From 68acbebfd7d711562569206411e22988acb30fc4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:16:59 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2008/0xxx/CVE-2008-0130.json | 140 +++---- 2008/0xxx/CVE-2008-0770.json | 130 +++---- 2008/1xxx/CVE-2008-1349.json | 180 ++++----- 2008/1xxx/CVE-2008-1713.json | 150 ++++---- 2008/1xxx/CVE-2008-1780.json | 170 ++++---- 2008/3xxx/CVE-2008-3058.json | 170 ++++---- 2008/3xxx/CVE-2008-3104.json | 600 ++++++++++++++--------------- 2008/3xxx/CVE-2008-3250.json | 170 ++++---- 2008/3xxx/CVE-2008-3618.json | 180 ++++----- 2008/4xxx/CVE-2008-4111.json | 210 +++++----- 2008/4xxx/CVE-2008-4316.json | 420 ++++++++++---------- 2008/4xxx/CVE-2008-4319.json | 150 ++++---- 2008/4xxx/CVE-2008-4521.json | 150 ++++---- 2008/4xxx/CVE-2008-4830.json | 170 ++++---- 2008/7xxx/CVE-2008-7174.json | 150 ++++---- 2013/2xxx/CVE-2013-2178.json | 170 ++++---- 2013/2xxx/CVE-2013-2276.json | 120 +++--- 2013/3xxx/CVE-2013-3435.json | 140 +++---- 2013/3xxx/CVE-2013-3745.json | 130 +++---- 2013/3xxx/CVE-2013-3901.json | 34 +- 2013/6xxx/CVE-2013-6130.json | 34 +- 2013/6xxx/CVE-2013-6162.json | 130 +++---- 2013/6xxx/CVE-2013-6435.json | 240 ++++++------ 2013/6xxx/CVE-2013-6591.json | 34 +- 2013/6xxx/CVE-2013-6939.json | 120 +++--- 2013/7xxx/CVE-2013-7110.json | 140 +++---- 2013/7xxx/CVE-2013-7277.json | 190 ++++----- 2017/10xxx/CVE-2017-10069.json | 142 +++---- 2017/10xxx/CVE-2017-10144.json | 140 +++---- 2017/10xxx/CVE-2017-10913.json | 170 ++++---- 2017/14xxx/CVE-2017-14072.json | 34 +- 2017/14xxx/CVE-2017-14501.json | 160 ++++---- 2017/14xxx/CVE-2017-14747.json | 34 +- 2017/17xxx/CVE-2017-17350.json | 34 +- 2017/17xxx/CVE-2017-17383.json | 140 +++---- 2017/17xxx/CVE-2017-17499.json | 170 ++++---- 2017/17xxx/CVE-2017-17577.json | 130 +++---- 2017/9xxx/CVE-2017-9428.json | 120 +++--- 2017/9xxx/CVE-2017-9590.json | 120 +++--- 2017/9xxx/CVE-2017-9762.json | 130 +++---- 2018/0xxx/CVE-2018-0155.json | 150 ++++---- 2018/0xxx/CVE-2018-0269.json | 130 +++---- 2018/0xxx/CVE-2018-0820.json | 140 +++---- 2018/0xxx/CVE-2018-0862.json | 132 +++---- 2018/1000xxx/CVE-2018-1000226.json | 136 +++---- 2018/19xxx/CVE-2018-19016.json | 34 +- 2018/19xxx/CVE-2018-19120.json | 130 +++---- 2018/19xxx/CVE-2018-19158.json | 58 ++- 2018/19xxx/CVE-2018-19480.json | 34 +- 2018/1xxx/CVE-2018-1286.json | 122 +++--- 2018/1xxx/CVE-2018-1527.json | 34 +- 2018/1xxx/CVE-2018-1686.json | 226 +++++------ 2018/4xxx/CVE-2018-4000.json | 122 +++--- 2018/4xxx/CVE-2018-4129.json | 200 +++++----- 2018/4xxx/CVE-2018-4569.json | 34 +- 55 files changed, 3941 insertions(+), 3887 deletions(-) diff --git a/2008/0xxx/CVE-2008-0130.json b/2008/0xxx/CVE-2008-0130.json index 0cbcc1a0276..441a9b7a47b 100644 --- a/2008/0xxx/CVE-2008-0130.json +++ b/2008/0xxx/CVE-2008-0130.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Username parameter, a different vulnerability than CVE-2007-6671. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39766", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39766" - }, - { - "name" : "28283", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28283" - }, - { - "name" : "dating-site-loginform-sql-injection(39326)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39326" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Username parameter, a different vulnerability than CVE-2007-6671. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39766", + "refsource": "OSVDB", + "url": "http://osvdb.org/39766" + }, + { + "name": "dating-site-loginform-sql-injection(39326)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39326" + }, + { + "name": "28283", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28283" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0770.json b/2008/0xxx/CVE-2008-0770.json index 89fb28ce6b2..32146ab4e5a 100644 --- a/2008/0xxx/CVE-2008-0770.json +++ b/2008/0xxx/CVE-2008-0770.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in arcade.php in ibProArcade 3.3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the g_display_order cookie parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5018", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5018" - }, - { - "name" : "ADV-2008-0366", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0366" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in arcade.php in ibProArcade 3.3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the g_display_order cookie parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5018", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5018" + }, + { + "name": "ADV-2008-0366", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0366" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1349.json b/2008/1xxx/CVE-2008-1349.json index 024b69a61e4..e3355c90768 100644 --- a/2008/1xxx/CVE-2008-1349.json +++ b/2008/1xxx/CVE-2008-1349.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in viewcat.php in the bamaGalerie (Bama Galerie) 3.03 and 3.041 module for eXV2 2.0.6 allows remote attackers to execute arbitrary SQL commands via the cid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5244", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5244" - }, - { - "name" : "5340", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5340" - }, - { - "name" : "http://packetstormsecurity.org/0804-exploits/runcms11a-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0804-exploits/runcms11a-sql.txt" - }, - { - "name" : "28229", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28229" - }, - { - "name" : "29359", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29359" - }, - { - "name" : "29362", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29362" - }, - { - "name" : "bamagalerie-viewcat-sql-injection(41188)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in viewcat.php in the bamaGalerie (Bama Galerie) 3.03 and 3.041 module for eXV2 2.0.6 allows remote attackers to execute arbitrary SQL commands via the cid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28229", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28229" + }, + { + "name": "29359", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29359" + }, + { + "name": "bamagalerie-viewcat-sql-injection(41188)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41188" + }, + { + "name": "5244", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5244" + }, + { + "name": "http://packetstormsecurity.org/0804-exploits/runcms11a-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0804-exploits/runcms11a-sql.txt" + }, + { + "name": "5340", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5340" + }, + { + "name": "29362", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29362" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1713.json b/2008/1xxx/CVE-2008-1713.json index e5abb920dfd..744a8184d5d 100644 --- a/2008/1xxx/CVE-2008-1713.json +++ b/2008/1xxx/CVE-2008-1713.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1713", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MailServer.exe in NoticeWare Email Server 4.6.1.0 allows remote attackers to cause a denial of service (application crash) via a long string to IMAP port (143/tcp)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5341", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5341" - }, - { - "name" : "28559", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28559" - }, - { - "name" : "29629", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29629" - }, - { - "name" : "emailserverng-mailserver-dos(41581)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41581" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MailServer.exe in NoticeWare Email Server 4.6.1.0 allows remote attackers to cause a denial of service (application crash) via a long string to IMAP port (143/tcp)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29629", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29629" + }, + { + "name": "28559", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28559" + }, + { + "name": "5341", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5341" + }, + { + "name": "emailserverng-mailserver-dos(41581)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41581" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1780.json b/2008/1xxx/CVE-2008-1780.json index bfbabee4d0d..9087aea94c6 100644 --- a/2008/1xxx/CVE-2008-1780.json +++ b/2008/1xxx/CVE-2008-1780.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "235421", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-235421-1" - }, - { - "name" : "28734", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28734" - }, - { - "name" : "ADV-2008-1194", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1194/references" - }, - { - "name" : "1019832", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019832" - }, - { - "name" : "29730", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29730" - }, - { - "name" : "sun-solaris-extensions-security-bypass(41764)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41764" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28734", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28734" + }, + { + "name": "ADV-2008-1194", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1194/references" + }, + { + "name": "235421", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-235421-1" + }, + { + "name": "sun-solaris-extensions-security-bypass(41764)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41764" + }, + { + "name": "1019832", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019832" + }, + { + "name": "29730", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29730" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3058.json b/2008/3xxx/CVE-2008-3058.json index 5a8c8e8aaaa..fe14ec52d4d 100644 --- a/2008/3xxx/CVE-2008-3058.json +++ b/2008/3xxx/CVE-2008-3058.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Octeth Oempro 3.5.5.1, and possibly other versions before 4, allow remote attackers to execute arbitrary SQL commands via the FormValue_Email parameter (aka Email field) to index.php in (1) member/, (2) client/, or (3) admin/; or (4) the FormValue_SearchKeywords parameter to client/campaign_track.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://octeth.com/blog/category/oempro4/", - "refsource" : "MISC", - "url" : "http://octeth.com/blog/category/oempro4/" - }, - { - "name" : "http://osvdb.org/ref/50/oempro.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/50/oempro.txt" - }, - { - "name" : "32784", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32784" - }, - { - "name" : "50322", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/50322" - }, - { - "name" : "50323", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/50323" - }, - { - "name" : "oempro-index-sql-injection(47112)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47112" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Octeth Oempro 3.5.5.1, and possibly other versions before 4, allow remote attackers to execute arbitrary SQL commands via the FormValue_Email parameter (aka Email field) to index.php in (1) member/, (2) client/, or (3) admin/; or (4) the FormValue_SearchKeywords parameter to client/campaign_track.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50323", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/50323" + }, + { + "name": "http://osvdb.org/ref/50/oempro.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/50/oempro.txt" + }, + { + "name": "50322", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/50322" + }, + { + "name": "oempro-index-sql-injection(47112)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47112" + }, + { + "name": "http://octeth.com/blog/category/oempro4/", + "refsource": "MISC", + "url": "http://octeth.com/blog/category/oempro4/" + }, + { + "name": "32784", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32784" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3104.json b/2008/3xxx/CVE-2008-3104.json index aafe3282a5c..7dc8cfa05d2 100644 --- a/2008/3xxx/CVE-2008-3104.json +++ b/2008/3xxx/CVE-2008-3104.json @@ -1,302 +1,302 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=122331139823057&w=2" - }, - { - "name" : "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497041/100/0/threaded" - }, - { - "name" : "http://support.apple.com/kb/HT3178", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3178" - }, - { - "name" : "http://support.apple.com/kb/HT3179", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3179" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm" - }, - { - "name" : "APPLE-SA-2008-09-24", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "RHSA-2008:0594", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0594.html" - }, - { - "name" : "RHSA-2008:0595", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0595.html" - }, - { - "name" : "RHSA-2008:0790", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0790.html" - }, - { - "name" : "RHSA-2008:0955", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-0955.html" - }, - { - "name" : "RHSA-2008:1043", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-1043.html" - }, - { - "name" : "RHSA-2008:1044", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-1044.html" - }, - { - "name" : "RHSA-2008:1045", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-1045.html" - }, - { - "name" : "RHSA-2008:0906", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0906.html" - }, - { - "name" : "238968", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1" - }, - { - "name" : "SUSE-SA:2008:042", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" - }, - { - "name" : "SUSE-SA:2008:043", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" - }, - { - "name" : "SUSE-SA:2008:045", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" - }, - { - "name" : "SUSE-SR:2008:028", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" - }, - { - "name" : "SUSE-SR:2009:010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" - }, - { - "name" : "TA08-193A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" - }, - { - "name" : "30140", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30140" - }, - { - "name" : "oval:org.mitre.oval:def:9565", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9565" - }, - { - "name" : "35065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35065" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - }, - { - "name" : "31736", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31736" - }, - { - "name" : "ADV-2008-2056", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2056/references" - }, - { - "name" : "ADV-2008-2740", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2740" - }, - { - "name" : "1020459", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020459" - }, - { - "name" : "31010", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31010" - }, - { - "name" : "31055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31055" - }, - { - "name" : "31269", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31269" - }, - { - "name" : "31320", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31320" - }, - { - "name" : "31497", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31497" - }, - { - "name" : "31600", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31600" - }, - { - "name" : "32018", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32018" - }, - { - "name" : "32180", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32180" - }, - { - "name" : "32179", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32179" - }, - { - "name" : "32436", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32436" - }, - { - "name" : "32826", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32826" - }, - { - "name" : "33236", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33236" - }, - { - "name" : "33237", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33237" - }, - { - "name" : "33238", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33238" - }, - { - "name" : "33194", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33194" - }, - { - "name" : "sun-jre-unspecified-security-bypass(43662)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43662" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sun-jre-unspecified-security-bypass(43662)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43662" + }, + { + "name": "RHSA-2008:1044", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-1044.html" + }, + { + "name": "APPLE-SA-2008-09-24", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" + }, + { + "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=122331139823057&w=2" + }, + { + "name": "32436", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32436" + }, + { + "name": "32826", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32826" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm" + }, + { + "name": "31600", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31600" + }, + { + "name": "1020459", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020459" + }, + { + "name": "SUSE-SA:2008:042", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" + }, + { + "name": "32018", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32018" + }, + { + "name": "RHSA-2008:1043", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-1043.html" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "32179", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32179" + }, + { + "name": "238968", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1" + }, + { + "name": "33194", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33194" + }, + { + "name": "ADV-2008-2740", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2740" + }, + { + "name": "31320", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31320" + }, + { + "name": "SUSE-SA:2008:043", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" + }, + { + "name": "33237", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33237" + }, + { + "name": "ADV-2008-2056", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2056/references" + }, + { + "name": "31055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31055" + }, + { + "name": "32180", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32180" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" + }, + { + "name": "31736", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31736" + }, + { + "name": "35065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35065" + }, + { + "name": "30140", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30140" + }, + { + "name": "33236", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33236" + }, + { + "name": "http://support.apple.com/kb/HT3178", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3178" + }, + { + "name": "RHSA-2008:0594", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" + }, + { + "name": "31269", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31269" + }, + { + "name": "31497", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31497" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm" + }, + { + "name": "RHSA-2008:1045", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-1045.html" + }, + { + "name": "SUSE-SR:2009:010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" + }, + { + "name": "RHSA-2008:0955", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-0955.html" + }, + { + "name": "33238", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33238" + }, + { + "name": "SUSE-SR:2008:028", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" + }, + { + "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" + }, + { + "name": "SUSE-SA:2008:045", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" + }, + { + "name": "RHSA-2008:0790", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" + }, + { + "name": "RHSA-2008:0906", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" + }, + { + "name": "TA08-193A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + }, + { + "name": "http://support.apple.com/kb/HT3179", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3179" + }, + { + "name": "RHSA-2008:0595", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" + }, + { + "name": "oval:org.mitre.oval:def:9565", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9565" + }, + { + "name": "31010", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31010" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3250.json b/2008/3xxx/CVE-2008-3250.json index 4402c147383..2fb22b97a2c 100644 --- a/2008/3xxx/CVE-2008-3250.json +++ b/2008/3xxx/CVE-2008-3250.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 allows remote attackers to execute arbitrary SQL commands via the filter parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6097", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6097" - }, - { - "name" : "6113", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6113" - }, - { - "name" : "30277", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30277" - }, - { - "name" : "31139", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31139" - }, - { - "name" : "4017", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4017" - }, - { - "name" : "arctic-index-sql-injection(43872)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43872" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 allows remote attackers to execute arbitrary SQL commands via the filter parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4017", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4017" + }, + { + "name": "arctic-index-sql-injection(43872)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43872" + }, + { + "name": "31139", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31139" + }, + { + "name": "30277", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30277" + }, + { + "name": "6113", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6113" + }, + { + "name": "6097", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6097" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3618.json b/2008/3xxx/CVE-2008-3618.json index b7403c442cd..03f6007a08a 100644 --- a/2008/3xxx/CVE-2008-3618.json +++ b/2008/3xxx/CVE-2008-3618.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The File Sharing pane in the Sharing preference pane in Apple Mac OS X 10.5 through 10.5.4 does not inform users that the complete contents of their own home directories are shared for their own use, which might allow attackers to leverage other vulnerabilities and access files for which sharing was unintended." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2008-09-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" - }, - { - "name" : "TA08-260A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" - }, - { - "name" : "VU#126787", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/126787" - }, - { - "name" : "31189", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31189" - }, - { - "name" : "ADV-2008-2584", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2584" - }, - { - "name" : "1020883", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020883" - }, - { - "name" : "macos-filesharing-weak-security(45175)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45175" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The File Sharing pane in the Sharing preference pane in Apple Mac OS X 10.5 through 10.5.4 does not inform users that the complete contents of their own home directories are shared for their own use, which might allow attackers to leverage other vulnerabilities and access files for which sharing was unintended." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31189", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31189" + }, + { + "name": "VU#126787", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/126787" + }, + { + "name": "APPLE-SA-2008-09-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" + }, + { + "name": "TA08-260A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" + }, + { + "name": "ADV-2008-2584", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2584" + }, + { + "name": "1020883", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020883" + }, + { + "name": "macos-filesharing-weak-security(45175)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45175" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4111.json b/2008/4xxx/CVE-2008-4111.json index 06fa3ed76c1..d07b565bb85 100644 --- a/2008/4xxx/CVE-2008-4111.json +++ b/2008/4xxx/CVE-2008-4111.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when the FileServing feature is enabled, has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007951", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007951" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27006876", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27006876" - }, - { - "name" : "PK64302", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK64302" - }, - { - "name" : "31186", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31186" - }, - { - "name" : "31839", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31839" - }, - { - "name" : "ADV-2008-2566", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2566" - }, - { - "name" : "ADV-2008-2871", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2871" - }, - { - "name" : "31892", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31892" - }, - { - "name" : "32296", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32296" - }, - { - "name" : "websphere-servletengine-unspecified(45122)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when the FileServing feature is enabled, has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27007951", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007951" + }, + { + "name": "ADV-2008-2566", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2566" + }, + { + "name": "websphere-servletengine-unspecified(45122)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45122" + }, + { + "name": "ADV-2008-2871", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2871" + }, + { + "name": "PK64302", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK64302" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27006876", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27006876" + }, + { + "name": "31186", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31186" + }, + { + "name": "32296", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32296" + }, + { + "name": "31839", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31839" + }, + { + "name": "31892", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31892" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4316.json b/2008/4xxx/CVE-2008-4316.json index 439711a62c7..4773efe74fb 100644 --- a/2008/4xxx/CVE-2008-4316.json +++ b/2008/4xxx/CVE-2008-4316.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-4316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501712/100/0/threaded" - }, - { - "name" : "20090312 rPSA-2009-0045-1 glib", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501766/100/0/threaded" - }, - { - "name" : "[oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2009/03/12/2" - }, - { - "name" : "[oss-security] 20090317 Re: [oCERT-2008-015] glib and glib-predecessor heap overflows", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/03/16/2" - }, - { - "name" : "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" - }, - { - "name" : "http://ocert.org/patches/2008-015/glib-CVE-2008-4316.diff", - "refsource" : "MISC", - "url" : "http://ocert.org/patches/2008-015/glib-CVE-2008-4316.diff" - }, - { - "name" : "http://www.ocert.org/advisories/ocert-2008-015.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2008-015.html" - }, - { - "name" : "http://svn.gnome.org/viewvc/glib?view=revision&revision=7973", - "refsource" : "CONFIRM", - "url" : "http://svn.gnome.org/viewvc/glib?view=revision&revision=7973" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0045", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0045" - }, - { - "name" : "DSA-1747", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1747" - }, - { - "name" : "FEDORA-2009-2688", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01113.html" - }, - { - "name" : "FEDORA-2009-2657", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-package-announce/2009-April/msg00744.html" - }, - { - "name" : "MDVSA-2009:080", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:080" - }, - { - "name" : "RHSA-2009:0336", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0336.html" - }, - { - "name" : "SUSE-SA:2009:026", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00014.html" - }, - { - "name" : "USN-738-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-738-1" - }, - { - "name" : "34100", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34100" - }, - { - "name" : "oval:org.mitre.oval:def:11401", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11401" - }, - { - "name" : "oval:org.mitre.oval:def:8360", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8360" - }, - { - "name" : "1021884", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021884" - }, - { - "name" : "34267", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34267" - }, - { - "name" : "34317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34317" - }, - { - "name" : "34404", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34404" - }, - { - "name" : "34416", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34416" - }, - { - "name" : "34560", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34560" - }, - { - "name" : "34854", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34854" - }, - { - "name" : "34890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34890" - }, - { - "name" : "38794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38794" - }, - { - "name" : "38833", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38833" - }, - { - "name" : "ADV-2010-0528", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0528" - }, - { - "name" : "glib-gbase64-bo(49272)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49272" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ocert.org/patches/2008-015/glib-CVE-2008-4316.diff", + "refsource": "MISC", + "url": "http://ocert.org/patches/2008-015/glib-CVE-2008-4316.diff" + }, + { + "name": "20090312 rPSA-2009-0045-1 glib", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501766/100/0/threaded" + }, + { + "name": "USN-738-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-738-1" + }, + { + "name": "34560", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34560" + }, + { + "name": "[oss-security] 20090317 Re: [oCERT-2008-015] glib and glib-predecessor heap overflows", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/03/16/2" + }, + { + "name": "38794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38794" + }, + { + "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" + }, + { + "name": "MDVSA-2009:080", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:080" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0045", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0045" + }, + { + "name": "oval:org.mitre.oval:def:11401", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11401" + }, + { + "name": "FEDORA-2009-2688", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01113.html" + }, + { + "name": "[oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2009/03/12/2" + }, + { + "name": "34100", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34100" + }, + { + "name": "34854", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34854" + }, + { + "name": "20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501712/100/0/threaded" + }, + { + "name": "34267", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34267" + }, + { + "name": "RHSA-2009:0336", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0336.html" + }, + { + "name": "38833", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38833" + }, + { + "name": "1021884", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021884" + }, + { + "name": "DSA-1747", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1747" + }, + { + "name": "34317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34317" + }, + { + "name": "SUSE-SA:2009:026", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00014.html" + }, + { + "name": "FEDORA-2009-2657", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-package-announce/2009-April/msg00744.html" + }, + { + "name": "34416", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34416" + }, + { + "name": "http://svn.gnome.org/viewvc/glib?view=revision&revision=7973", + "refsource": "CONFIRM", + "url": "http://svn.gnome.org/viewvc/glib?view=revision&revision=7973" + }, + { + "name": "oval:org.mitre.oval:def:8360", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8360" + }, + { + "name": "34404", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34404" + }, + { + "name": "glib-gbase64-bo(49272)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49272" + }, + { + "name": "34890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34890" + }, + { + "name": "ADV-2010-0528", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0528" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2008-015.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2008-015.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4319.json b/2008/4xxx/CVE-2008-4319.json index 57ad1e10b0a..8a3e5bb4d04 100644 --- a/2008/4xxx/CVE-2008-4319.json +++ b/2008/4xxx/CVE-2008-4319.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080925 Fwd: Returned post for bugtraq@securityfocus.com", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496742" - }, - { - "name" : "6567", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6567" - }, - { - "name" : "31415", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31415" - }, - { - "name" : "librafilemanager-fileadmin-security-bypass(45423)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6567", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6567" + }, + { + "name": "31415", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31415" + }, + { + "name": "20080925 Fwd: Returned post for bugtraq@securityfocus.com", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496742" + }, + { + "name": "librafilemanager-fileadmin-security-bypass(45423)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45423" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4521.json b/2008/4xxx/CVE-2008-4521.json index 6988b89ac76..5e130f0a157 100644 --- a/2008/4xxx/CVE-2008-4521.json +++ b/2008/4xxx/CVE-2008-4521.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the INFO_RAID_ID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6682", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6682" - }, - { - "name" : "31579", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31579" - }, - { - "name" : "4384", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4384" - }, - { - "name" : "raidtrackerpanel-thisraidprog-sql-injection(45675)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45675" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the INFO_RAID_ID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6682", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6682" + }, + { + "name": "raidtrackerpanel-thisraidprog-sql-injection(45675)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45675" + }, + { + "name": "31579", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31579" + }, + { + "name": "4384", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4384" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4830.json b/2008/4xxx/CVE-2008-4830.json index e8e6a719ef3..32c15cef551 100644 --- a/2008/4xxx/CVE-2008-4830.json +++ b/2008/4xxx/CVE-2008-4830.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read or execute arbitrary files via the OpenDocument method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2008-4830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090415 Secunia Research: SAP GUI KWEdit ActiveX Control \"SaveDocumentAs()\" Insecure Method", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502698/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2008-56/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2008-56/" - }, - { - "name" : "34524", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34524" - }, - { - "name" : "1022062", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022062" - }, - { - "name" : "32869", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32869" - }, - { - "name" : "ADV-2009-1043", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1043" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read or execute arbitrary files via the OpenDocument method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secunia.com/secunia_research/2008-56/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2008-56/" + }, + { + "name": "32869", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32869" + }, + { + "name": "20090415 Secunia Research: SAP GUI KWEdit ActiveX Control \"SaveDocumentAs()\" Insecure Method", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502698/100/0/threaded" + }, + { + "name": "ADV-2009-1043", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1043" + }, + { + "name": "34524", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34524" + }, + { + "name": "1022062", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022062" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7174.json b/2008/7xxx/CVE-2008-7174.json index d7e7f2af35f..aa5fc8e395d 100644 --- a/2008/7xxx/CVE-2008-7174.json +++ b/2008/7xxx/CVE-2008-7174.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the Jura Internet Connection Kit for the Jura Impressa F90 coffee maker allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors related to improper use of the gets and sprintf functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080617 Hacking Coffee Makers.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493387/100/0/threaded" - }, - { - "name" : "20080618 A more detailed description of the Jura F90 vulnerability.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493433/100/0/threaded" - }, - { - "name" : "http://news.cnet.com/8301-10784_3-9970757-7.html", - "refsource" : "MISC", - "url" : "http://news.cnet.com/8301-10784_3-9970757-7.html" - }, - { - "name" : "29767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the Jura Internet Connection Kit for the Jura Impressa F90 coffee maker allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors related to improper use of the gets and sprintf functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29767" + }, + { + "name": "20080618 A more detailed description of the Jura F90 vulnerability.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493433/100/0/threaded" + }, + { + "name": "http://news.cnet.com/8301-10784_3-9970757-7.html", + "refsource": "MISC", + "url": "http://news.cnet.com/8301-10784_3-9970757-7.html" + }, + { + "name": "20080617 Hacking Coffee Makers.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493387/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2178.json b/2013/2xxx/CVE-2013-2178.json index 9d5d8f86f44..82afebdab80 100644 --- a/2013/2xxx/CVE-2013-2178.json +++ b/2013/2xxx/CVE-2013-2178.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130613 Re: Re: Fail2ban 0.8.9, Denial of Service (Apache rules only)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/06/13/7" - }, - { - "name" : "https://vndh.net/note:fail2ban-089-denial-service", - "refsource" : "MISC", - "url" : "https://vndh.net/note:fail2ban-089-denial-service" - }, - { - "name" : "https://raw.github.com/fail2ban/fail2ban/master/ChangeLog", - "refsource" : "CONFIRM", - "url" : "https://raw.github.com/fail2ban/fail2ban/master/ChangeLog" - }, - { - "name" : "DSA-2708", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2708" - }, - { - "name" : "openSUSE-SU-2014:0348", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html" - }, - { - "name" : "oval:org.mitre.oval:def:17338", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:17338", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17338" + }, + { + "name": "[oss-security] 20130613 Re: Re: Fail2ban 0.8.9, Denial of Service (Apache rules only)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/06/13/7" + }, + { + "name": "DSA-2708", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2708" + }, + { + "name": "openSUSE-SU-2014:0348", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html" + }, + { + "name": "https://raw.github.com/fail2ban/fail2ban/master/ChangeLog", + "refsource": "CONFIRM", + "url": "https://raw.github.com/fail2ban/fail2ban/master/ChangeLog" + }, + { + "name": "https://vndh.net/note:fail2ban-089-denial-service", + "refsource": "MISC", + "url": "https://vndh.net/note:fail2ban-089-denial-service" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2276.json b/2013/2xxx/CVE-2013-2276.json index 234f8112c31..a7278f74672 100644 --- a/2013/2xxx/CVE-2013-2276.json +++ b/2013/2xxx/CVE-2013-2276.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2276", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted audio data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8a6449167a6da8cb747cfe3502ae86ffaac2ed48", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8a6449167a6da8cb747cfe3502ae86ffaac2ed48" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted audio data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8a6449167a6da8cb747cfe3502ae86ffaac2ed48", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8a6449167a6da8cb747cfe3502ae86ffaac2ed48" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3435.json b/2013/3xxx/CVE-2013-3435.json index 4303bd4aa6b..4ca001260a1 100644 --- a/2013/3xxx/CVE-2013-3435.json +++ b/2013/3xxx/CVE-2013-3435.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cisco Unified IP Conference Station 7937G allows remote attackers to cause a denial of service (networking outage) via a flood of TCP packets, aka Bug ID CSCuh42052." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-3435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=30152", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=30152" - }, - { - "name" : "20130719 Cisco Unified IP Conference Station 7937G Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3435" - }, - { - "name" : "95471", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95471" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cisco Unified IP Conference Station 7937G allows remote attackers to cause a denial of service (networking outage) via a flood of TCP packets, aka Bug ID CSCuh42052." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130719 Cisco Unified IP Conference Station 7937G Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3435" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30152", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30152" + }, + { + "name": "95471", + "refsource": "OSVDB", + "url": "http://osvdb.org/95471" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3745.json b/2013/3xxx/CVE-2013-3745.json index 042ed170e97..7e4b8bda266 100644 --- a/2013/3xxx/CVE-2013-3745.json +++ b/2013/3xxx/CVE-2013-3745.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-3745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" - }, - { - "name" : "oval:org.mitre.oval:def:19442", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" + }, + { + "name": "oval:org.mitre.oval:def:19442", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19442" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3901.json b/2013/3xxx/CVE-2013-3901.json index 9227cc13494..c4f01eb3333 100644 --- a/2013/3xxx/CVE-2013-3901.json +++ b/2013/3xxx/CVE-2013-3901.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3901", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-3901", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6130.json b/2013/6xxx/CVE-2013-6130.json index 7930b3fd883..41c91464bb7 100644 --- a/2013/6xxx/CVE-2013-6130.json +++ b/2013/6xxx/CVE-2013-6130.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6130", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6130", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6162.json b/2013/6xxx/CVE-2013-6162.json index 3fd4140e2ba..c5a20a4464f 100644 --- a/2013/6xxx/CVE-2013-6162.json +++ b/2013/6xxx/CVE-2013-6162.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Code-Crafters Ability Mail Server 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "30373", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/30373" - }, - { - "name" : "abilitymailserver-cve20136162-xss(89807)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Code-Crafters Ability Mail Server 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30373", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/30373" + }, + { + "name": "abilitymailserver-cve20136162-xss(89807)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89807" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6435.json b/2013/6xxx/CVE-2013-6435.json index 76fc67abbb8..30d54224f6d 100644 --- a/2013/6xxx/CVE-2013-6435.json +++ b/2013/6xxx/CVE-2013-6435.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1039811", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1039811" - }, - { - "name" : "https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/", - "refsource" : "CONFIRM", - "url" : "https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0529.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0529.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" - }, - { - "name" : "DSA-3129", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3129" - }, - { - "name" : "GLSA-201811-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-22" - }, - { - "name" : "MDVSA-2014:251", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:251" - }, - { - "name" : "MDVSA-2015:056", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:056" - }, - { - "name" : "RHSA-2014:1974", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1974.html" - }, - { - "name" : "RHSA-2014:1975", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1975.html" - }, - { - "name" : "RHSA-2014:1976", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1976.html" - }, - { - "name" : "71558", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71558" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "MDVSA-2015:056", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:056" + }, + { + "name": "GLSA-201811-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-22" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0529.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0529.html" + }, + { + "name": "https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/", + "refsource": "CONFIRM", + "url": "https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/" + }, + { + "name": "RHSA-2014:1975", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1975.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1039811", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039811" + }, + { + "name": "MDVSA-2014:251", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:251" + }, + { + "name": "71558", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71558" + }, + { + "name": "RHSA-2014:1974", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1974.html" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" + }, + { + "name": "DSA-3129", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3129" + }, + { + "name": "RHSA-2014:1976", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1976.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6591.json b/2013/6xxx/CVE-2013-6591.json index a8b01978da2..e59e3e7d543 100644 --- a/2013/6xxx/CVE-2013-6591.json +++ b/2013/6xxx/CVE-2013-6591.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6591", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6591", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6939.json b/2013/6xxx/CVE-2013-6939.json index b901bfe4a86..e02a105fd51 100644 --- a/2013/6xxx/CVE-2013-6939.json +++ b/2013/6xxx/CVE-2013-6939.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6939", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows attackers to cause a denial of service via unknown vectors, related to \"RADIUS authentication.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.citrix.com/article/CTX139049", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX139049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows attackers to cause a denial of service via unknown vectors, related to \"RADIUS authentication.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.citrix.com/article/CTX139049", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX139049" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7110.json b/2013/7xxx/CVE-2013-7110.json index 6a454411ff3..19446642f6a 100644 --- a/2013/7xxx/CVE-2013-7110.json +++ b/2013/7xxx/CVE-2013-7110.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-7110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131213 Re: CVE-2013-2073 transifex-client: Does not validate HTTPS server certificate (fixed in transifex-client v0.9)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/12/13/5" - }, - { - "name" : "[oss-security] 20131215 Re: CVE-2013-2073 transifex-client: Does not validate HTTPS server certificate (fixed in transifex-client v0.9)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/12/15/3" - }, - { - "name" : "https://github.com/transifex/transifex-client/issues/42", - "refsource" : "CONFIRM", - "url" : "https://github.com/transifex/transifex-client/issues/42" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20131213 Re: CVE-2013-2073 transifex-client: Does not validate HTTPS server certificate (fixed in transifex-client v0.9)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/12/13/5" + }, + { + "name": "https://github.com/transifex/transifex-client/issues/42", + "refsource": "CONFIRM", + "url": "https://github.com/transifex/transifex-client/issues/42" + }, + { + "name": "[oss-security] 20131215 Re: CVE-2013-2073 transifex-client: Does not validate HTTPS server certificate (fixed in transifex-client v0.9)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/12/15/3" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7277.json b/2013/7xxx/CVE-2013-7277.json index eb17b64acb1..a0af5b1104e 100644 --- a/2013/7xxx/CVE-2013-7277.json +++ b/2013/7xxx/CVE-2013-7277.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to saa.php, (2) username parameter to login.php, or (3) keyword_list parameter to keysearch.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.netsparker.com/critical-xss-vulnerabilities-andy-php-knowledgebase", - "refsource" : "MISC", - "url" : "https://www.netsparker.com/critical-xss-vulnerabilities-andy-php-knowledgebase" - }, - { - "name" : "http://aphpkb.blogspot.dk/2013/12/release-of-aphpkb-0958.html", - "refsource" : "CONFIRM", - "url" : "http://aphpkb.blogspot.dk/2013/12/release-of-aphpkb-0958.html" - }, - { - "name" : "http://sourceforge.net/p/aphpkb/code/91", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/p/aphpkb/code/91" - }, - { - "name" : "64550", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64550" - }, - { - "name" : "101467", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101467" - }, - { - "name" : "101491", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101491" - }, - { - "name" : "101492", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101492" - }, - { - "name" : "56228", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to saa.php, (2) username parameter to login.php, or (3) keyword_list parameter to keysearch.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64550", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64550" + }, + { + "name": "101492", + "refsource": "OSVDB", + "url": "http://osvdb.org/101492" + }, + { + "name": "https://www.netsparker.com/critical-xss-vulnerabilities-andy-php-knowledgebase", + "refsource": "MISC", + "url": "https://www.netsparker.com/critical-xss-vulnerabilities-andy-php-knowledgebase" + }, + { + "name": "http://sourceforge.net/p/aphpkb/code/91", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/p/aphpkb/code/91" + }, + { + "name": "http://aphpkb.blogspot.dk/2013/12/release-of-aphpkb-0958.html", + "refsource": "CONFIRM", + "url": "http://aphpkb.blogspot.dk/2013/12/release-of-aphpkb-0958.html" + }, + { + "name": "101467", + "refsource": "OSVDB", + "url": "http://osvdb.org/101467" + }, + { + "name": "101491", + "refsource": "OSVDB", + "url": "http://osvdb.org/101491" + }, + { + "name": "56228", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56228" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10069.json b/2017/10xxx/CVE-2017-10069.json index 465ea6f3223..3c918e3659a 100644 --- a/2017/10xxx/CVE-2017-10069.json +++ b/2017/10xxx/CVE-2017-10069.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Payment Gateway Services", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "6.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Payment Interface component of Oracle Hospitality Applications (subcomponent: Core). The supported version that is affected is 6.1.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Payment Interface. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Payment Interface accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Payment Interface. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Payment Interface accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Payment Gateway Services", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99721", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99721" - }, - { - "name" : "1038941", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Payment Interface component of Oracle Hospitality Applications (subcomponent: Core). The supported version that is affected is 6.1.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Payment Interface. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Payment Interface accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Payment Interface. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Payment Interface accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038941", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038941" + }, + { + "name": "99721", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99721" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10144.json b/2017/10xxx/CVE-2017-10144.json index 7c013959a31..30055fe2d67 100644 --- a/2017/10xxx/CVE-2017-10144.json +++ b/2017/10xxx/CVE-2017-10144.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Applications Manager. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99685", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99685" - }, - { - "name" : "1038926", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038926" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Applications Manager. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99685", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99685" + }, + { + "name": "1038926", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038926" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10913.json b/2017/10xxx/CVE-2017-10913.json index e4de2b48aa7..07048617f3b 100644 --- a/2017/10xxx/CVE-2017-10913.json +++ b/2017/10xxx/CVE-2017-10913.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10913", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10913", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://xenbits.xen.org/xsa/advisory-218.html", - "refsource" : "CONFIRM", - "url" : "https://xenbits.xen.org/xsa/advisory-218.html" - }, - { - "name" : "DSA-3969", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3969" - }, - { - "name" : "GLSA-201708-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201708-03" - }, - { - "name" : "GLSA-201710-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-17" - }, - { - "name" : "99411", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99411" - }, - { - "name" : "1038722", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038722" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038722", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038722" + }, + { + "name": "GLSA-201708-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201708-03" + }, + { + "name": "DSA-3969", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3969" + }, + { + "name": "99411", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99411" + }, + { + "name": "https://xenbits.xen.org/xsa/advisory-218.html", + "refsource": "CONFIRM", + "url": "https://xenbits.xen.org/xsa/advisory-218.html" + }, + { + "name": "GLSA-201710-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-17" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14072.json b/2017/14xxx/CVE-2017-14072.json index 845452d4d82..a48a26c936c 100644 --- a/2017/14xxx/CVE-2017-14072.json +++ b/2017/14xxx/CVE-2017-14072.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14072", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14072", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14501.json b/2017/14xxx/CVE-2017-14501.json index 91bbeeba184..98402523ae7 100644 --- a/2017/14xxx/CVE-2017-14501.json +++ b/2017/14xxx/CVE-2017-14501.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181129 [SECURITY] [DLA 1600-1] libarchive security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html" - }, - { - "name" : "https://bugs.debian.org/875966", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/875966" - }, - { - "name" : "https://github.com/libarchive/libarchive/issues/949", - "refsource" : "MISC", - "url" : "https://github.com/libarchive/libarchive/issues/949" - }, - { - "name" : "DSA-4360", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4360" - }, - { - "name" : "USN-3736-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3736-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/libarchive/libarchive/issues/949", + "refsource": "MISC", + "url": "https://github.com/libarchive/libarchive/issues/949" + }, + { + "name": "[debian-lts-announce] 20181129 [SECURITY] [DLA 1600-1] libarchive security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html" + }, + { + "name": "DSA-4360", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4360" + }, + { + "name": "USN-3736-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3736-1/" + }, + { + "name": "https://bugs.debian.org/875966", + "refsource": "MISC", + "url": "https://bugs.debian.org/875966" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14747.json b/2017/14xxx/CVE-2017-14747.json index 0745d23df00..a3152e97d45 100644 --- a/2017/14xxx/CVE-2017-14747.json +++ b/2017/14xxx/CVE-2017-14747.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14747", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14747", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17350.json b/2017/17xxx/CVE-2017-17350.json index d2ee0dd9e6c..ba7f07fb39a 100644 --- a/2017/17xxx/CVE-2017-17350.json +++ b/2017/17xxx/CVE-2017-17350.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17350", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17350", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17383.json b/2017/17xxx/CVE-2017-17383.json index ac906249fa7..4698d0543bc 100644 --- a/2017/17xxx/CVE-2017-17383.json +++ b/2017/17xxx/CVE-2017-17383.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://vsintelli.com/portal/blog/23-security-advisory-2017-12-04", - "refsource" : "MISC", - "url" : "http://vsintelli.com/portal/blog/23-security-advisory-2017-12-04" - }, - { - "name" : "https://jenkins.io/security/advisory/2017-12-05/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2017-12-05/" - }, - { - "name" : "102130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://vsintelli.com/portal/blog/23-security-advisory-2017-12-04", + "refsource": "MISC", + "url": "http://vsintelli.com/portal/blog/23-security-advisory-2017-12-04" + }, + { + "name": "102130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102130" + }, + { + "name": "https://jenkins.io/security/advisory/2017-12-05/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2017-12-05/" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17499.json b/2017/17xxx/CVE-2017-17499.json index 91d54e76ec3..dd70c44c9d3 100644 --- a/2017/17xxx/CVE-2017-17499.json +++ b/2017/17xxx/CVE-2017-17499.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/8c35502217c1879cb8257c617007282eee3fe1cc", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/8c35502217c1879cb8257c617007282eee3fe1cc" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/dd96d671e4d5ae22c6894c302e8996c13f24c45a", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/dd96d671e4d5ae22c6894c302e8996c13f24c45a" - }, - { - "name" : "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=33078&sid=5fbb164c3830293138917f9b14264ed1", - "refsource" : "CONFIRM", - "url" : "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=33078&sid=5fbb164c3830293138917f9b14264ed1" - }, - { - "name" : "DSA-4074", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4074" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - }, - { - "name" : "102155", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + }, + { + "name": "DSA-4074", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4074" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/dd96d671e4d5ae22c6894c302e8996c13f24c45a", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/dd96d671e4d5ae22c6894c302e8996c13f24c45a" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/8c35502217c1879cb8257c617007282eee3fe1cc", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/8c35502217c1879cb8257c617007282eee3fe1cc" + }, + { + "name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=33078&sid=5fbb164c3830293138917f9b14264ed1", + "refsource": "CONFIRM", + "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=33078&sid=5fbb164c3830293138917f9b14264ed1" + }, + { + "name": "102155", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102155" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17577.json b/2017/17xxx/CVE-2017-17577.json index 4e643df5b12..0cd8f3aaa96 100644 --- a/2017/17xxx/CVE-2017-17577.json +++ b/2017/17xxx/CVE-2017-17577.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43260", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43260/" - }, - { - "name" : "https://packetstormsecurity.com/files/145296/FS-Trademe-Clone-1.0-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/145296/FS-Trademe-Clone-1.0-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43260", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43260/" + }, + { + "name": "https://packetstormsecurity.com/files/145296/FS-Trademe-Clone-1.0-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/145296/FS-Trademe-Clone-1.0-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9428.json b/2017/9xxx/CVE-2017-9428.json index 21ddddb6d74..58cecfd090d 100644 --- a/2017/9xxx/CVE-2017-9428.json +++ b/2017/9xxx/CVE-2017-9428.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A directory traversal vulnerability exists in core\\admin\\ajax\\developer\\extensions\\file-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via ..\\ sequences in the directory parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/bigtreecms/BigTree-CMS/issues/289", - "refsource" : "MISC", - "url" : "https://github.com/bigtreecms/BigTree-CMS/issues/289" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A directory traversal vulnerability exists in core\\admin\\ajax\\developer\\extensions\\file-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via ..\\ sequences in the directory parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bigtreecms/BigTree-CMS/issues/289", + "refsource": "MISC", + "url": "https://github.com/bigtreecms/BigTree-CMS/issues/289" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9590.json b/2017/9xxx/CVE-2017-9590.json index a7964f3a2e5..2cd3b05dc7f 100644 --- a/2017/9xxx/CVE-2017-9590.json +++ b/2017/9xxx/CVE-2017-9590.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"State Bank of Waterloo Mobile Banking\" by State Bank of Waterloo app 3.0.2 -- aka state-bank-of-waterloo-mobile-banking/id555321714 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"State Bank of Waterloo Mobile Banking\" by State Bank of Waterloo app 3.0.2 -- aka state-bank-of-waterloo-mobile-banking/id555321714 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9762.json b/2017/9xxx/CVE-2017-9762.json index d850d9dfe0f..3cedb8098b0 100644 --- a/2017/9xxx/CVE-2017-9762.json +++ b/2017/9xxx/CVE-2017-9762.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/radare/radare2/issues/7726", - "refsource" : "CONFIRM", - "url" : "https://github.com/radare/radare2/issues/7726" - }, - { - "name" : "99140", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99140" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/radare/radare2/issues/7726", + "refsource": "CONFIRM", + "url": "https://github.com/radare/radare2/issues/7726" + }, + { + "name": "99140", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99140" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0155.json b/2018/0xxx/CVE-2018-0155.json index 40156f653f1..7fdc7808398 100644 --- a/2018/0xxx/CVE-2018-0155.json +++ b/2018/0xxx/CVE-2018-0155.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS and IOS XE", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS and IOS XE" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected switch. A successful exploit could allow the attacker to trigger a reload of the system. This vulnerability affects Catalyst 4500 Supervisor Engine 6-E (K5), Catalyst 4500 Supervisor Engine 6L-E (K10), Catalyst 4500 Supervisor Engine 7-E (K10), Catalyst 4500 Supervisor Engine 7L-E (K10), Catalyst 4500E Supervisor Engine 8-E (K10), Catalyst 4500E Supervisor Engine 8L-E (K10), Catalyst 4500E Supervisor Engine 9-E (K10), Catalyst 4500-X Series Switches (K10), Catalyst 4900M Switch (K5), Catalyst 4948E Ethernet Switch (K5). Cisco Bug IDs: CSCvc40729." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-388" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS and IOS XE", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS and IOS XE" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05" - }, - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-bfd", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-bfd" - }, - { - "name" : "103565", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103565" - }, - { - "name" : "1040587", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040587" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected switch. A successful exploit could allow the attacker to trigger a reload of the system. This vulnerability affects Catalyst 4500 Supervisor Engine 6-E (K5), Catalyst 4500 Supervisor Engine 6L-E (K10), Catalyst 4500 Supervisor Engine 7-E (K10), Catalyst 4500 Supervisor Engine 7L-E (K10), Catalyst 4500E Supervisor Engine 8-E (K10), Catalyst 4500E Supervisor Engine 8L-E (K10), Catalyst 4500E Supervisor Engine 9-E (K10), Catalyst 4500-X Series Switches (K10), Catalyst 4900M Switch (K5), Catalyst 4948E Ethernet Switch (K5). Cisco Bug IDs: CSCvc40729." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-388" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040587", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040587" + }, + { + "name": "103565", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103565" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-bfd", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-bfd" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0269.json b/2018/0xxx/CVE-2018-0269.json index f2a90aefd22..737d925ddd8 100644 --- a/2018/0xxx/CVE-2018-0269.json +++ b/2018/0xxx/CVE-2018-0269.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco DNA Center", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco DNA Center" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource Sharing (CORS) policy. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. An exploit could allow the attacker to communicate with the API and exfiltrate sensitive information. Cisco Bug IDs: CSCvh99208." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco DNA Center", + "version": { + "version_data": [ + { + "version_value": "Cisco DNA Center" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-dna1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-dna1" - }, - { - "name" : "103950", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource Sharing (CORS) policy. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. An exploit could allow the attacker to communicate with the API and exfiltrate sensitive information. Cisco Bug IDs: CSCvh99208." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-dna1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-dna1" + }, + { + "name": "103950", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103950" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0820.json b/2018/0xxx/CVE-2018-0820.json index 2e212ecd287..a77ac70573d 100644 --- a/2018/0xxx/CVE-2018-0820.json +++ b/2018/0xxx/CVE-2018-0820.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2018-0820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka \"Windows Kernel Elevation Of Privilege Vulnerability\". This CVE is unique from CVE-2018-0742, CVE-2018-0756, CVE-2018-0809 and CVE-2018-0843." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-0820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0820", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0820" - }, - { - "name" : "102945", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102945" - }, - { - "name" : "1040373", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka \"Windows Kernel Elevation Of Privilege Vulnerability\". This CVE is unique from CVE-2018-0742, CVE-2018-0756, CVE-2018-0809 and CVE-2018-0843." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0820", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0820" + }, + { + "name": "102945", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102945" + }, + { + "name": "1040373", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040373" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0862.json b/2018/0xxx/CVE-2018-0862.json index 73c27134772..f7e83ac0234 100644 --- a/2018/0xxx/CVE-2018-0862.json +++ b/2018/0xxx/CVE-2018-0862.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-01-19T00:00:00", - "ID" : "CVE-2018-0862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Equation Editor", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-01-19T00:00:00", + "ID": "CVE-2018-0862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Equation Editor", + "version": { + "version_data": [ + { + "version_value": "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0862", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0862" - }, - { - "name" : "102749", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0862", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0862" + }, + { + "name": "102749", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102749" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000226.json b/2018/1000xxx/CVE-2018-1000226.json index 1d51ea676c0..ddf7d3817a0 100644 --- a/2018/1000xxx/CVE-2018-1000226.json +++ b/2018/1000xxx/CVE-2018-1000226.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-08-02T16:41:53.516803", - "DATE_REQUESTED" : "2018-08-02T16:12:25", - "ID" : "CVE-2018-1000226", - "REQUESTER" : "cvereports@movermeyer.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cobbler", - "version" : { - "version_data" : [ - { - "version_value" : "Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable" - } - ] - } - } - ] - }, - "vendor_name" : "Cobbler" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via \"network connectivity\". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-08-02T16:41:53.516803", + "DATE_REQUESTED": "2018-08-02T16:12:25", + "ID": "CVE-2018-1000226", + "REQUESTER": "cvereports@movermeyer.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/", - "refsource" : "MISC", - "url" : "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/" - }, - { - "name" : "https://github.com/cobbler/cobbler/issues/1916", - "refsource" : "CONFIRM", - "url" : "https://github.com/cobbler/cobbler/issues/1916" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via \"network connectivity\". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/", + "refsource": "MISC", + "url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/" + }, + { + "name": "https://github.com/cobbler/cobbler/issues/1916", + "refsource": "CONFIRM", + "url": "https://github.com/cobbler/cobbler/issues/1916" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19016.json b/2018/19xxx/CVE-2018-19016.json index 9820e8a8ffc..35c8e34eb8e 100644 --- a/2018/19xxx/CVE-2018-19016.json +++ b/2018/19xxx/CVE-2018-19016.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19016", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19016", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19120.json b/2018/19xxx/CVE-2018-19120.json index 993d4aa45db..6baac4b55ca 100644 --- a/2018/19xxx/CVE-2018-19120.json +++ b/2018/19xxx/CVE-2018-19120.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1649420", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1649420" - }, - { - "name" : "FEDORA-2018-2e64407bef", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWRCGXLPJHM4OFD66BINH2FIMYHRCRKF/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1649420", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649420" + }, + { + "name": "FEDORA-2018-2e64407bef", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWRCGXLPJHM4OFD66BINH2FIMYHRCRKF/" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19158.json b/2018/19xxx/CVE-2018-19158.json index 9f6db0b2734..02b637aff34 100644 --- a/2018/19xxx/CVE-2018-19158.json +++ b/2018/19xxx/CVE-2018-19158.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19158", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ColossusCoinXT through 1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806", + "refsource": "MISC", + "name": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806" + }, + { + "url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf", + "refsource": "MISC", + "name": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/ColossusCoinXT/ColossusCoinXT/compare/0223904...9666bb8", + "url": "https://github.com/ColossusCoinXT/ColossusCoinXT/compare/0223904...9666bb8" } ] } diff --git a/2018/19xxx/CVE-2018-19480.json b/2018/19xxx/CVE-2018-19480.json index 599dbd9cfdc..139d9c8250b 100644 --- a/2018/19xxx/CVE-2018-19480.json +++ b/2018/19xxx/CVE-2018-19480.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19480", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19480", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1286.json b/2018/1xxx/CVE-2018-1286.json index a664ef70ab9..fd4100ab2bc 100644 --- a/2018/1xxx/CVE-2018-1286.json +++ b/2018/1xxx/CVE-2018-1286.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-02-25T00:00:00", - "ID" : "CVE-2018-1286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache OpenMeetings", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.0 - 4.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient Access Controls" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-02-25T00:00:00", + "ID": "CVE-2018-1286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache OpenMeetings", + "version": { + "version_data": [ + { + "version_value": "3.0.0 - 4.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[user] 20180225 [ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/dc2151baa5301bae773603cede0d62c21ee28588dd06e5e9253c13a8@%3Cuser.openmeetings.apache.org%3E" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient Access Controls" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[user] 20180225 [ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/dc2151baa5301bae773603cede0d62c21ee28588dd06e5e9253c13a8@%3Cuser.openmeetings.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1527.json b/2018/1xxx/CVE-2018-1527.json index e1a1def1dc4..c1d0cce8680 100644 --- a/2018/1xxx/CVE-2018-1527.json +++ b/2018/1xxx/CVE-2018-1527.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1527", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1527", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1686.json b/2018/1xxx/CVE-2018-1686.json index 880b19b0c0d..aaeffce0d50 100644 --- a/2018/1xxx/CVE-2018-1686.json +++ b/2018/1xxx/CVE-2018-1686.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-10-03T00:00:00", - "ID" : "CVE-2018-1686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Maximo Asset Management", - "version" : { - "version_data" : [ - { - "version_value" : "7.6" - }, - { - "version_value" : "7.6.0" - }, - { - "version_value" : "7.6.0.1" - }, - { - "version_value" : "7.6.1" - }, - { - "version_value" : "7.6.2" - }, - { - "version_value" : "7.6.2.1" - }, - { - "version_value" : "7.6.2.2" - }, - { - "version_value" : "7.6.2.3" - }, - { - "version_value" : "7.6.2.4" - }, - { - "version_value" : "7.6.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145505." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-10-03T00:00:00", + "ID": "CVE-2018-1686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Maximo Asset Management", + "version": { + "version_data": [ + { + "version_value": "7.6" + }, + { + "version_value": "7.6.0" + }, + { + "version_value": "7.6.0.1" + }, + { + "version_value": "7.6.1" + }, + { + "version_value": "7.6.2" + }, + { + "version_value": "7.6.2.1" + }, + { + "version_value": "7.6.2.2" + }, + { + "version_value": "7.6.2.3" + }, + { + "version_value": "7.6.2.4" + }, + { + "version_value": "7.6.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10728865", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10728865" - }, - { - "name" : "ibm-maximo-cve20181686-xss(145505)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145505." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-maximo-cve20181686-xss(145505)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145505" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10728865", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10728865" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4000.json b/2018/4xxx/CVE-2018-4000.json index fb92b7c2461..7e638b75bb6 100644 --- a/2018/4xxx/CVE-2018-4000.json +++ b/2018/4xxx/CVE-2018-4000.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-10-01T00:00:00", - "ID" : "CVE-2018-4000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Atlantis Word Processor", - "version" : { - "version_data" : [ - { - "version_value" : "3.2.5.0" - } - ] - } - } - ] - }, - "vendor_name" : "The Atlantis Word Processor Team" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in a double-free vulnerability when both the references go out of scope. An attacker must convince a victim to open a document in order to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "double free code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-10-01T00:00:00", + "ID": "CVE-2018-4000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Atlantis Word Processor", + "version": { + "version_data": [ + { + "version_value": "3.2.5.0" + } + ] + } + } + ] + }, + "vendor_name": "The Atlantis Word Processor Team" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0668", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in a double-free vulnerability when both the references go out of scope. An attacker must convince a victim to open a document in order to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "double free code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0668", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0668" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4129.json b/2018/4xxx/CVE-2018-4129.json index 6f30a97305a..f650b5fcc7a 100644 --- a/2018/4xxx/CVE-2018-4129.json +++ b/2018/4xxx/CVE-2018-4129.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208693", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208693" - }, - { - "name" : "https://support.apple.com/HT208694", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208694" - }, - { - "name" : "https://support.apple.com/HT208695", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208695" - }, - { - "name" : "https://support.apple.com/HT208696", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208696" - }, - { - "name" : "https://support.apple.com/HT208697", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208697" - }, - { - "name" : "https://support.apple.com/HT208698", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208698" - }, - { - "name" : "GLSA-201808-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201808-04" - }, - { - "name" : "USN-3635-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3635-1/" - }, - { - "name" : "1040604", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040604", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040604" + }, + { + "name": "https://support.apple.com/HT208698", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208698" + }, + { + "name": "GLSA-201808-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201808-04" + }, + { + "name": "https://support.apple.com/HT208696", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208696" + }, + { + "name": "https://support.apple.com/HT208693", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208693" + }, + { + "name": "https://support.apple.com/HT208694", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208694" + }, + { + "name": "https://support.apple.com/HT208697", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208697" + }, + { + "name": "USN-3635-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3635-1/" + }, + { + "name": "https://support.apple.com/HT208695", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208695" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4569.json b/2018/4xxx/CVE-2018-4569.json index 53161bc45c3..3ef06fd3a21 100644 --- a/2018/4xxx/CVE-2018-4569.json +++ b/2018/4xxx/CVE-2018-4569.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4569", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4569", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file