA-201308-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "RHSA-2013:0772", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0772.html" - }, - { - "name" : "53372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53372" + }, + { + "name": "GLSA-201308-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "RHSA-2013:0772", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0772.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2381.json b/2013/2xxx/CVE-2013-2381.json index 407d48de81a..21735576e89 100644 --- a/2013/2xxx/CVE-2013-2381.json +++ b/2013/2xxx/CVE-2013-2381.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-2381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "GLSA-201308-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "53372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53372" + }, + { + "name": "GLSA-201308-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2714.json b/2013/2xxx/CVE-2013-2714.json index 4cc1c0df452..8e447d69626 100644 --- a/2013/2xxx/CVE-2013-2714.json +++ b/2013/2xxx/CVE-2013-2714.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2714", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2714", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3079.json b/2013/3xxx/CVE-2013-3079.json index d4d55ba1229..bdae6f74278 100644 --- a/2013/3xxx/CVE-2013-3079.json +++ b/2013/3xxx/CVE-2013-3079.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface (VAMI) access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2013-0006.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2013-0006.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface (VAMI) access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2013-0006.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2013-0006.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3367.json b/2013/3xxx/CVE-2013-3367.json index 6afc88db9e7..bb7b6011542 100644 --- a/2013/3xxx/CVE-2013-3367.json +++ b/2013/3xxx/CVE-2013-3367.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3367", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3367", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6018.json b/2013/6xxx/CVE-2013-6018.json index ff2360a5e4e..98ea6ca6e03 100644 --- a/2013/6xxx/CVE-2013-6018.json +++ b/2013/6xxx/CVE-2013-6018.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in login.jsp in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-6018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#911678", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/911678" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in login.jsp in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#911678", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/911678" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6037.json b/2013/6xxx/CVE-2013-6037.json index 543930e2c36..3190a9bf03c 100644 --- a/2013/6xxx/CVE-2013-6037.json +++ b/2013/6xxx/CVE-2013-6037.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Aker Secure Mail Gateway 2.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-6037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#687278", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/687278" - }, - { - "name" : "66024", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Aker Secure Mail Gateway 2.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#687278", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/687278" + }, + { + "name": "66024", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66024" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6610.json b/2013/6xxx/CVE-2013-6610.json index 0d4d1318f13..7a6b9594c63 100644 --- a/2013/6xxx/CVE-2013-6610.json +++ b/2013/6xxx/CVE-2013-6610.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6610", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6610", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6853.json b/2013/6xxx/CVE-2013-6853.json index 6433faa1679..c4727ba2b92 100644 --- a/2013/6xxx/CVE-2013-6853.json +++ b/2013/6xxx/CVE-2013-6853.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is stored by the victim." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/124800/Y-Toolbar-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/124800/Y-Toolbar-Cross-Site-Scripting.html" - }, - { - "name" : "http://www.cloudscan.me/2014/01/cve-2013-6853-stored-xss-in-y-toolbar.html", - "refsource" : "MISC", - "url" : "http://www.cloudscan.me/2014/01/cve-2013-6853-stored-xss-in-y-toolbar.html" - }, - { - "name" : "64971", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64971" - }, - { - "name" : "102175", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102175" - }, - { - "name" : "yahootoolbar-clickstream-xss(90529)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is stored by the victim." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64971", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64971" + }, + { + "name": "http://packetstormsecurity.com/files/124800/Y-Toolbar-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/124800/Y-Toolbar-Cross-Site-Scripting.html" + }, + { + "name": "http://www.cloudscan.me/2014/01/cve-2013-6853-stored-xss-in-y-toolbar.html", + "refsource": "MISC", + "url": "http://www.cloudscan.me/2014/01/cve-2013-6853-stored-xss-in-y-toolbar.html" + }, + { + "name": "102175", + "refsource": "OSVDB", + "url": "http://osvdb.org/102175" + }, + { + "name": "yahootoolbar-clickstream-xss(90529)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90529" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7342.json b/2013/7xxx/CVE-2013-7342.json index f8a7bc42ee1..207d8a66e8b 100644 --- a/2013/7xxx/CVE-2013-7342.json +++ b/2013/7xxx/CVE-2013-7342.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web script or HTML via the callback parameter, a related issue to CVE-2013-7341." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/flowplayer/flowplayer/commit/017f8c2a0865ab31e01d591adc43d34f2dd60e59", - "refsource" : "CONFIRM", - "url" : "https://github.com/flowplayer/flowplayer/commit/017f8c2a0865ab31e01d591adc43d34f2dd60e59" - }, - { - "name" : "https://github.com/flowplayer/flowplayer/issues/381", - "refsource" : "CONFIRM", - "url" : "https://github.com/flowplayer/flowplayer/issues/381" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web script or HTML via the callback parameter, a related issue to CVE-2013-7341." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/flowplayer/flowplayer/issues/381", + "refsource": "CONFIRM", + "url": "https://github.com/flowplayer/flowplayer/issues/381" + }, + { + "name": "https://github.com/flowplayer/flowplayer/commit/017f8c2a0865ab31e01d591adc43d34f2dd60e59", + "refsource": "CONFIRM", + "url": "https://github.com/flowplayer/flowplayer/commit/017f8c2a0865ab31e01d591adc43d34f2dd60e59" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7458.json b/2013/7xxx/CVE-2013-7458.json index 0a8c528d931..ec9e8cb64f6 100644 --- a/2013/7xxx/CVE-2013-7458.json +++ b/2013/7xxx/CVE-2013-7458.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2013-7458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832460", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832460" - }, - { - "name" : "https://github.com/antirez/linenoise/issues/121", - "refsource" : "CONFIRM", - "url" : "https://github.com/antirez/linenoise/issues/121" - }, - { - "name" : "https://github.com/antirez/linenoise/pull/122", - "refsource" : "CONFIRM", - "url" : "https://github.com/antirez/linenoise/pull/122" - }, - { - "name" : "https://github.com/antirez/redis/blob/3.2/00-RELEASENOTES", - "refsource" : "CONFIRM", - "url" : "https://github.com/antirez/redis/blob/3.2/00-RELEASENOTES" - }, - { - "name" : "https://github.com/antirez/redis/issues/3284", - "refsource" : "CONFIRM", - "url" : "https://github.com/antirez/redis/issues/3284" - }, - { - "name" : "https://github.com/antirez/redis/pull/1418", - "refsource" : "CONFIRM", - "url" : "https://github.com/antirez/redis/pull/1418" - }, - { - "name" : "https://github.com/antirez/redis/pull/3322", - "refsource" : "CONFIRM", - "url" : "https://github.com/antirez/redis/pull/3322" - }, - { - "name" : "DSA-3634", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3634" - }, - { - "name" : "openSUSE-SU-2016:1980", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00029.html" - }, - { - "name" : "openSUSE-SU-2016:1981", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00030.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/antirez/redis/pull/3322", + "refsource": "CONFIRM", + "url": "https://github.com/antirez/redis/pull/3322" + }, + { + "name": "openSUSE-SU-2016:1981", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00030.html" + }, + { + "name": "https://github.com/antirez/redis/pull/1418", + "refsource": "CONFIRM", + "url": "https://github.com/antirez/redis/pull/1418" + }, + { + "name": "https://github.com/antirez/redis/blob/3.2/00-RELEASENOTES", + "refsource": "CONFIRM", + "url": "https://github.com/antirez/redis/blob/3.2/00-RELEASENOTES" + }, + { + "name": "openSUSE-SU-2016:1980", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00029.html" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832460", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832460" + }, + { + "name": "https://github.com/antirez/linenoise/issues/121", + "refsource": "CONFIRM", + "url": "https://github.com/antirez/linenoise/issues/121" + }, + { + "name": "https://github.com/antirez/linenoise/pull/122", + "refsource": "CONFIRM", + "url": "https://github.com/antirez/linenoise/pull/122" + }, + { + "name": "DSA-3634", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3634" + }, + { + "name": "https://github.com/antirez/redis/issues/3284", + "refsource": "CONFIRM", + "url": "https://github.com/antirez/redis/issues/3284" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10147.json b/2017/10xxx/CVE-2017-10147.json index 5ee8c35f7c7..1adc41c635d 100644 --- a/2017/10xxx/CVE-2017-10147.json +++ b/2017/10xxx/CVE-2017-10147.json @@ -1,95 +1,95 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebLogic Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "10.3.6.0" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.1" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.1 and 12.2.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 8.6 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). NOTE: the previous information is from the July 2017 CPU. Oracle has not commented on third-party claims that this issue exists in the migrate functionality in the WebLogic/cluster/singleton/ServerMigrationCoordinator class and allows remote attackers to shutdown the server via a crafted T3 request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.3.6.0" + }, + { + "version_affected": "=", + "version_value": "12.1.3.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.1" + }, + { + "version_affected": "=", + "version_value": "12.2.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://erpscan.io/advisories/erpscan-17-041-unauthorized-container-shutdown-servermigrationcoordinator/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-17-041-unauthorized-container-shutdown-servermigrationcoordinator/" - }, - { - "name" : "https://github.com/vah13/OracleCVE/tree/master/CVE-2017-10147", - "refsource" : "MISC", - "url" : "https://github.com/vah13/OracleCVE/tree/master/CVE-2017-10147" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99651", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99651" - }, - { - "name" : "1038939", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.1 and 12.2.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 8.6 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). NOTE: the previous information is from the July 2017 CPU. Oracle has not commented on third-party claims that this issue exists in the migrate functionality in the WebLogic/cluster/singleton/ServerMigrationCoordinator class and allows remote attackers to shutdown the server via a crafted T3 request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99651", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99651" + }, + { + "name": "https://erpscan.io/advisories/erpscan-17-041-unauthorized-container-shutdown-servermigrationcoordinator/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-17-041-unauthorized-container-shutdown-servermigrationcoordinator/" + }, + { + "name": "1038939", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038939" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + }, + { + "name": "https://github.com/vah13/OracleCVE/tree/master/CVE-2017-10147", + "refsource": "MISC", + "url": "https://github.com/vah13/OracleCVE/tree/master/CVE-2017-10147" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10283.json b/2017/10xxx/CVE-2017-10283.json index c5e6e8da328..88c5ef3529e 100644 --- a/2017/10xxx/CVE-2017-10283.json +++ b/2017/10xxx/CVE-2017-10283.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.6.37 and earlier" - }, - { - "version_affected" : "=", - "version_value" : "5.7.19 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.6.37 and earlier" + }, + { + "version_affected": "=", + "version_value": "5.7.19 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171019-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171019-0002/" - }, - { - "name" : "RHSA-2017:3265", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3265" - }, - { - "name" : "RHSA-2017:3442", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3442" - }, - { - "name" : "101420", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101420" - }, - { - "name" : "1039597", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20171019-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171019-0002/" + }, + { + "name": "RHSA-2017:3265", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3265" + }, + { + "name": "1039597", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039597" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "RHSA-2017:3442", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3442" + }, + { + "name": "101420", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101420" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10320.json b/2017/10xxx/CVE-2017-10320.json index d1d5e50437b..c103b3175e5 100644 --- a/2017/10xxx/CVE-2017-10320.json +++ b/2017/10xxx/CVE-2017-10320.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.7.19 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.7.19 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171019-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171019-0002/" - }, - { - "name" : "RHSA-2017:3442", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3442" - }, - { - "name" : "101410", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101410" - }, - { - "name" : "1039597", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20171019-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171019-0002/" + }, + { + "name": "101410", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101410" + }, + { + "name": "1039597", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039597" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "RHSA-2017:3442", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3442" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10854.json b/2017/10xxx/CVE-2017-10854.json index 1ce69d959b8..d34d941e365 100644 --- a/2017/10xxx/CVE-2017-10854.json +++ b/2017/10xxx/CVE-2017-10854.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-10854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CG-WGR1200", - "version" : { - "version_data" : [ - { - "version_value" : "firmware 2.20 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Corega Inc" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authentication bypass" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-10854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CG-WGR1200", + "version": { + "version_data": [ + { + "version_value": "firmware 2.20 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Corega Inc" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://corega.jp/support/security/20180309_wgr1200.htm", - "refsource" : "CONFIRM", - "url" : "http://corega.jp/support/security/20180309_wgr1200.htm" - }, - { - "name" : "JVN#15201064", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN15201064/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#15201064", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN15201064/index.html" + }, + { + "name": "http://corega.jp/support/security/20180309_wgr1200.htm", + "refsource": "CONFIRM", + "url": "http://corega.jp/support/security/20180309_wgr1200.htm" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14211.json b/2017/14xxx/CVE-2017-14211.json index 161fbaec0f8..0aef0476dd2 100644 --- a/2017/14xxx/CVE-2017-14211.json +++ b/2017/14xxx/CVE-2017-14211.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14211", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14211", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14465.json b/2017/14xxx/CVE-2017-14465.json index 45435a59fca..5398a72bde8 100644 --- a/2017/14xxx/CVE-2017-14465.json +++ b/2017/14xxx/CVE-2017-14465.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-03-28T00:00:00", - "ID" : "CVE-2017-14465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Allen Bradley", - "version" : { - "version_data" : [ - { - "version_value" : "Allen Bradley Micrologix 1400 Series B FRN 21.2, Allen Bradley Micrologix 1400 Series B FRN 21.0, Allen Bradley Micrologix 1400 Series B FRN 15" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE Description: Any input or output can be forced, causing unpredictable activity from the PLC." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-03-28T00:00:00", + "ID": "CVE-2017-14465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Allen Bradley", + "version": { + "version_data": [ + { + "version_value": "Allen Bradley Micrologix 1400 Series B FRN 21.2, Allen Bradley Micrologix 1400 Series B FRN 21.0, Allen Bradley Micrologix 1400 Series B FRN 15" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE Description: Any input or output can be forced, causing unpredictable activity from the PLC." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15381.json b/2017/15xxx/CVE-2017-15381.json index 7e902839ca2..9225d1dd314 100644 --- a/2017/15xxx/CVE-2017-15381.json +++ b/2017/15xxx/CVE-2017-15381.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42982", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42982/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42982", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42982/" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15705.json b/2017/15xxx/CVE-2017-15705.json index ec2d5fa0df8..401b7cad422 100644 --- a/2017/15xxx/CVE-2017-15705.json +++ b/2017/15xxx/CVE-2017-15705.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-09-16T00:00:00", - "ID" : "CVE-2017-15705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache SpamAssassin", - "version" : { - "version_data" : [ - { - "version_value" : "all modern versions before 3.4.2" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the \"open\" event is immediately followed by a \"close\" event - even if the tag *does not* close in the HTML being parsed. Because of this, we are missing the \"text\" event to deal with the object normally. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The issue is possibly a bug or design decision in HTML::Parser that specifically impacts the way Apache SpamAssassin uses the module with poorly formed html. The exploit has been seen in the wild but not believed to have been purposefully part of a Denial of Service attempt. We are concerned that there may be attempts to abuse the vulnerability in the future." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-09-16T00:00:00", + "ID": "CVE-2017-15705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache SpamAssassin", + "version": { + "version_data": [ + { + "version_value": "all modern versions before 3.4.2" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[announce] 20180916 [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E" - }, - { - "name" : "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html" - }, - { - "name" : "GLSA-201812-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201812-07" - }, - { - "name" : "RHSA-2018:2916", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2916" - }, - { - "name" : "USN-3811-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3811-1/" - }, - { - "name" : "USN-3811-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3811-2/" - }, - { - "name" : "105347", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the \"open\" event is immediately followed by a \"close\" event - even if the tag *does not* close in the HTML being parsed. Because of this, we are missing the \"text\" event to deal with the object normally. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The issue is possibly a bug or design decision in HTML::Parser that specifically impacts the way Apache SpamAssassin uses the module with poorly formed html. The exploit has been seen in the wild but not believed to have been purposefully part of a Denial of Service attempt. We are concerned that there may be attempts to abuse the vulnerability in the future." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3811-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3811-2/" + }, + { + "name": "USN-3811-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3811-1/" + }, + { + "name": "GLSA-201812-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201812-07" + }, + { + "name": "[announce] 20180916 [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E" + }, + { + "name": "RHSA-2018:2916", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2916" + }, + { + "name": "105347", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105347" + }, + { + "name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9014.json b/2017/9xxx/CVE-2017-9014.json index dcedf8e17c0..a9267460dd2 100644 --- a/2017/9xxx/CVE-2017-9014.json +++ b/2017/9xxx/CVE-2017-9014.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9014", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9014", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9179.json b/2017/9xxx/CVE-2017-9179.json index c49bd8e4f45..e7cd53f245c 100644 --- a/2017/9xxx/CVE-2017-9179.json +++ b/2017/9xxx/CVE-2017-9179.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:425:14." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:425:14." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9478.json b/2017/9xxx/CVE-2017-9478.json index bec4480a9a8..38f7522fecc 100644 --- a/2017/9xxx/CVE-2017-9478.json +++ b/2017/9xxx/CVE-2017-9478.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices sets the CM MAC address to a value with a two-byte offset from the MTA/VoIP MAC address, which indirectly allows remote attackers to discover hidden Home Security Wi-Fi networks by leveraging the embedding of the MTA/VoIP MAC address into the DNS hostname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-20.emta-reverse-dns.txt", - "refsource" : "MISC", - "url" : "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-20.emta-reverse-dns.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices sets the CM MAC address to a value with a two-byte offset from the MTA/VoIP MAC address, which indirectly allows remote attackers to discover hidden Home Security Wi-Fi networks by leveraging the embedding of the MTA/VoIP MAC address into the DNS hostname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-20.emta-reverse-dns.txt", + "refsource": "MISC", + "url": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-20.emta-reverse-dns.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9971.json b/2017/9xxx/CVE-2017-9971.json index 8fc7f038d31..478e6281f8f 100644 --- a/2017/9xxx/CVE-2017-9971.json +++ b/2017/9xxx/CVE-2017-9971.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9971", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-9971", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0200.json b/2018/0xxx/CVE-2018-0200.json index 1c178d088dc..9413d790cb3 100644 --- a/2018/0xxx/CVE-2018-0200.json +++ b/2018/0xxx/CVE-2018-0200.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Prime Service Catalog", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Prime Service Catalog" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based interface of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based interface of an affected product. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvh65713." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Prime Service Catalog", + "version": { + "version_data": [ + { + "version_value": "Cisco Prime Service Catalog" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-psc", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-psc" - }, - { - "name" : "103128", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103128" - }, - { - "name" : "1040408", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based interface of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based interface of an affected product. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvh65713." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103128", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103128" + }, + { + "name": "1040408", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040408" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-psc", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-psc" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0419.json b/2018/0xxx/CVE-2018-0419.json index f6c388fc2aa..06212e4c873 100644 --- a/2018/0xxx/CVE-2018-0419.json +++ b/2018/0xxx/CVE-2018-0419.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-08-15T00:00:00", - "ID" : "CVE-2018-0419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Email Security Appliance (ESA)", - "version" : { - "version_data" : [ - { - "version_value" : "unspecified" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco Systems, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in certain attachment detection mechanisms of Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected system. The vulnerability is due to the improper detection of content within executable (EXE) files. An attacker could exploit this vulnerability by sending a customized EXE file that is not recognized and blocked by the ESA. A successful exploit could allow an attacker to send email messages that contain malicious executable files to unsuspecting users. Cisco Bug IDs: CSCvh03786." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-08-15T00:00:00", + "ID": "CVE-2018-0419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Email Security Appliance (ESA)", + "version": { + "version_data": [ + { + "version_value": "unspecified" + } + ] + } + } + ] + }, + "vendor_name": "Cisco Systems, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180815 Cisco Email Security Appliance EXE File Scanning Bypass Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-esa-file-bypass" - }, - { - "name" : "105112", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105112" - }, - { - "name" : "1041531", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in certain attachment detection mechanisms of Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected system. The vulnerability is due to the improper detection of content within executable (EXE) files. An attacker could exploit this vulnerability by sending a customized EXE file that is not recognized and blocked by the ESA. A successful exploit could allow an attacker to send email messages that contain malicious executable files to unsuspecting users. Cisco Bug IDs: CSCvh03786." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105112", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105112" + }, + { + "name": "20180815 Cisco Email Security Appliance EXE File Scanning Bypass Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-esa-file-bypass" + }, + { + "name": "1041531", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041531" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0456.json b/2018/0xxx/CVE-2018-0456.json index 16185fe50dc..0ead8b88b1e 100644 --- a/2018/0xxx/CVE-2018-0456.json +++ b/2018/0xxx/CVE-2018-0456.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-10-17T16:00:00-0500", - "ID" : "CVE-2018-0456", - "STATE" : "PUBLIC", - "TITLE" : "Cisco NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco NX-OS Software for Nexus 3000 Series 7.0(3)I7(3)", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application of an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "7.7", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-10-17T16:00:00-0500", + "ID": "CVE-2018-0456", + "STATE": "PUBLIC", + "TITLE": "Cisco NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco NX-OS Software for Nexus 3000 Series 7.0(3)I7(3)", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181017 Cisco NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-nxos-snmp" - }, - { - "name" : "105668", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105668" - }, - { - "name" : "1041921", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041921" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20181017-nxos-snmp", - "defect" : [ - [ - "CSCvj70029" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application of an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "7.7", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20181017 Cisco NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-nxos-snmp" + }, + { + "name": "1041921", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041921" + }, + { + "name": "105668", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105668" + } + ] + }, + "source": { + "advisory": "cisco-sa-20181017-nxos-snmp", + "defect": [ + [ + "CSCvj70029" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0577.json b/2018/0xxx/CVE-2018-0577.json index 964b8135300..9d261ed57a8 100644 --- a/2018/0xxx/CVE-2018-0577.json +++ b/2018/0xxx/CVE-2018-0577.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WP Google Map Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "prior to version 4.0.4" - } - ] - } - } - ] - }, - "vendor_name" : "Flipper Code" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in WP Google Map Plugin prior to version 4.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WP Google Map Plugin", + "version": { + "version_data": [ + { + "version_value": "prior to version 4.0.4" + } + ] + } + } + ] + }, + "vendor_name": "Flipper Code" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wordpress.org/plugins/wp-google-map-plugin/#developers", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/wp-google-map-plugin/#developers" - }, - { - "name" : "JVN#01040170", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN01040170/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in WP Google Map Plugin prior to version 4.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/wp-google-map-plugin/#developers", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/wp-google-map-plugin/#developers" + }, + { + "name": "JVN#01040170", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN01040170/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000531.json b/2018/1000xxx/CVE-2018-1000531.json index 1c2b62660bd..132a7b746de 100644 --- a/2018/1000xxx/CVE-2018-1000531.json +++ b/2018/1000xxx/CVE-2018-1000531.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-06-23T11:22:33.043401", - "DATE_REQUESTED" : "2018-05-02T17:09:44", - "ID" : "CVE-2018-1000531", - "REQUESTER" : "ricardobgoncales@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "prime-jwt", - "version" : { - "version_data" : [ - { - "version_value" : "prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba" - } - ] - } - } - ] - }, - "vendor_name" : "inversoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT token. This attack can be exploitable when an attacker crafts a JWT token with a valid header using 'none' as algorithm and a body to requests it be validated. This vulnerability was fixed after commit abb0d479389a2509f939452a6767dc424bb5e6ba." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-06-23T11:22:33.043401", + "DATE_REQUESTED": "2018-05-02T17:09:44", + "ID": "CVE-2018-1000531", + "REQUESTER": "ricardobgoncales@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/inversoft/prime-jwt/issues/3", - "refsource" : "MISC", - "url" : "https://github.com/inversoft/prime-jwt/issues/3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT token. This attack can be exploitable when an attacker crafts a JWT token with a valid header using 'none' as algorithm and a body to requests it be validated. This vulnerability was fixed after commit abb0d479389a2509f939452a6767dc424bb5e6ba." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/inversoft/prime-jwt/issues/3", + "refsource": "MISC", + "url": "https://github.com/inversoft/prime-jwt/issues/3" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16314.json b/2018/16xxx/CVE-2018-16314.json index 31372aaf199..c314f114225 100644 --- a/2018/16xxx/CVE-2018-16314.json +++ b/2018/16xxx/CVE-2018-16314.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/idreamsoft/iCMS/issues/35", - "refsource" : "MISC", - "url" : "https://github.com/idreamsoft/iCMS/issues/35" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/idreamsoft/iCMS/issues/35", + "refsource": "MISC", + "url": "https://github.com/idreamsoft/iCMS/issues/35" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19067.json b/2018/19xxx/CVE-2018-19067.json index 4b70a330d1e..3b3171329e0 100644 --- a/2018/19xxx/CVE-2018-19067.json +++ b/2018/19xxx/CVE-2018-19067.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19067", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. There is a hardcoded Ak47@99 password for the factory~ account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19067", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt", - "refsource" : "MISC", - "url" : "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. There is a hardcoded Ak47@99 password for the factory~ account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt", + "refsource": "MISC", + "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19141.json b/2018/19xxx/CVE-2018-19141.json index e42353f7968..2b6eacdcdf5 100644 --- a/2018/19xxx/CVE-2018-19141.json +++ b/2018/19xxx/CVE-2018-19141.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181123 [SECURITY] [DLA 1592-1] otrs2 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00028.html" - }, - { - "name" : "https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/", - "refsource" : "MISC", - "url" : "https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20181123 [SECURITY] [DLA 1592-1] otrs2 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00028.html" + }, + { + "name": "https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/", + "refsource": "MISC", + "url": "https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19309.json b/2018/19xxx/CVE-2018-19309.json index 7bc9b5c4359..e75b0a1a350 100644 --- a/2018/19xxx/CVE-2018-19309.json +++ b/2018/19xxx/CVE-2018-19309.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19309", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19309", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19681.json b/2018/19xxx/CVE-2018-19681.json index 60464d8def8..71fb688b157 100644 --- a/2018/19xxx/CVE-2018-19681.json +++ b/2018/19xxx/CVE-2018-19681.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19681", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19681", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1024.json b/2018/1xxx/CVE-2018-1024.json index 7f44ec7e8d5..92748205dea 100644 --- a/2018/1xxx/CVE-2018-1024.json +++ b/2018/1xxx/CVE-2018-1024.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1024", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1024", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1642.json b/2018/1xxx/CVE-2018-1642.json index 5cb53f572bc..aebe7986915 100644 --- a/2018/1xxx/CVE-2018-1642.json +++ b/2018/1xxx/CVE-2018-1642.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1642", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1642", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4084.json b/2018/4xxx/CVE-2018-4084.json index 3c8b5f6e442..894fa1bef1b 100644 --- a/2018/4xxx/CVE-2018-4084.json +++ b/2018/4xxx/CVE-2018-4084.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the \"Wi-Fi\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208465", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208465" - }, - { - "name" : "102785", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102785" - }, - { - "name" : "1040267", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040267" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the \"Wi-Fi\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208465", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208465" + }, + { + "name": "102785", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102785" + }, + { + "name": "1040267", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040267" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4347.json b/2018/4xxx/CVE-2018-4347.json index 95b4af290f4..3e0ad3aa579 100644 --- a/2018/4xxx/CVE-2018-4347.json +++ b/2018/4xxx/CVE-2018-4347.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4347", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4347", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4385.json b/2018/4xxx/CVE-2018-4385.json index 89b4826d883..99ad3504eff 100644 --- a/2018/4xxx/CVE-2018-4385.json +++ b/2018/4xxx/CVE-2018-4385.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4385", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4385", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4854.json b/2018/4xxx/CVE-2018-4854.json index f2d60253088..568d474860b 100644 --- a/2018/4xxx/CVE-2018-4854.json +++ b/2018/4xxx/CVE-2018-4854.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "DATE_PUBLIC" : "2018-07-03T00:00:00", - "ID" : "CVE-2018-4854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SICLOCK TC100, SICLOCK TC400", - "version" : { - "version_data" : [ - { - "version_value" : "SICLOCK TC100 : All versions" - }, - { - "version_value" : "SICLOCK TC400 : All versions" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the administrative client stored on the device. If a legitimate user downloads and executes the modified client from the affected device, then he/she could obtain code execution on the client system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-306: Missing Authentication for Critical Function" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "DATE_PUBLIC": "2018-07-03T00:00:00", + "ID": "CVE-2018-4854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SICLOCK TC100, SICLOCK TC400", + "version": { + "version_data": [ + { + "version_value": "SICLOCK TC100 : All versions" + }, + { + "version_value": "SICLOCK TC400 : All versions" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf" - }, - { - "name" : "104672", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the administrative client stored on the device. If a legitimate user downloads and executes the modified client from the affected device, then he/she could obtain code execution on the client system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104672", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104672" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf" + } + ] + } +} \ No newline at end of file