diff --git a/2004/1xxx/CVE-2004-1819.json b/2004/1xxx/CVE-2004-1819.json index 5b22fb975e7..d83ef4fadba 100644 --- a/2004/1xxx/CVE-2004-1819.json +++ b/2004/1xxx/CVE-2004-1819.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to obtain sensitive information via a direct request to displaycategory.php, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040315 [waraxe-2004-SA#006 - Multiple vulnerabilities in 4nalbum module for PhpNuke]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107937780222514&w=2" - }, - { - "name" : "9881", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9881" - }, - { - "name" : "4291", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4291" - }, - { - "name" : "11134", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11134" - }, - { - "name" : "4nalbum-error path-disclosure(15493)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15493" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to obtain sensitive information via a direct request to displaycategory.php, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11134", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11134" + }, + { + "name": "9881", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9881" + }, + { + "name": "4291", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4291" + }, + { + "name": "20040315 [waraxe-2004-SA#006 - Multiple vulnerabilities in 4nalbum module for PhpNuke]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107937780222514&w=2" + }, + { + "name": "4nalbum-error path-disclosure(15493)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15493" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0124.json b/2008/0xxx/CVE-2008-0124.json index bdbeec1782f..93670877990 100644 --- a/2008/0xxx/CVE-2008-0124.json +++ b/2008/0xxx/CVE-2008-0124.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the \"Real name\" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://int21.de/cve/CVE-2008-0124-s9y.html", - "refsource" : "MISC", - "url" : "http://int21.de/cve/CVE-2008-0124-s9y.html" - }, - { - "name" : "http://blog.s9y.org/archives/191-Serendipity-1.3-beta1-released.html", - "refsource" : "CONFIRM", - "url" : "http://blog.s9y.org/archives/191-Serendipity-1.3-beta1-released.html" - }, - { - "name" : "DSA-1528", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1528" - }, - { - "name" : "28003", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28003" - }, - { - "name" : "ADV-2008-0700", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0700/references" - }, - { - "name" : "1019502", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019502" - }, - { - "name" : "29128", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29128" - }, - { - "name" : "29502", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29502" - }, - { - "name" : "serendipity-realname-username-xss(40851)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the \"Real name\" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0700", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0700/references" + }, + { + "name": "28003", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28003" + }, + { + "name": "29128", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29128" + }, + { + "name": "1019502", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019502" + }, + { + "name": "DSA-1528", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1528" + }, + { + "name": "http://int21.de/cve/CVE-2008-0124-s9y.html", + "refsource": "MISC", + "url": "http://int21.de/cve/CVE-2008-0124-s9y.html" + }, + { + "name": "29502", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29502" + }, + { + "name": "serendipity-realname-username-xss(40851)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40851" + }, + { + "name": "http://blog.s9y.org/archives/191-Serendipity-1.3-beta1-released.html", + "refsource": "CONFIRM", + "url": "http://blog.s9y.org/archives/191-Serendipity-1.3-beta1-released.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0287.json b/2008/0xxx/CVE-2008-0287.json index 10ec6494272..2054e91bed8 100644 --- a/2008/0xxx/CVE-2008-0287.json +++ b/2008/0xxx/CVE-2008-0287.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php and (2) checkout.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4889", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4889" - }, - { - "name" : "27231", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27231" - }, - { - "name" : "28424", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28424" - }, - { - "name" : "vcart-checkout-index-file-include(39616)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39616" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php and (2) checkout.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27231", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27231" + }, + { + "name": "4889", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4889" + }, + { + "name": "28424", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28424" + }, + { + "name": "vcart-checkout-index-file-include(39616)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39616" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0664.json b/2008/0xxx/CVE-2008-0664.json index ca8244a0916..ce6a166c33d 100644 --- a/2008/0xxx/CVE-2008-0664.json +++ b/2008/0xxx/CVE-2008-0664.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.village-idiot.org/archives/2008/02/02/wordpress-232-exploit-confirmed/", - "refsource" : "MISC", - "url" : "http://www.village-idiot.org/archives/2008/02/02/wordpress-232-exploit-confirmed/" - }, - { - "name" : "http://wordpress.org/development/2008/02/wordpress-233/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/development/2008/02/wordpress-233/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=431547", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=431547" - }, - { - "name" : "DSA-1601", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1601" - }, - { - "name" : "FEDORA-2008-1512", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00349.html" - }, - { - "name" : "FEDORA-2008-1559", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00416.html" - }, - { - "name" : "27669", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27669" - }, - { - "name" : "ADV-2008-0448", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0448" - }, - { - "name" : "1019316", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019316" - }, - { - "name" : "28823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28823" - }, - { - "name" : "28920", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28920" - }, - { - "name" : "30960", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30960" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1019316", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019316" + }, + { + "name": "http://wordpress.org/development/2008/02/wordpress-233/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/development/2008/02/wordpress-233/" + }, + { + "name": "28823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28823" + }, + { + "name": "28920", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28920" + }, + { + "name": "ADV-2008-0448", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0448" + }, + { + "name": "FEDORA-2008-1559", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00416.html" + }, + { + "name": "FEDORA-2008-1512", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00349.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=431547", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431547" + }, + { + "name": "30960", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30960" + }, + { + "name": "DSA-1601", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1601" + }, + { + "name": "http://www.village-idiot.org/archives/2008/02/02/wordpress-232-exploit-confirmed/", + "refsource": "MISC", + "url": "http://www.village-idiot.org/archives/2008/02/02/wordpress-232-exploit-confirmed/" + }, + { + "name": "27669", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27669" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0725.json b/2008/0xxx/CVE-2008-0725.json index 4ed95be4f32..91c30c81e2f 100644 --- a/2008/0xxx/CVE-2008-0725.json +++ b/2008/0xxx/CVE-2008-0725.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple heap-based buffer overflows in the (1) FTP service and (2) administration service in Titan FTP Server 6.0.5.549 allow remote attackers to cause a denial of service (daemon hang) and possibly execute arbitrary code via a long command. NOTE: the USER and PASS commands for the FTP service are covered by CVE-2008-0702." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "28760", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple heap-based buffer overflows in the (1) FTP service and (2) administration service in Titan FTP Server 6.0.5.549 allow remote attackers to cause a denial of service (daemon hang) and possibly execute arbitrary code via a long command. NOTE: the USER and PASS commands for the FTP service are covered by CVE-2008-0702." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28760", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28760" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0793.json b/2008/0xxx/CVE-2008-0793.json index 9943f4ae217..868ec31e726 100644 --- a/2008/0xxx/CVE-2008-0793.json +++ b/2008/0xxx/CVE-2008-0793.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in search.asp in Tendenci CMS allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) searchtext, (3) jobcategoryid, (4) contactcompany, and unspecified other parameters. NOTE: some of these details are obtained from third party information. NOTE: it is not clear whether this affects Tendenci Enterprise Edition in addition to the product's deployment on Tendenci's own server farm. If only the latter was affected, then this issue should not be included in CVE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://holisticinfosec.blogspot.com/2008/02/fastest-fix-in-west-vendors-excellent.html", - "refsource" : "MISC", - "url" : "http://holisticinfosec.blogspot.com/2008/02/fastest-fix-in-west-vendors-excellent.html" - }, - { - "name" : "http://blog.tendenci.com/2008/02/cross-site-scri.html", - "refsource" : "CONFIRM", - "url" : "http://blog.tendenci.com/2008/02/cross-site-scri.html" - }, - { - "name" : "27782", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27782" - }, - { - "name" : "28882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28882" - }, - { - "name" : "tendencicms-search-xss(40477)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in search.asp in Tendenci CMS allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) searchtext, (3) jobcategoryid, (4) contactcompany, and unspecified other parameters. NOTE: some of these details are obtained from third party information. NOTE: it is not clear whether this affects Tendenci Enterprise Edition in addition to the product's deployment on Tendenci's own server farm. If only the latter was affected, then this issue should not be included in CVE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28882" + }, + { + "name": "http://holisticinfosec.blogspot.com/2008/02/fastest-fix-in-west-vendors-excellent.html", + "refsource": "MISC", + "url": "http://holisticinfosec.blogspot.com/2008/02/fastest-fix-in-west-vendors-excellent.html" + }, + { + "name": "http://blog.tendenci.com/2008/02/cross-site-scri.html", + "refsource": "CONFIRM", + "url": "http://blog.tendenci.com/2008/02/cross-site-scri.html" + }, + { + "name": "27782", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27782" + }, + { + "name": "tendencicms-search-xss(40477)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40477" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3083.json b/2008/3xxx/CVE-2008-3083.json index 81ae8e6dce0..3e56a946c3c 100644 --- a/2008/3xxx/CVE-2008-3083.json +++ b/2008/3xxx/CVE-2008-3083.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Brightcode Weblinks (com_brightweblinks) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5993", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5993" - }, - { - "name" : "30060", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30060" - }, - { - "name" : "30922", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30922" - }, - { - "name" : "weblinks-index-sql-injection(43535)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43535" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Brightcode Weblinks (com_brightweblinks) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30060", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30060" + }, + { + "name": "30922", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30922" + }, + { + "name": "5993", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5993" + }, + { + "name": "weblinks-index-sql-injection(43535)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43535" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3280.json b/2008/3xxx/CVE-2008-3280.json index 3a5db0df32f..eef0331d13e 100644 --- a/2008/3xxx/CVE-2008-3280.json +++ b/2008/3xxx/CVE-2008-3280.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3280", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3280", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3441.json b/2008/3xxx/CVE-2008-3441.json index 966c6ea3ec9..31fe10031cc 100644 --- a/2008/3xxx/CVE-2008-3441.json +++ b/2008/3xxx/CVE-2008-3441.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html" - }, - { - "name" : "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf", - "refsource" : "MISC", - "url" : "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf" - }, - { - "name" : "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz", - "refsource" : "MISC", - "url" : "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz" - }, - { - "name" : "oval:org.mitre.oval:def:15225", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15225" - }, - { - "name" : "1020582", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020582" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15225", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15225" + }, + { + "name": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf", + "refsource": "MISC", + "url": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf" + }, + { + "name": "1020582", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020582" + }, + { + "name": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz", + "refsource": "MISC", + "url": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz" + }, + { + "name": "20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3521.json b/2008/3xxx/CVE-2008-3521.json index 29160b70cdf..5ad0e949c74 100644 --- a/2008/3xxx/CVE-2008-3521.json +++ b/2008/3xxx/CVE-2008-3521.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-3521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.gentoo.org/attachment.cgi?id=163282&action=view", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/attachment.cgi?id=163282&action=view" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=222819", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=222819" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3521", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3521" - }, - { - "name" : "MDVSA-2009:142", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:142" - }, - { - "name" : "MDVSA-2009:164", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:164" - }, - { - "name" : "USN-742-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-742-1" - }, - { - "name" : "31470", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31470" - }, - { - "name" : "34391", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34391" - }, - { - "name" : "jasper-jasstreamtmpfile-symlink(45622)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31470", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31470" + }, + { + "name": "MDVSA-2009:164", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:164" + }, + { + "name": "http://bugs.gentoo.org/attachment.cgi?id=163282&action=view", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/attachment.cgi?id=163282&action=view" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3521", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3521" + }, + { + "name": "34391", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34391" + }, + { + "name": "MDVSA-2009:142", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:142" + }, + { + "name": "USN-742-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-742-1" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=222819", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=222819" + }, + { + "name": "jasper-jasstreamtmpfile-symlink(45622)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45622" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4084.json b/2008/4xxx/CVE-2008-4084.json index 10ba21f9dfc..7428b77c25d 100644 --- a/2008/4xxx/CVE-2008-4084.json +++ b/2008/4xxx/CVE-2008-4084.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in staticpages/easyclassifields/index.php in MyioSoft EasyClassifields 3.0 allows remote attackers to execute arbitrary SQL commands via the go parameter in a browse action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6342", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6342" - }, - { - "name" : "30943", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30943" - }, - { - "name" : "31682", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31682" - }, - { - "name" : "4254", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4254" - }, - { - "name" : "easyclassifields-index-sql-injection(44799)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44799" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in staticpages/easyclassifields/index.php in MyioSoft EasyClassifields 3.0 allows remote attackers to execute arbitrary SQL commands via the go parameter in a browse action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6342", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6342" + }, + { + "name": "easyclassifields-index-sql-injection(44799)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44799" + }, + { + "name": "31682", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31682" + }, + { + "name": "30943", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30943" + }, + { + "name": "4254", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4254" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4226.json b/2008/4xxx/CVE-2008-4226.json index 3a54a40e118..1cef6c57c2d 100644 --- a/2008/4xxx/CVE-2008-4226.json +++ b/2008/4xxx/CVE-2008-4226.json @@ -1,332 +1,332 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0325", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0325" - }, - { - "name" : "https://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc10", - "refsource" : "CONFIRM", - "url" : "https://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc10" - }, - { - "name" : "https://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc9", - "refsource" : "CONFIRM", - "url" : "https://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc9" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=470466", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=470466" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-002.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-002.htm" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0001.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0001.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-067.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-067.htm" - }, - { - "name" : "http://support.apple.com/kb/HT3613", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3613" - }, - { - "name" : "http://support.apple.com/kb/HT3639", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3639" - }, - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1" - }, - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1" - }, - { - "name" : "APPLE-SA-2009-06-08-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" - }, - { - "name" : "APPLE-SA-2009-06-17-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" - }, - { - "name" : "DSA-1666", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1666" - }, - { - "name" : "FEDORA-2008-9729", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00472.html" - }, - { - "name" : "FEDORA-2008-9773", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00513.html" - }, - { - "name" : "GLSA-200812-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200812-06.xml" - }, - { - "name" : "HPSBMA02492", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" - }, - { - "name" : "SSRT100079", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" - }, - { - "name" : "MDVSA-2008:231", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:231" - }, - { - "name" : "RHSA-2008:0988", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0988.html" - }, - { - "name" : "SSA:2008-324-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473974" - }, - { - "name" : "251406", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-251406-1" - }, - { - "name" : "261688", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1" - }, - { - "name" : "265329", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1" - }, - { - "name" : "SUSE-SR:2008:026", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html" - }, - { - "name" : "USN-673-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-673-1" - }, - { - "name" : "32326", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32326" - }, - { - "name" : "oval:org.mitre.oval:def:6219", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6219" - }, - { - "name" : "oval:org.mitre.oval:def:6360", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6360" - }, - { - "name" : "oval:org.mitre.oval:def:9888", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9888" - }, - { - "name" : "33746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33746" - }, - { - "name" : "34247", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34247" - }, - { - "name" : "35379", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35379" - }, - { - "name" : "36173", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36173" - }, - { - "name" : "36235", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36235" - }, - { - "name" : "ADV-2008-3176", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3176" - }, - { - "name" : "ADV-2009-0301", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0301" - }, - { - "name" : "ADV-2009-0034", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0034" - }, - { - "name" : "ADV-2009-0323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0323" - }, - { - "name" : "49993", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/49993" - }, - { - "name" : "1021238", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021238" - }, - { - "name" : "32762", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32762" - }, - { - "name" : "32764", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32764" - }, - { - "name" : "32766", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32766" - }, - { - "name" : "32773", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32773" - }, - { - "name" : "32802", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32802" - }, - { - "name" : "32807", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32807" - }, - { - "name" : "32811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32811" - }, - { - "name" : "32872", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32872" - }, - { - "name" : "33417", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33417" - }, - { - "name" : "32974", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32974" - }, - { - "name" : "33792", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33792" - }, - { - "name" : "ADV-2009-1522", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1522" - }, - { - "name" : "ADV-2009-1621", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32766", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32766" + }, + { + "name": "http://support.apple.com/kb/HT3639", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3639" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1" + }, + { + "name": "32326", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32326" + }, + { + "name": "32773", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32773" + }, + { + "name": "oval:org.mitre.oval:def:6360", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6360" + }, + { + "name": "ADV-2009-1621", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1621" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=470466", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470466" + }, + { + "name": "oval:org.mitre.oval:def:6219", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6219" + }, + { + "name": "FEDORA-2008-9773", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00513.html" + }, + { + "name": "32807", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32807" + }, + { + "name": "APPLE-SA-2009-06-08-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" + }, + { + "name": "FEDORA-2008-9729", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00472.html" + }, + { + "name": "49993", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/49993" + }, + { + "name": "32764", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32764" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0001.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0001.html" + }, + { + "name": "USN-673-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-673-1" + }, + { + "name": "ADV-2009-0301", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0301" + }, + { + "name": "oval:org.mitre.oval:def:9888", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9888" + }, + { + "name": "33746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33746" + }, + { + "name": "https://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc9", + "refsource": "CONFIRM", + "url": "https://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc9" + }, + { + "name": "ADV-2009-0034", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0034" + }, + { + "name": "34247", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34247" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-067.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-067.htm" + }, + { + "name": "36173", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36173" + }, + { + "name": "ADV-2009-1522", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1522" + }, + { + "name": "HPSBMA02492", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" + }, + { + "name": "251406", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-251406-1" + }, + { + "name": "GLSA-200812-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200812-06.xml" + }, + { + "name": "APPLE-SA-2009-06-17-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" + }, + { + "name": "32872", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32872" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-002.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-002.htm" + }, + { + "name": "SSA:2008-324-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473974" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0325", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0325" + }, + { + "name": "DSA-1666", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1666" + }, + { + "name": "32802", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32802" + }, + { + "name": "35379", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35379" + }, + { + "name": "32974", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32974" + }, + { + "name": "33792", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33792" + }, + { + "name": "36235", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36235" + }, + { + "name": "32762", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32762" + }, + { + "name": "265329", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1" + }, + { + "name": "RHSA-2008:0988", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0988.html" + }, + { + "name": "33417", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33417" + }, + { + "name": "https://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc10", + "refsource": "CONFIRM", + "url": "https://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc10" + }, + { + "name": "261688", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1" + }, + { + "name": "MDVSA-2008:231", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:231" + }, + { + "name": "http://support.apple.com/kb/HT3613", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3613" + }, + { + "name": "ADV-2009-0323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0323" + }, + { + "name": "SUSE-SR:2008:026", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html" + }, + { + "name": "32811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32811" + }, + { + "name": "SSRT100079", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" + }, + { + "name": "ADV-2008-3176", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3176" + }, + { + "name": "1021238", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021238" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4234.json b/2008/4xxx/CVE-2008-4234.json index b14d21dc2c0..939ca449406 100644 --- a/2008/4xxx/CVE-2008-4234.json +++ b/2008/4xxx/CVE-2008-4234.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application association for the file, which does not trigger a \"potentially unsafe\" warning message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3338", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3338" - }, - { - "name" : "APPLE-SA-2008-12-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html" - }, - { - "name" : "TA08-350A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-350A.html" - }, - { - "name" : "32839", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32839" - }, - { - "name" : "ADV-2008-3444", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3444" - }, - { - "name" : "1021400", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021400" - }, - { - "name" : "33179", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33179" - }, - { - "name" : "macosx-quarantine-code-execution(47689)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application association for the file, which does not trigger a \"potentially unsafe\" warning message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-3444", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3444" + }, + { + "name": "TA08-350A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html" + }, + { + "name": "33179", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33179" + }, + { + "name": "32839", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32839" + }, + { + "name": "macosx-quarantine-code-execution(47689)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47689" + }, + { + "name": "http://support.apple.com/kb/HT3338", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3338" + }, + { + "name": "APPLE-SA-2008-12-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html" + }, + { + "name": "1021400", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021400" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4429.json b/2008/4xxx/CVE-2008-4429.json index a315a225f87..cc6105dc169 100644 --- a/2008/4xxx/CVE-2008-4429.json +++ b/2008/4xxx/CVE-2008-4429.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in SOURCENEXT Virus Security ZERO 9.5.0173 and earlier and Virus Security 9.5.0173 and earlier allows remote attackers to cause a denial of service (memory consumption or application crash) via malformed compressed files. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#66077895", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN66077895/" - }, - { - "name" : "http://sec.sourcenext.info/support/bulletin.html", - "refsource" : "CONFIRM", - "url" : "http://sec.sourcenext.info/support/bulletin.html" - }, - { - "name" : "30650", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30650" - }, - { - "name" : "ADV-2008-2335", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2335" - }, - { - "name" : "31452", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31452" - }, - { - "name" : "sourcenext-virussecurity-files-dos(44397)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44397" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in SOURCENEXT Virus Security ZERO 9.5.0173 and earlier and Virus Security 9.5.0173 and earlier allows remote attackers to cause a denial of service (memory consumption or application crash) via malformed compressed files. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30650", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30650" + }, + { + "name": "sourcenext-virussecurity-files-dos(44397)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44397" + }, + { + "name": "http://sec.sourcenext.info/support/bulletin.html", + "refsource": "CONFIRM", + "url": "http://sec.sourcenext.info/support/bulletin.html" + }, + { + "name": "ADV-2008-2335", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2335" + }, + { + "name": "31452", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31452" + }, + { + "name": "JVN#66077895", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN66077895/" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4470.json b/2008/4xxx/CVE-2008-4470.json index 27b08f9d244..213e5bd2ce6 100644 --- a/2008/4xxx/CVE-2008-4470.json +++ b/2008/4xxx/CVE-2008-4470.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Numark CUE 5.0 rev2 allows user-assisted attackers to cause a denial of service (application crash) or execute arbitrary code via an M3U playlist file that contains a long absolute pathname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6389", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6389" - }, - { - "name" : "31042", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31042" - }, - { - "name" : "ADV-2008-2516", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2516" - }, - { - "name" : "4354", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4354" - }, - { - "name" : "numark-cue-m3u-bo(44958)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44958" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Numark CUE 5.0 rev2 allows user-assisted attackers to cause a denial of service (application crash) or execute arbitrary code via an M3U playlist file that contains a long absolute pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4354", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4354" + }, + { + "name": "6389", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6389" + }, + { + "name": "ADV-2008-2516", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2516" + }, + { + "name": "numark-cue-m3u-bo(44958)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44958" + }, + { + "name": "31042", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31042" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4570.json b/2008/4xxx/CVE-2008-4570.json index 115c9229b7c..cee8f59efc1 100644 --- a/2008/4xxx/CVE-2008-4570.json +++ b/2008/4xxx/CVE-2008-4570.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6736", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6736" - }, - { - "name" : "31723", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31723" - }, - { - "name" : "32223", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32223" - }, - { - "name" : "4418", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4418" - }, - { - "name" : "realestates-index-sql-injection(45819)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32223", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32223" + }, + { + "name": "31723", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31723" + }, + { + "name": "4418", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4418" + }, + { + "name": "6736", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6736" + }, + { + "name": "realestates-index-sql-injection(45819)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45819" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7018.json b/2008/7xxx/CVE-2008-7018.json index 96f88dddc1f..3450bab9c03 100644 --- a/2008/7xxx/CVE-2008-7018.json +++ b/2008/7xxx/CVE-2008-7018.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar 6.3.25 allows remote attackers to inject arbitrary web script or HTML via the Details field (descr parameter) in an Add New Event action in an unspecified request as generated by an add action in index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080928 PHP Calendar Script Remote XSS (Permanent) Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496796" - }, - { - "name" : "31478", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31478" - }, - { - "name" : "easyphpcalendar-addnewevent-xss(45517)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar 6.3.25 allows remote attackers to inject arbitrary web script or HTML via the Details field (descr parameter) in an Add New Event action in an unspecified request as generated by an add action in index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080928 PHP Calendar Script Remote XSS (Permanent) Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496796" + }, + { + "name": "31478", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31478" + }, + { + "name": "easyphpcalendar-addnewevent-xss(45517)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45517" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7071.json b/2008/7xxx/CVE-2008-7071.json index 7a4dfb5e1fe..4e5d38753e1 100644 --- a/2008/7xxx/CVE-2008-7071.json +++ b/2008/7xxx/CVE-2008-7071.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in authenticate.php in Chipmunk Topsites allows remote attackers to execute arbitrary SQL commands via the username parameter, related to login.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7227", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7227" - }, - { - "name" : "32469", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32469" - }, - { - "name" : "chipmunk-topsites-authenticate-sql-injection(46836)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in authenticate.php in Chipmunk Topsites allows remote attackers to execute arbitrary SQL commands via the username parameter, related to login.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "chipmunk-topsites-authenticate-sql-injection(46836)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46836" + }, + { + "name": "7227", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7227" + }, + { + "name": "32469", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32469" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2028.json b/2013/2xxx/CVE-2013-2028.json index f5cecd60435..5ff1542bf8b 100644 --- a/2013/2xxx/CVE-2013-2028.json +++ b/2013/2xxx/CVE-2013-2028.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[nginx-announce] 20130507 nginx security advisory (CVE-2013-2028)", - "refsource" : "MLIST", - "url" : "http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html" - }, - { - "name" : "http://nginx.org/download/patch.2013.chunked.txt", - "refsource" : "MISC", - "url" : "http://nginx.org/download/patch.2013.chunked.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/121675/Nginx-1.3.9-1.4.0-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/121675/Nginx-1.3.9-1.4.0-Denial-Of-Service.html" - }, - { - "name" : "http://www.vnsecurity.net/2013/05/analysis-of-nginx-cve-2013-2028/", - "refsource" : "MISC", - "url" : "http://www.vnsecurity.net/2013/05/analysis-of-nginx-cve-2013-2028/" - }, - { - "name" : "https://github.com/rapid7/metasploit-framework/pull/1834", - "refsource" : "MISC", - "url" : "https://github.com/rapid7/metasploit-framework/pull/1834" - }, - { - "name" : "FEDORA-2013-7560", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105176.html" - }, - { - "name" : "GLSA-201310-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201310-04.xml" - }, - { - "name" : "59699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59699" - }, - { - "name" : "93037", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/93037" - }, - { - "name" : "55181", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55181" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[nginx-announce] 20130507 nginx security advisory (CVE-2013-2028)", + "refsource": "MLIST", + "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html" + }, + { + "name": "93037", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/93037" + }, + { + "name": "FEDORA-2013-7560", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105176.html" + }, + { + "name": "http://www.vnsecurity.net/2013/05/analysis-of-nginx-cve-2013-2028/", + "refsource": "MISC", + "url": "http://www.vnsecurity.net/2013/05/analysis-of-nginx-cve-2013-2028/" + }, + { + "name": "55181", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55181" + }, + { + "name": "59699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59699" + }, + { + "name": "GLSA-201310-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201310-04.xml" + }, + { + "name": "https://github.com/rapid7/metasploit-framework/pull/1834", + "refsource": "MISC", + "url": "https://github.com/rapid7/metasploit-framework/pull/1834" + }, + { + "name": "http://nginx.org/download/patch.2013.chunked.txt", + "refsource": "MISC", + "url": "http://nginx.org/download/patch.2013.chunked.txt" + }, + { + "name": "http://packetstormsecurity.com/files/121675/Nginx-1.3.9-1.4.0-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/121675/Nginx-1.3.9-1.4.0-Denial-Of-Service.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2123.json b/2013/2xxx/CVE-2013-2123.json index 3490d6e373c..5b9c9d12a6c 100644 --- a/2013/2xxx/CVE-2013-2123.json +++ b/2013/2xxx/CVE-2013-2123.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user account is deleted, which allows remote attackers to modify the content via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130529 Re: CVE request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/05/29/9" - }, - { - "name" : "https://drupal.org/node/2007122", - "refsource" : "MISC", - "url" : "https://drupal.org/node/2007122" - }, - { - "name" : "https://drupal.org/node/2007072", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/2007072" - }, - { - "name" : "https://drupal.org/node/2007078", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/2007078" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user account is deleted, which allows remote attackers to modify the content via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130529 Re: CVE request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/05/29/9" + }, + { + "name": "https://drupal.org/node/2007122", + "refsource": "MISC", + "url": "https://drupal.org/node/2007122" + }, + { + "name": "https://drupal.org/node/2007072", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/2007072" + }, + { + "name": "https://drupal.org/node/2007078", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/2007078" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2176.json b/2013/2xxx/CVE-2013-2176.json index bb3d0bcd960..b077955cb2c 100644 --- a/2013/2xxx/CVE-2013-2176.json +++ b/2013/2xxx/CVE-2013-2176.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the rhev-guest-tools-iso package 3.2 allows local users to gain privileges via a Trojan horse application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2013:1122", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1122.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the rhev-guest-tools-iso package 3.2 allows local users to gain privileges via a Trojan horse application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1122", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1122.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2261.json b/2013/2xxx/CVE-2013-2261.json index 00ce5e7d974..4b5b113ff9f 100644 --- a/2013/2xxx/CVE-2013-2261.json +++ b/2013/2xxx/CVE-2013-2261.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2261", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2261", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2367.json b/2013/2xxx/CVE-2013-2367.json index 97f52d11006..5bf733d787a 100644 --- a/2013/2xxx/CVE-2013-2367.json +++ b/2013/2xxx/CVE-2013-2367.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1678." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-2367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBGN02904", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03861260" - }, - { - "name" : "SSRT101073", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03861260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1678." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBGN02904", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03861260" + }, + { + "name": "SSRT101073", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03861260" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2903.json b/2013/2xxx/CVE-2013-2903.json index ad723f574c5..ceda12f57ba 100644 --- a/2013/2xxx/CVE-2013-2903.json +++ b/2013/2xxx/CVE-2013-2903.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving moving a (1) AUDIO or (2) VIDEO element between documents." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://crbug.com/260156", - "refsource" : "CONFIRM", - "url" : "http://crbug.com/260156" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=154696&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=154696&view=revision" - }, - { - "name" : "DSA-2741", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2741" - }, - { - "name" : "oval:org.mitre.oval:def:17571", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving moving a (1) AUDIO or (2) VIDEO element between documents." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://src.chromium.org/viewvc/blink?revision=154696&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=154696&view=revision" + }, + { + "name": "http://crbug.com/260156", + "refsource": "CONFIRM", + "url": "http://crbug.com/260156" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html" + }, + { + "name": "oval:org.mitre.oval:def:17571", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17571" + }, + { + "name": "DSA-2741", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2741" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3982.json b/2013/3xxx/CVE-2013-3982.json index 6d197d0dfc4..47cb309eeab 100644 --- a/2013/3xxx/CVE-2013-3982.json +++ b/2013/3xxx/CVE-2013-3982.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-3982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21671201", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21671201" - }, - { - "name" : "sametime-cve20133982-info-disc(84908)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84908" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sametime-cve20133982-info-disc(84908)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84908" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21671201", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671201" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6252.json b/2013/6xxx/CVE-2013-6252.json index 7b3a9659c70..0171a3bae88 100644 --- a/2013/6xxx/CVE-2013-6252.json +++ b/2013/6xxx/CVE-2013-6252.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6252", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6252", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6341.json b/2013/6xxx/CVE-2013-6341.json index 88526edfad6..7f8ccc170b4 100644 --- a/2013/6xxx/CVE-2013-6341.json +++ b/2013/6xxx/CVE-2013-6341.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131127 SQL Injection in Dokeos", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-11/0140.html" - }, - { - "name" : "30013", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/30013" - }, - { - "name" : "http://packetstormsecurity.com/files/124201", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/124201" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23181", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23181" - }, - { - "name" : "dokeos-cve20136341-sql-injection(89265)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89265" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131127 SQL Injection in Dokeos", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0140.html" + }, + { + "name": "30013", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/30013" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23181", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23181" + }, + { + "name": "http://packetstormsecurity.com/files/124201", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/124201" + }, + { + "name": "dokeos-cve20136341-sql-injection(89265)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89265" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6580.json b/2013/6xxx/CVE-2013-6580.json index 533f0e09dfe..a3e4c0efa4e 100644 --- a/2013/6xxx/CVE-2013-6580.json +++ b/2013/6xxx/CVE-2013-6580.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6580", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6580", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7052.json b/2013/7xxx/CVE-2013-7052.json index 50b14bdf256..28aa9eda0d0 100644 --- a/2013/7xxx/CVE-2013-7052.json +++ b/2013/7xxx/CVE-2013-7052.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7052", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7052", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7132.json b/2013/7xxx/CVE-2013-7132.json index 5c672305e78..96f9c5f4db9 100644 --- a/2013/7xxx/CVE-2013-7132.json +++ b/2013/7xxx/CVE-2013-7132.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7132", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7132", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10344.json b/2017/10xxx/CVE-2017-10344.json index e0ffdc1cc30..1a7849f4b15 100644 --- a/2017/10xxx/CVE-2017-10344.json +++ b/2017/10xxx/CVE-2017-10344.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Simphony", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "2.8" - }, - { - "version_affected" : "=", - "version_value" : "2.9" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). Supported versions that are affected are 2.8 and 2.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Simphony", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.8" + }, + { + "version_affected": "=", + "version_value": "2.9" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101414", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101414" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). Supported versions that are affected are 2.8 and 2.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101414", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101414" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10660.json b/2017/10xxx/CVE-2017-10660.json index 08808462e0f..c8dbcf3f9ae 100644 --- a/2017/10xxx/CVE-2017-10660.json +++ b/2017/10xxx/CVE-2017-10660.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10660", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-10660", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14077.json b/2017/14xxx/CVE-2017-14077.json index 9c7c4da9b51..d1854a7d9c3 100644 --- a/2017/14xxx/CVE-2017-14077.json +++ b/2017/14xxx/CVE-2017-14077.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.checkmarx.com/advisories/html-injection-securimage/", - "refsource" : "MISC", - "url" : "https://www.checkmarx.com/advisories/html-injection-securimage/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.checkmarx.com/advisories/html-injection-securimage/", + "refsource": "MISC", + "url": "https://www.checkmarx.com/advisories/html-injection-securimage/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14080.json b/2017/14xxx/CVE-2017-14080.json index c27565da21e..9653bc38604 100644 --- a/2017/14xxx/CVE-2017-14080.json +++ b/2017/14xxx/CVE-2017-14080.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "DATE_PUBLIC" : "2017-09-15T00:00:00", - "ID" : "CVE-2017-14080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mobile Security (Enterprise)", - "version" : { - "version_data" : [ - { - "version_value" : "< 9.7 Patch 3" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authentication Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "DATE_PUBLIC": "2017-09-15T00:00:00", + "ID": "CVE-2017-14080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mobile Security (Enterprise)", + "version": { + "version_data": [ + { + "version_value": "< 9.7 Patch 3" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-767", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-767" - }, - { - "name" : "https://success.trendmicro.com/solution/1118224", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1118224" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-767", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-767" + }, + { + "name": "https://success.trendmicro.com/solution/1118224", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1118224" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14282.json b/2017/14xxx/CVE-2017-14282.json index 2aa91236575..ab629b31daa 100644 --- a/2017/14xxx/CVE-2017-14282.json +++ b/2017/14xxx/CVE-2017-14282.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14282", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a \"Read Access Violation starting at jbig2dec+0x0000000000005862.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14282", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a \"Read Access Violation starting at jbig2dec+0x0000000000005862.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14282", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14282" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14927.json b/2017/14xxx/CVE-2017-14927.json index fea162e29a2..c9032c62203 100644 --- a/2017/14xxx/CVE-2017-14927.json +++ b/2017/14xxx/CVE-2017-14927.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=102604", - "refsource" : "CONFIRM", - "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=102604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=102604", + "refsource": "CONFIRM", + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=102604" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15518.json b/2017/15xxx/CVE-2017-15518.json index 1bd0a632715..b8e31fc4bad 100644 --- a/2017/15xxx/CVE-2017-15518.json +++ b/2017/15xxx/CVE-2017-15518.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@netapp.com", - "DATE_PUBLIC" : "2018-02-23T00:00:00", - "ID" : "CVE-2017-15518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OnCommand API Services and NetApp Service Level Manager", - "version" : { - "version_data" : [ - { - "version_value" : "Versions prior to 2.1 and 1.0RC4" - } - ] - } - } - ] - }, - "vendor_name" : "NetApp " - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is required." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE 311" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@netapp.com", + "DATE_PUBLIC": "2018-02-23T00:00:00", + "ID": "CVE-2017-15518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OnCommand API Services and NetApp Service Level Manager", + "version": { + "version_data": [ + { + "version_value": "Versions prior to 2.1 and 1.0RC4" + } + ] + } + } + ] + }, + "vendor_name": "NetApp " + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security.netapp.com/advisory/NTAP-20180223-0001/", - "refsource" : "MISC", - "url" : "https://security.netapp.com/advisory/NTAP-20180223-0001/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is required." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE 311" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/NTAP-20180223-0001/", + "refsource": "MISC", + "url": "https://security.netapp.com/advisory/NTAP-20180223-0001/" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15606.json b/2017/15xxx/CVE-2017-15606.json index 20ef2e2402b..db0bdbae5cb 100644 --- a/2017/15xxx/CVE-2017-15606.json +++ b/2017/15xxx/CVE-2017-15606.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15606", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15606", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17605.json b/2017/17xxx/CVE-2017-17605.json index 38ad5e0ef00..f3352490b15 100644 --- a/2017/17xxx/CVE-2017-17605.json +++ b/2017/17xxx/CVE-2017-17605.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43274", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43274/" - }, - { - "name" : "https://packetstormsecurity.com/files/145310/Consumer-Complaints-Clone-Script-1.0-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/145310/Consumer-Complaints-Clone-Script-1.0-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/145310/Consumer-Complaints-Clone-Script-1.0-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/145310/Consumer-Complaints-Clone-Script-1.0-SQL-Injection.html" + }, + { + "name": "43274", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43274/" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17750.json b/2017/17xxx/CVE-2017-17750.json index 407a1a4080e..a8ed0dd53be 100644 --- a/2017/17xxx/CVE-2017-17750.json +++ b/2017/17xxx/CVE-2017-17750.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17750", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bose SoundTouch devices allow XSS via a crafted public playlist from Spotify." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17750", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aryanitin.com/2017-12-20-CVE-2017-17750/", - "refsource" : "MISC", - "url" : "http://aryanitin.com/2017-12-20-CVE-2017-17750/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bose SoundTouch devices allow XSS via a crafted public playlist from Spotify." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aryanitin.com/2017-12-20-CVE-2017-17750/", + "refsource": "MISC", + "url": "http://aryanitin.com/2017-12-20-CVE-2017-17750/" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17921.json b/2017/17xxx/CVE-2017-17921.json index 7de9b63fc28..e6726ac8013 100644 --- a/2017/17xxx/CVE-2017-17921.json +++ b/2017/17xxx/CVE-2017-17921.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17921", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17921", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9285.json b/2017/9xxx/CVE-2017-9285.json index 3350860e535..3bc3db9ad2d 100644 --- a/2017/9xxx/CVE-2017-9285.json +++ b/2017/9xxx/CVE-2017-9285.json @@ -1,105 +1,105 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@suse.com", - "DATE_PUBLIC" : "2017-10-02T00:00:00.000Z", - "ID" : "CVE-2017-9285", - "STATE" : "PUBLIC", - "TITLE" : "Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2017-10-02T00:00:00.000Z", + "ID": "CVE-2017-9285", + "STATE": "PUBLIC", + "TITLE": "Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "eDirectory", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "9.0 SP4" + } + ] + } + } + ] + }, + "vendor_name": "NetIQ" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "eDirectory", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "9.0 SP4" - } - ] - } - } - ] - }, - "vendor_name" : "NetIQ" + "lang": "eng", + "value": "NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when \"ebaclient\" was used, allowing unpermitted access to eDirectory services." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when \"ebaclient\" was used, allowing unpermitted access to eDirectory services." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 5.4, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "LOW", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Lack of access checks" - } - ] - }, - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-284" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1029077", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1029077" - }, - { - "name" : "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html", - "refsource" : "CONFIRM", - "url" : "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html" - }, - { - "name" : "https://www.novell.com/support/kb/doc.php?id=7016794", - "refsource" : "CONFIRM", - "url" : "https://www.novell.com/support/kb/doc.php?id=7016794" - } - ] - }, - "source" : { - "defect" : [ - "1029077" - ], - "discovery" : "INTERNAL" - } -} + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Lack of access checks" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.novell.com/support/kb/doc.php?id=7016794", + "refsource": "CONFIRM", + "url": "https://www.novell.com/support/kb/doc.php?id=7016794" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1029077", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1029077" + }, + { + "name": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html", + "refsource": "CONFIRM", + "url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html" + } + ] + }, + "source": { + "defect": [ + "1029077" + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9561.json b/2017/9xxx/CVE-2017-9561.json index c0e41cfb566..e1bb56e455a 100644 --- a/2017/9xxx/CVE-2017-9561.json +++ b/2017/9xxx/CVE-2017-9561.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Lee Bank & Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Lee Bank & Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9827.json b/2017/9xxx/CVE-2017-9827.json index c355fa4c5c1..dbf405262b7 100644 --- a/2017/9xxx/CVE-2017-9827.json +++ b/2017/9xxx/CVE-2017-9827.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9827", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9827", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0262.json b/2018/0xxx/CVE-2018-0262.json index 1ba84acbc87..1036f26c65f 100644 --- a/2018/0xxx/CVE-2018-0262.json +++ b/2018/0xxx/CVE-2018-0262.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Meeting Server", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Meeting Server" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files as well as sensitive meeting information on an affected system. Additionally, if the Traversal Using Relay NAT (TURN) service is enabled and utilizing Transport Layer Security (TLS) connections, an attacker could utilize TURN credentials to forward traffic to device daemons, allowing for remote exploitation. This vulnerability affects Cisco Meeting Server (CMS) Acano X-series platforms that are running a CMS Software release prior to 2.2.11. Cisco Bug IDs: CSCvg76469." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-16" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Meeting Server", + "version": { + "version_data": [ + { + "version_value": "Cisco Meeting Server" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-cms-cx", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-cms-cx" - }, - { - "name" : "104079", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104079" - }, - { - "name" : "1040819", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files as well as sensitive meeting information on an affected system. Additionally, if the Traversal Using Relay NAT (TURN) service is enabled and utilizing Transport Layer Security (TLS) connections, an attacker could utilize TURN credentials to forward traffic to device daemons, allowing for remote exploitation. This vulnerability affects Cisco Meeting Server (CMS) Acano X-series platforms that are running a CMS Software release prior to 2.2.11. Cisco Bug IDs: CSCvg76469." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-16" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040819", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040819" + }, + { + "name": "104079", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104079" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-cms-cx", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-cms-cx" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0404.json b/2018/0xxx/CVE-2018-0404.json index a53d23b4633..70cf3e5087b 100644 --- a/2018/0xxx/CVE-2018-0404.json +++ b/2018/0xxx/CVE-2018-0404.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-10-03T16:00:00-0500", - "ID" : "CVE-2018-0404", - "STATE" : "PUBLIC", - "TITLE" : "Cisco RV180W Wireless-N Multifunction VPN Router SQL Injection Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco RV180W Wireless-N Multifunction VPN Router", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "7.5", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-89" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-10-03T16:00:00-0500", + "ID": "CVE-2018-0404", + "STATE": "PUBLIC", + "TITLE": "Cisco RV180W Wireless-N Multifunction VPN Router SQL Injection Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco RV180W Wireless-N Multifunction VPN Router", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179", - "refsource" : "CONFIRM", - "url" : "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179" - } - ] - }, - "source" : { - "advisory" : "CSCvk27179", - "defect" : [ - [ - "CSCvk27179" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179", + "refsource": "CONFIRM", + "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179" + } + ] + }, + "source": { + "advisory": "CSCvk27179", + "defect": [ + [ + "CSCvk27179" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0778.json b/2018/0xxx/CVE-2018-0778.json index 44028b1caad..1fd9ed81534 100644 --- a/2018/0xxx/CVE-2018-0778.json +++ b/2018/0xxx/CVE-2018-0778.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-01-03T00:00:00", - "ID" : "CVE-2018-0778", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 1709" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, and CVE-2018-0781." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-01-03T00:00:00", + "ID": "CVE-2018-0778", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 1709" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0778", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0778" - }, - { - "name" : "102403", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102403" - }, - { - "name" : "1040100", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040100" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, and CVE-2018-0781." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040100", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040100" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0778", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0778" + }, + { + "name": "102403", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102403" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0881.json b/2018/0xxx/CVE-2018-0881.json index 52a2687790a..dd27f34b59b 100644 --- a/2018/0xxx/CVE-2018-0881.json +++ b/2018/0xxx/CVE-2018-0881.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-03-14T00:00:00", - "ID" : "CVE-2018-0881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Video Control in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege due to how objects are handled in memory, aka \"Microsoft Video Control Elevation of Privilege Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-03-14T00:00:00", + "ID": "CVE-2018-0881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0881", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0881" - }, - { - "name" : "103256", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103256" - }, - { - "name" : "1040520", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Video Control in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege due to how objects are handled in memory, aka \"Microsoft Video Control Elevation of Privilege Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0881", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0881" + }, + { + "name": "103256", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103256" + }, + { + "name": "1040520", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040520" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0987.json b/2018/0xxx/CVE-2018-0987.json index f92517940ea..1a8e2fd3125 100644 --- a/2018/0xxx/CVE-2018-0987.json +++ b/2018/0xxx/CVE-2018-0987.json @@ -1,146 +1,146 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-0987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer 9", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value" : "Windows Server 2008 for x64-based Systems Service Pack 2" - } - ] - } - }, - { - "product_name" : "Internet Explorer 11", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1511 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1511 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "Windows 8.1 for x64-based systems" - }, - { - "version_value" : "Windows RT 8.1" - }, - { - "version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows Server 2012 R2" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "Internet Explorer 10", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2012" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer, aka \"Scripting Engine Information Disclosure Vulnerability.\" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0989, CVE-2018-1000." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-0987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 9", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1511 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1511 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "Internet Explorer 10", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2012" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0987", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0987" - }, - { - "name" : "103623", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103623" - }, - { - "name" : "1040653", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040653" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer, aka \"Scripting Engine Information Disclosure Vulnerability.\" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0989, CVE-2018-1000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103623", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103623" + }, + { + "name": "1040653", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040653" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0987", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0987" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000086.json b/2018/1000xxx/CVE-2018-1000086.json index 87da9a658c8..340ee8e9106 100644 --- a/2018/1000xxx/CVE-2018-1000086.json +++ b/2018/1000xxx/CVE-2018-1000086.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2/20/2018 9:05:59", - "ID" : "CVE-2018-1000086", - "REQUESTER" : "jelosua@npr.org", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Pym.js", - "version" : { - "version_data" : [ - { - "version_value" : "versions 0.4.2 up to 1.3.1" - } - ] - } - } - ] - }, - "vendor_name" : "NPR Visuals Team" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery (CSRF) vulnerability in Pym.js _onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.js#L573 that can result in Arbitrary javascript code execution. This attack appear to be exploitable via Attacker gains full javascript access to pages with Pym.js embeds when user visits an attacker crafted page.. This vulnerability appears to have been fixed in versions 1.3.2 and later." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross ite Request Forgery (CSRF)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2/20/2018 9:05:59", + "ID": "CVE-2018-1000086", + "REQUESTER": "jelosua@npr.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.apps.npr.org/2018/02/15/pym-security-vulnerability.html", - "refsource" : "MISC", - "url" : "http://blog.apps.npr.org/2018/02/15/pym-security-vulnerability.html" - }, - { - "name" : "https://github.com/nprapps/pym.js", - "refsource" : "MISC", - "url" : "https://github.com/nprapps/pym.js" - }, - { - "name" : "https://github.com/nprapps/pym.js/issues/170", - "refsource" : "MISC", - "url" : "https://github.com/nprapps/pym.js/issues/170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery (CSRF) vulnerability in Pym.js _onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.js#L573 that can result in Arbitrary javascript code execution. This attack appear to be exploitable via Attacker gains full javascript access to pages with Pym.js embeds when user visits an attacker crafted page.. This vulnerability appears to have been fixed in versions 1.3.2 and later." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.apps.npr.org/2018/02/15/pym-security-vulnerability.html", + "refsource": "MISC", + "url": "http://blog.apps.npr.org/2018/02/15/pym-security-vulnerability.html" + }, + { + "name": "https://github.com/nprapps/pym.js/issues/170", + "refsource": "MISC", + "url": "https://github.com/nprapps/pym.js/issues/170" + }, + { + "name": "https://github.com/nprapps/pym.js", + "refsource": "MISC", + "url": "https://github.com/nprapps/pym.js" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000540.json b/2018/1000xxx/CVE-2018-1000540.json index 723671b9e44..47fc3656c8e 100644 --- a/2018/1000xxx/CVE-2018-1000540.json +++ b/2018/1000xxx/CVE-2018-1000540.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-06-23T11:22:33.056421", - "DATE_REQUESTED" : "2018-04-26T06:25:34", - "ID" : "CVE-2018-1000540", - "REQUESTER" : "sajeeb@0dd.zone", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LoboEvolution", - "version" : { - "version_data" : [ - { - "version_value" : "< 9b75694cedfa4825d4a2330abf2719d470c654cd" - } - ] - } - } - ] - }, - "vendor_name" : "LoboEvolution" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted XML file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XML External Entity (XXE)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-06-23T11:22:33.056421", + "DATE_REQUESTED": "2018-04-26T06:25:34", + "ID": "CVE-2018-1000540", + "REQUESTER": "sajeeb@0dd.zone", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/oswetto/LoboEvolution/issues/38", - "refsource" : "MISC", - "url" : "https://github.com/oswetto/LoboEvolution/issues/38" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted XML file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/oswetto/LoboEvolution/issues/38", + "refsource": "MISC", + "url": "https://github.com/oswetto/LoboEvolution/issues/38" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16732.json b/2018/16xxx/CVE-2018-16732.json index e7772a56512..0111729e16e 100644 --- a/2018/16xxx/CVE-2018-16732.json +++ b/2018/16xxx/CVE-2018-16732.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "\\upload\\plugins\\sys\\admin\\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/CScms/blob/master/CScms_csrf.md", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/CScms/blob/master/CScms_csrf.md" - }, - { - "name" : "https://www.patec.cn/newsshow.php?cid=24&id=123", - "refsource" : "MISC", - "url" : "https://www.patec.cn/newsshow.php?cid=24&id=123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "\\upload\\plugins\\sys\\admin\\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.patec.cn/newsshow.php?cid=24&id=123", + "refsource": "MISC", + "url": "https://www.patec.cn/newsshow.php?cid=24&id=123" + }, + { + "name": "https://github.com/AvaterXXX/CScms/blob/master/CScms_csrf.md", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/CScms/blob/master/CScms_csrf.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19025.json b/2018/19xxx/CVE-2018-19025.json index c685c5232c1..e7834f83c87 100644 --- a/2018/19xxx/CVE-2018-19025.json +++ b/2018/19xxx/CVE-2018-19025.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19025", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19025", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19079.json b/2018/19xxx/CVE-2018-19079.json index 43e5b080271..aff610b45fc 100644 --- a/2018/19xxx/CVE-2018-19079.json +++ b/2018/19xxx/CVE-2018-19079.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SystemReboot method allows unauthenticated reboot." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt", - "refsource" : "MISC", - "url" : "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SystemReboot method allows unauthenticated reboot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt", + "refsource": "MISC", + "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19698.json b/2018/19xxx/CVE-2018-19698.json index bace57596a4..55d70185ada 100644 --- a/2018/19xxx/CVE-2018-19698.json +++ b/2018/19xxx/CVE-2018-19698.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-19698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-19698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" - }, - { - "name" : "106164", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106164", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106164" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19703.json b/2018/19xxx/CVE-2018-19703.json index 7b1ef71799c..4a6a64ca034 100644 --- a/2018/19xxx/CVE-2018-19703.json +++ b/2018/19xxx/CVE-2018-19703.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-19703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-19703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" - }, - { - "name" : "106162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106162" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19710.json b/2018/19xxx/CVE-2018-19710.json index d858310ab81..24822d10c7a 100644 --- a/2018/19xxx/CVE-2018-19710.json +++ b/2018/19xxx/CVE-2018-19710.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-19710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-19710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" - }, - { - "name" : "106162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106162" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4378.json b/2018/4xxx/CVE-2018-4378.json index df5c3aca2b1..2a149951b3b 100644 --- a/2018/4xxx/CVE-2018-4378.json +++ b/2018/4xxx/CVE-2018-4378.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4378", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4378", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4475.json b/2018/4xxx/CVE-2018-4475.json index e7e9923ece8..a577723346f 100644 --- a/2018/4xxx/CVE-2018-4475.json +++ b/2018/4xxx/CVE-2018-4475.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4475", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4475", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4535.json b/2018/4xxx/CVE-2018-4535.json index ec92fab2362..782143ec3b5 100644 --- a/2018/4xxx/CVE-2018-4535.json +++ b/2018/4xxx/CVE-2018-4535.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4535", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4535", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4687.json b/2018/4xxx/CVE-2018-4687.json index fe5776ee046..1e09bb320a0 100644 --- a/2018/4xxx/CVE-2018-4687.json +++ b/2018/4xxx/CVE-2018-4687.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4687", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4687", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4819.json b/2018/4xxx/CVE-2018-4819.json index 5e312688731..930b8023ecb 100644 --- a/2018/4xxx/CVE-2018-4819.json +++ b/2018/4xxx/CVE-2018-4819.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4819", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4819", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file