From 6eebba9a4dd6055acbccb8f96eb7c71e5d86cea2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:48:15 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2008/0xxx/CVE-2008-0508.json | 190 +++++++++++++-------------- 2008/0xxx/CVE-2008-0552.json | 170 ++++++++++++------------- 2008/0xxx/CVE-2008-0756.json | 170 ++++++++++++------------- 2008/0xxx/CVE-2008-0911.json | 140 ++++++++++---------- 2008/1xxx/CVE-2008-1255.json | 140 ++++++++++---------- 2008/1xxx/CVE-2008-1304.json | 180 +++++++++++++------------- 2008/1xxx/CVE-2008-1630.json | 160 +++++++++++------------ 2008/5xxx/CVE-2008-5675.json | 160 +++++++++++------------ 2008/5xxx/CVE-2008-5768.json | 150 +++++++++++----------- 2008/5xxx/CVE-2008-5872.json | 170 ++++++++++++------------- 2013/0xxx/CVE-2013-0144.json | 120 ++++++++--------- 2013/0xxx/CVE-2013-0196.json | 34 ++--- 2013/0xxx/CVE-2013-0690.json | 34 ++--- 2013/0xxx/CVE-2013-0838.json | 140 ++++++++++---------- 2013/3xxx/CVE-2013-3076.json | 180 +++++++++++++------------- 2013/3xxx/CVE-2013-3293.json | 34 ++--- 2013/3xxx/CVE-2013-3740.json | 34 ++--- 2013/4xxx/CVE-2013-4287.json | 200 ++++++++++++++--------------- 2013/4xxx/CVE-2013-4392.json | 140 ++++++++++---------- 2013/4xxx/CVE-2013-4434.json | 190 +++++++++++++-------------- 2013/4xxx/CVE-2013-4556.json | 190 +++++++++++++-------------- 2013/4xxx/CVE-2013-4811.json | 160 +++++++++++------------ 2013/7xxx/CVE-2013-7122.json | 34 ++--- 2013/7xxx/CVE-2013-7249.json | 170 ++++++++++++------------- 2013/7xxx/CVE-2013-7449.json | 160 +++++++++++------------ 2017/10xxx/CVE-2017-10404.json | 140 ++++++++++---------- 2017/10xxx/CVE-2017-10833.json | 130 +++++++++---------- 2017/10xxx/CVE-2017-10967.json | 120 ++++++++--------- 2017/12xxx/CVE-2017-12616.json | 212 +++++++++++++++---------------- 2017/12xxx/CVE-2017-12763.json | 130 +++++++++---------- 2017/12xxx/CVE-2017-12951.json | 130 +++++++++---------- 2017/12xxx/CVE-2017-12979.json | 120 ++++++++--------- 2017/13xxx/CVE-2017-13412.json | 34 ++--- 2017/13xxx/CVE-2017-13555.json | 34 ++--- 2017/13xxx/CVE-2017-13777.json | 160 +++++++++++------------ 2017/16xxx/CVE-2017-16054.json | 122 +++++++++--------- 2017/17xxx/CVE-2017-17265.json | 34 ++--- 2017/17xxx/CVE-2017-17276.json | 34 ++--- 2017/17xxx/CVE-2017-17576.json | 130 +++++++++---------- 2018/18xxx/CVE-2018-18018.json | 34 ++--- 2018/18xxx/CVE-2018-18211.json | 120 ++++++++--------- 2018/18xxx/CVE-2018-18376.json | 120 ++++++++--------- 2018/18xxx/CVE-2018-18629.json | 140 ++++++++++---------- 2018/19xxx/CVE-2018-19121.json | 130 +++++++++---------- 2018/19xxx/CVE-2018-19289.json | 120 ++++++++--------- 2018/19xxx/CVE-2018-19333.json | 130 +++++++++---------- 2018/19xxx/CVE-2018-19393.json | 130 +++++++++---------- 2018/1xxx/CVE-2018-1076.json | 34 ++--- 2018/1xxx/CVE-2018-1361.json | 158 +++++++++++------------ 2018/1xxx/CVE-2018-1537.json | 34 ++--- 2018/1xxx/CVE-2018-1605.json | 226 ++++++++++++++++----------------- 2018/1xxx/CVE-2018-1945.json | 220 ++++++++++++++++---------------- 2018/5xxx/CVE-2018-5141.json | 162 +++++++++++------------ 53 files changed, 3369 insertions(+), 3369 deletions(-) diff --git a/2008/0xxx/CVE-2008-0508.json b/2008/0xxx/CVE-2008-0508.json index 43e5e897bf4..7f25b78244a 100644 --- a/2008/0xxx/CVE-2008-0508.json +++ b/2008/0xxx/CVE-2008-0508.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in deans_permalinks_migration.php in the Dean's Permalinks Migration 1.0 plugin for WordPress allows remote attackers to modify the oldstructure (aka dean_pm_config[oldstructure]) configuration setting as administrators via the old_struct parameter in a deans_permalinks_migration.php action to wp-admin/options-general.php, as demonstrated by placing an XSS sequence in this setting." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080122 XSRF under Deanâ??s Permalinks Migration 1.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/486840/100/0/threaded" - }, - { - "name" : "http://g30rg3x.com/wp-files/dpm_11gx.zip", - "refsource" : "MISC", - "url" : "http://g30rg3x.com/wp-files/dpm_11gx.zip" - }, - { - "name" : "http://g30rg3x.com/xsrf-bajo-deans-permalinks-migration-10", - "refsource" : "MISC", - "url" : "http://g30rg3x.com/xsrf-bajo-deans-permalinks-migration-10" - }, - { - "name" : "http://packetstorm.linuxsecurity.com/0801-advisories/deans-xsrf.txt", - "refsource" : "MISC", - "url" : "http://packetstorm.linuxsecurity.com/0801-advisories/deans-xsrf.txt" - }, - { - "name" : "ADV-2008-0281", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0281" - }, - { - "name" : "28593", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28593" - }, - { - "name" : "3595", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3595" - }, - { - "name" : "permalinks-deanpmconfig-csrf(39845)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in deans_permalinks_migration.php in the Dean's Permalinks Migration 1.0 plugin for WordPress allows remote attackers to modify the oldstructure (aka dean_pm_config[oldstructure]) configuration setting as administrators via the old_struct parameter in a deans_permalinks_migration.php action to wp-admin/options-general.php, as demonstrated by placing an XSS sequence in this setting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstorm.linuxsecurity.com/0801-advisories/deans-xsrf.txt", + "refsource": "MISC", + "url": "http://packetstorm.linuxsecurity.com/0801-advisories/deans-xsrf.txt" + }, + { + "name": "http://g30rg3x.com/wp-files/dpm_11gx.zip", + "refsource": "MISC", + "url": "http://g30rg3x.com/wp-files/dpm_11gx.zip" + }, + { + "name": "http://g30rg3x.com/xsrf-bajo-deans-permalinks-migration-10", + "refsource": "MISC", + "url": "http://g30rg3x.com/xsrf-bajo-deans-permalinks-migration-10" + }, + { + "name": "permalinks-deanpmconfig-csrf(39845)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39845" + }, + { + "name": "ADV-2008-0281", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0281" + }, + { + "name": "20080122 XSRF under Deanâ??s Permalinks Migration 1.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/486840/100/0/threaded" + }, + { + "name": "28593", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28593" + }, + { + "name": "3595", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3595" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0552.json b/2008/0xxx/CVE-2008-0552.json index 4faa34c983c..4d44f75d032 100644 --- a/2008/0xxx/CVE-2008-0552.json +++ b/2008/0xxx/CVE-2008-0552.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in eTicket 1.5.6-RC4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080127 eTicket 'index.php' Cross Site Scripting Path Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487133/100/0/threaded" - }, - { - "name" : "http://www.lonerunners.net/users/jekil/pub/hack-eticket/hack-eticket.txt", - "refsource" : "MISC", - "url" : "http://www.lonerunners.net/users/jekil/pub/hack-eticket/hack-eticket.txt" - }, - { - "name" : "27473", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27473" - }, - { - "name" : "1019278", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019278" - }, - { - "name" : "3601", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3601" - }, - { - "name" : "eticket-index-xss(39968)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in eTicket 1.5.6-RC4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "eticket-index-xss(39968)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39968" + }, + { + "name": "27473", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27473" + }, + { + "name": "http://www.lonerunners.net/users/jekil/pub/hack-eticket/hack-eticket.txt", + "refsource": "MISC", + "url": "http://www.lonerunners.net/users/jekil/pub/hack-eticket/hack-eticket.txt" + }, + { + "name": "1019278", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019278" + }, + { + "name": "20080127 eTicket 'index.php' Cross Site Scripting Path Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487133/100/0/threaded" + }, + { + "name": "3601", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3601" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0756.json b/2008/0xxx/CVE-2008-0756.json index a597e09998e..c5386c82109 100644 --- a/2008/0xxx/CVE-2008-0756.json +++ b/2008/0xxx/CVE-2008-0756.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; cyanPrintIP Easy OPI, Professional, and Basic 4.10.1030 and earlier; Workstation 4.10.836 and earlier; and Standard 4.10.940 and earlier; allows remote attackers to cause a denial of service (daemon crash) via a connection that begins with (1) a \"Send queue state\" LPD command 3 or (2) a \"Send queue state\" LPD command 4." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080211 Format string and DoS in Opium OPI and cyanPrintIP servers 4.10.x", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487955/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/cyanuro-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/cyanuro-adv.txt" - }, - { - "name" : "27728", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27728" - }, - { - "name" : "27734", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27734" - }, - { - "name" : "ADV-2008-0498", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0498" - }, - { - "name" : "28870", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; cyanPrintIP Easy OPI, Professional, and Basic 4.10.1030 and earlier; Workstation 4.10.836 and earlier; and Standard 4.10.940 and earlier; allows remote attackers to cause a denial of service (daemon crash) via a connection that begins with (1) a \"Send queue state\" LPD command 3 or (2) a \"Send queue state\" LPD command 4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0498", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0498" + }, + { + "name": "20080211 Format string and DoS in Opium OPI and cyanPrintIP servers 4.10.x", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487955/100/0/threaded" + }, + { + "name": "28870", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28870" + }, + { + "name": "27728", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27728" + }, + { + "name": "27734", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27734" + }, + { + "name": "http://aluigi.altervista.org/adv/cyanuro-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/cyanuro-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0911.json b/2008/0xxx/CVE-2008-0911.json index 5eff57b8362..aa7eeb94fe5 100644 --- a/2008/0xxx/CVE-2008-0911.json +++ b/2008/0xxx/CVE-2008-0911.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in productdetails.php in iScripts MultiCart 2.0 allows remote authenticated users to execute arbitrary SQL commands via the productid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5166", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5166" - }, - { - "name" : "27916", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27916" - }, - { - "name" : "29018", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in productdetails.php in iScripts MultiCart 2.0 allows remote authenticated users to execute arbitrary SQL commands via the productid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27916", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27916" + }, + { + "name": "5166", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5166" + }, + { + "name": "29018", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29018" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1255.json b/2008/1xxx/CVE-2008-1255.json index adc65107715..d1d0c2fd1e0 100644 --- a/2008/1xxx/CVE-2008-1255.json +++ b/2008/1xxx/CVE-2008-1255.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ZyXEL P-660HW series router maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080301 The Router Hacking Challenge is Over!", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489009/100/0/threaded" - }, - { - "name" : "http://www.gnucitizen.org/projects/router-hacking-challenge/", - "refsource" : "MISC", - "url" : "http://www.gnucitizen.org/projects/router-hacking-challenge/" - }, - { - "name" : "zyxel-p660hw-ip-authentication-bypass(41114)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ZyXEL P-660HW series router maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080301 The Router Hacking Challenge is Over!", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded" + }, + { + "name": "zyxel-p660hw-ip-authentication-bypass(41114)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41114" + }, + { + "name": "http://www.gnucitizen.org/projects/router-hacking-challenge/", + "refsource": "MISC", + "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1304.json b/2008/1xxx/CVE-2008-1304.json index e99422a9774..ce3ff4a42e6 100644 --- a/2008/1xxx/CVE-2008-1304.json +++ b/2008/1xxx/CVE-2008-1304.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080307 WordPress Multiple Cross-Site Scripting Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489241/100/0/threaded" - }, - { - "name" : "http://www.hackerscenter.com/index.php?/Latest-posts/114-WordPress-Multiple-Cross-Site-Scripting-Vulnerabilities.html?id=114", - "refsource" : "MISC", - "url" : "http://www.hackerscenter.com/index.php?/Latest-posts/114-WordPress-Multiple-Cross-Site-Scripting-Vulnerabilities.html?id=114" - }, - { - "name" : "28139", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28139" - }, - { - "name" : "1019564", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019564" - }, - { - "name" : "3732", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3732" - }, - { - "name" : "wordpress-invites-xss(41056)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41056" - }, - { - "name" : "wordpress-users-xss(41055)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080307 WordPress Multiple Cross-Site Scripting Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489241/100/0/threaded" + }, + { + "name": "http://www.hackerscenter.com/index.php?/Latest-posts/114-WordPress-Multiple-Cross-Site-Scripting-Vulnerabilities.html?id=114", + "refsource": "MISC", + "url": "http://www.hackerscenter.com/index.php?/Latest-posts/114-WordPress-Multiple-Cross-Site-Scripting-Vulnerabilities.html?id=114" + }, + { + "name": "wordpress-users-xss(41055)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41055" + }, + { + "name": "wordpress-invites-xss(41056)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41056" + }, + { + "name": "28139", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28139" + }, + { + "name": "3732", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3732" + }, + { + "name": "1019564", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019564" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1630.json b/2008/1xxx/CVE-2008-1630.json index 3054a90d93d..ac305e0c115 100644 --- a/2008/1xxx/CVE-2008-1630.json +++ b/2008/1xxx/CVE-2008-1630.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in CuteFlow 1.5.0 and 2.10.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) page/showcirculation.php; and (2) edittemplate_step2.php, (3) showfields.php, (4) showuser.php, (5) editmailinglist_step1.php, and (6) showtemplates.php in pages/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080329 CuteFlow Version 1.5.0 Multiple Remote Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490305/100/0/threaded" - }, - { - "name" : "28500", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28500" - }, - { - "name" : "29612", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29612" - }, - { - "name" : "3792", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3792" - }, - { - "name" : "cuteflow-language-xss(41537)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in CuteFlow 1.5.0 and 2.10.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) page/showcirculation.php; and (2) edittemplate_step2.php, (3) showfields.php, (4) showuser.php, (5) editmailinglist_step1.php, and (6) showtemplates.php in pages/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3792", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3792" + }, + { + "name": "28500", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28500" + }, + { + "name": "29612", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29612" + }, + { + "name": "20080329 CuteFlow Version 1.5.0 Multiple Remote Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490305/100/0/threaded" + }, + { + "name": "cuteflow-language-xss(41537)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41537" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5675.json b/2008/5xxx/CVE-2008-5675.json index f3b36cb7527..42965ed4e16 100644 --- a/2008/5xxx/CVE-2008-5675.json +++ b/2008/5xxx/CVE-2008-5675.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 has unknown impact and attack vectors related to \"Access problems with BasicAuthTAI.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007603", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007603" - }, - { - "name" : "PK75304", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK75304" - }, - { - "name" : "ADV-2008-3427", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3427" - }, - { - "name" : "50720", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/50720" - }, - { - "name" : "33132", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 has unknown impact and attack vectors related to \"Access problems with BasicAuthTAI.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33132", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33132" + }, + { + "name": "PK75304", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK75304" + }, + { + "name": "50720", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/50720" + }, + { + "name": "ADV-2008-3427", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3427" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27007603", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007603" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5768.json b/2008/5xxx/CVE-2008-5768.json index 24b2f112f7e..1194e245fc7 100644 --- a/2008/5xxx/CVE-2008-5768.json +++ b/2008/5xxx/CVE-2008-5768.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in print.php in the AM Events (aka Amevents) module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7479", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7479" - }, - { - "name" : "32848", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32848" - }, - { - "name" : "4854", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4854" - }, - { - "name" : "amevents-print-sql-injection(47360)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47360" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in print.php in the AM Events (aka Amevents) module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4854", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4854" + }, + { + "name": "amevents-print-sql-injection(47360)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47360" + }, + { + "name": "32848", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32848" + }, + { + "name": "7479", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7479" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5872.json b/2008/5xxx/CVE-2008-5872.json index 6df8240e1c8..a9418b7e335 100644 --- a/2008/5xxx/CVE-2008-5872.json +++ b/2008/5xxx/CVE-2008-5872.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client Manager (IPCM) in Nortel Multimedia Communication Server (MSC) 5100 3.0.13 allow remote attackers to cause a denial of service (device outage) via a UFTP message that has a negative block size or other crafted Connection Details values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://voipshield.com/research-details.php?id=120", - "refsource" : "MISC", - "url" : "http://voipshield.com/research-details.php?id=120" - }, - { - "name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=774845", - "refsource" : "CONFIRM", - "url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=774845" - }, - { - "name" : "31633", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31633" - }, - { - "name" : "ADV-2008-2779", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2779" - }, - { - "name" : "32203", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32203" - }, - { - "name" : "nortel-mcs-5100-uftp-dos(45751)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45751" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client Manager (IPCM) in Nortel Multimedia Communication Server (MSC) 5100 3.0.13 allow remote attackers to cause a denial of service (device outage) via a UFTP message that has a negative block size or other crafted Connection Details values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=774845", + "refsource": "CONFIRM", + "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=774845" + }, + { + "name": "nortel-mcs-5100-uftp-dos(45751)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45751" + }, + { + "name": "32203", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32203" + }, + { + "name": "ADV-2008-2779", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2779" + }, + { + "name": "http://voipshield.com/research-details.php?id=120", + "refsource": "MISC", + "url": "http://voipshield.com/research-details.php?id=120" + }, + { + "name": "31633", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31633" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0144.json b/2013/0xxx/CVE-2013-0144.json index 8a981a5ebeb..bb37afa6267 100644 --- a/2013/0xxx/CVE-2013-0144.json +++ b/2013/0xxx/CVE-2013-0144.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in cgi-bin/create_user.cgi on QNAP VioStor NVR devices with firmware 4.0.3 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a NEW USER action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-0144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#927644", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/927644" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in cgi-bin/create_user.cgi on QNAP VioStor NVR devices with firmware 4.0.3 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a NEW USER action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#927644", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/927644" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0196.json b/2013/0xxx/CVE-2013-0196.json index 2e652b2a615..5c914f5e268 100644 --- a/2013/0xxx/CVE-2013-0196.json +++ b/2013/0xxx/CVE-2013-0196.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0196", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0196", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0690.json b/2013/0xxx/CVE-2013-0690.json index 0c829118349..94eb42a099d 100644 --- a/2013/0xxx/CVE-2013-0690.json +++ b/2013/0xxx/CVE-2013-0690.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0690", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-0690", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0838.json b/2013/0xxx/CVE-2013-0838.json index f5f3f8f93e6..e94b779b24d 100644 --- a/2013/0xxx/CVE-2013-0838.json +++ b/2013/0xxx/CVE-2013-0838.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 24.0.1312.52 on Linux uses weak permissions for shared memory segments, which has unspecified impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-0838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=143859", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=143859" - }, - { - "name" : "openSUSE-SU-2013:0236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 24.0.1312.52 on Linux uses weak permissions for shared memory segments, which has unspecified impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:0236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=143859", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=143859" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3076.json b/2013/3xxx/CVE-2013-3076.json index 64adb1af29d..e9ad3ea37cd 100644 --- a/2013/3xxx/CVE-2013-3076.json +++ b/2013/3xxx/CVE-2013-3076.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/04/14/3" - }, - { - "name" : "https://github.com/torvalds/linux/commit/72a763d805a48ac8c0bf48fdb510e84c12de51fe", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/72a763d805a48ac8c0bf48fdb510e84c12de51fe" - }, - { - "name" : "FEDORA-2013-6537", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html" - }, - { - "name" : "FEDORA-2013-6999", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html" - }, - { - "name" : "openSUSE-SU-2013:1187", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html" - }, - { - "name" : "SUSE-SU-2013:1182", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html" - }, - { - "name" : "USN-1837-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1837-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:1187", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html" + }, + { + "name": "FEDORA-2013-6537", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html" + }, + { + "name": "FEDORA-2013-6999", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html" + }, + { + "name": "USN-1837-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1837-1" + }, + { + "name": "[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/04/14/3" + }, + { + "name": "https://github.com/torvalds/linux/commit/72a763d805a48ac8c0bf48fdb510e84c12de51fe", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/72a763d805a48ac8c0bf48fdb510e84c12de51fe" + }, + { + "name": "SUSE-SU-2013:1182", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3293.json b/2013/3xxx/CVE-2013-3293.json index 799b7c90742..b930800b847 100644 --- a/2013/3xxx/CVE-2013-3293.json +++ b/2013/3xxx/CVE-2013-3293.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3293", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3293", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3740.json b/2013/3xxx/CVE-2013-3740.json index b6f0055a4cc..c0b452c2b85 100644 --- a/2013/3xxx/CVE-2013-3740.json +++ b/2013/3xxx/CVE-2013-3740.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3740", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3740", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4287.json b/2013/4xxx/CVE-2013-4287.json index 155cf2b0365..6007a8bd507 100644 --- a/2013/4xxx/CVE-2013-4287.json +++ b/2013/4xxx/CVE-2013-4287.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130909 CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/09/10/1" - }, - { - "name" : "http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html", - "refsource" : "CONFIRM", - "url" : "http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html" - }, - { - "name" : "https://puppet.com/security/cve/cve-2013-4287", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/cve-2013-4287" - }, - { - "name" : "RHSA-2013:1427", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1427.html" - }, - { - "name" : "RHSA-2013:1441", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1441.html" - }, - { - "name" : "RHSA-2013:1523", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1523.html" - }, - { - "name" : "RHSA-2013:1852", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1852.html" - }, - { - "name" : "RHSA-2014:0207", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0207.html" - }, - { - "name" : "55381", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55381" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130909 CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/09/10/1" + }, + { + "name": "55381", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55381" + }, + { + "name": "RHSA-2013:1523", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1523.html" + }, + { + "name": "http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html", + "refsource": "CONFIRM", + "url": "http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html" + }, + { + "name": "https://puppet.com/security/cve/cve-2013-4287", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/cve-2013-4287" + }, + { + "name": "RHSA-2013:1427", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1427.html" + }, + { + "name": "RHSA-2013:1852", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html" + }, + { + "name": "RHSA-2013:1441", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1441.html" + }, + { + "name": "RHSA-2014:0207", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0207.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4392.json b/2013/4xxx/CVE-2013-4392.json index 19e0cc18792..f3d61f4d880 100644 --- a/2013/4xxx/CVE-2013-4392.json +++ b/2013/4xxx/CVE-2013-4392.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131001 Re: [CVE request] systemd", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/10/01/9" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=859060", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=859060" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=859060", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357" + }, + { + "name": "[oss-security] 20131001 Re: [CVE request] systemd", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/10/01/9" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4434.json b/2013/4xxx/CVE-2013-4434.json index 3da441a60c9..3c7bc47ebc9 100644 --- a/2013/4xxx/CVE-2013-4434.json +++ b/2013/4xxx/CVE-2013-4434.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131015 Re: CVE Request: dropbear sshd daemon 2013.59 release", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/10/16/11" - }, - { - "name" : "https://matt.ucc.asn.au/dropbear/CHANGES", - "refsource" : "CONFIRM", - "url" : "https://matt.ucc.asn.au/dropbear/CHANGES" - }, - { - "name" : "https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a", - "refsource" : "CONFIRM", - "url" : "https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a" - }, - { - "name" : "https://support.citrix.com/article/CTX216642", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX216642" - }, - { - "name" : "openSUSE-SU-2013:1616", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-10/msg00061.html" - }, - { - "name" : "openSUSE-SU-2013:1696", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00046.html" - }, - { - "name" : "62993", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62993" - }, - { - "name" : "55173", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55173" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55173", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55173" + }, + { + "name": "https://matt.ucc.asn.au/dropbear/CHANGES", + "refsource": "CONFIRM", + "url": "https://matt.ucc.asn.au/dropbear/CHANGES" + }, + { + "name": "62993", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62993" + }, + { + "name": "[oss-security] 20131015 Re: CVE Request: dropbear sshd daemon 2013.59 release", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/10/16/11" + }, + { + "name": "openSUSE-SU-2013:1696", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00046.html" + }, + { + "name": "https://support.citrix.com/article/CTX216642", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX216642" + }, + { + "name": "openSUSE-SU-2013:1616", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00061.html" + }, + { + "name": "https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a", + "refsource": "CONFIRM", + "url": "https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4556.json b/2013/4xxx/CVE-2013-4556.json index fe7701447de..fbfe8b2215a 100644 --- a/2013/4xxx/CVE-2013-4556.json +++ b/2013/4xxx/CVE-2013-4556.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131110 Re: CVE Request: multiple vulnerabilities in spip", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/11/10/4" - }, - { - "name" : "http://core.spip.org/projects/spip/repository/revisions/20879", - "refsource" : "CONFIRM", - "url" : "http://core.spip.org/projects/spip/repository/revisions/20879" - }, - { - "name" : "http://core.spip.org/projects/spip/repository/revisions/20880", - "refsource" : "CONFIRM", - "url" : "http://core.spip.org/projects/spip/repository/revisions/20880" - }, - { - "name" : "http://www.spip.net/fr_article5646.html", - "refsource" : "CONFIRM", - "url" : "http://www.spip.net/fr_article5646.html" - }, - { - "name" : "http://www.spip.net/fr_article5648.html", - "refsource" : "CONFIRM", - "url" : "http://www.spip.net/fr_article5648.html" - }, - { - "name" : "DSA-2794", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2013/dsa-2794" - }, - { - "name" : "1029317", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029317" - }, - { - "name" : "55551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2794", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2013/dsa-2794" + }, + { + "name": "http://core.spip.org/projects/spip/repository/revisions/20880", + "refsource": "CONFIRM", + "url": "http://core.spip.org/projects/spip/repository/revisions/20880" + }, + { + "name": "http://www.spip.net/fr_article5646.html", + "refsource": "CONFIRM", + "url": "http://www.spip.net/fr_article5646.html" + }, + { + "name": "1029317", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029317" + }, + { + "name": "[oss-security] 20131110 Re: CVE Request: multiple vulnerabilities in spip", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/11/10/4" + }, + { + "name": "55551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55551" + }, + { + "name": "http://www.spip.net/fr_article5648.html", + "refsource": "CONFIRM", + "url": "http://www.spip.net/fr_article5648.html" + }, + { + "name": "http://core.spip.org/projects/spip/repository/revisions/20879", + "refsource": "CONFIRM", + "url": "http://core.spip.org/projects/spip/repository/revisions/20879" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4811.json b/2013/4xxx/CVE-2013-4811.json index 2e3ec6e3bfe..03f511b2b7e 100644 --- a/2013/4xxx/CVE-2013-4811.json +++ b/2013/4xxx/CVE-2013-4811.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-4811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-13-226/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-13-226/" - }, - { - "name" : "HPSBPV02918", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409" - }, - { - "name" : "SSRT101116", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409" - }, - { - "name" : "1029010", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029010" - }, - { - "name" : "54788", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54788" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBPV02918", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409" + }, + { + "name": "SSRT101116", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409" + }, + { + "name": "1029010", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029010" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-13-226/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-13-226/" + }, + { + "name": "54788", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54788" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7122.json b/2013/7xxx/CVE-2013-7122.json index 4ac2f2c7c3c..7df67704ec3 100644 --- a/2013/7xxx/CVE-2013-7122.json +++ b/2013/7xxx/CVE-2013-7122.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7122", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-7122", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7249.json b/2013/7xxx/CVE-2013-7249.json index ceb602d7db5..733cc208ec6 100644 --- a/2013/7xxx/CVE-2013-7249.json +++ b/2013/7xxx/CVE-2013-7249.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a different vulnerability than CVE-2013-7224." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131224 Happy Holidays / Xmas Advisory", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Dec/199" - }, - { - "name" : "[oss-security] 20131228 Re: CVE request: Fat Free CRM multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/12/28/2" - }, - { - "name" : "http://www.phenoelit.org/stuff/ffcrm.txt", - "refsource" : "MISC", - "url" : "http://www.phenoelit.org/stuff/ffcrm.txt" - }, - { - "name" : "https://github.com/fatfreecrm/fat_free_crm/commit/cf26a04b356ad2161c4c6160260eb870a3de5328", - "refsource" : "CONFIRM", - "url" : "https://github.com/fatfreecrm/fat_free_crm/commit/cf26a04b356ad2161c4c6160260eb870a3de5328" - }, - { - "name" : "https://github.com/fatfreecrm/fat_free_crm/issues/300", - "refsource" : "CONFIRM", - "url" : "https://github.com/fatfreecrm/fat_free_crm/issues/300" - }, - { - "name" : "https://github.com/fatfreecrm/fat_free_crm/wiki/Fixing-security-vulnerabilities-%2827th-Dec-2013%29", - "refsource" : "CONFIRM", - "url" : "https://github.com/fatfreecrm/fat_free_crm/wiki/Fixing-security-vulnerabilities-%2827th-Dec-2013%29" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a different vulnerability than CVE-2013-7224." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131224 Happy Holidays / Xmas Advisory", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Dec/199" + }, + { + "name": "[oss-security] 20131228 Re: CVE request: Fat Free CRM multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/12/28/2" + }, + { + "name": "http://www.phenoelit.org/stuff/ffcrm.txt", + "refsource": "MISC", + "url": "http://www.phenoelit.org/stuff/ffcrm.txt" + }, + { + "name": "https://github.com/fatfreecrm/fat_free_crm/commit/cf26a04b356ad2161c4c6160260eb870a3de5328", + "refsource": "CONFIRM", + "url": "https://github.com/fatfreecrm/fat_free_crm/commit/cf26a04b356ad2161c4c6160260eb870a3de5328" + }, + { + "name": "https://github.com/fatfreecrm/fat_free_crm/issues/300", + "refsource": "CONFIRM", + "url": "https://github.com/fatfreecrm/fat_free_crm/issues/300" + }, + { + "name": "https://github.com/fatfreecrm/fat_free_crm/wiki/Fixing-security-vulnerabilities-%2827th-Dec-2013%29", + "refsource": "CONFIRM", + "url": "https://github.com/fatfreecrm/fat_free_crm/wiki/Fixing-security-vulnerabilities-%2827th-Dec-2013%29" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7449.json b/2013/7xxx/CVE-2013-7449.json index c86e9358b59..637275950f9 100644 --- a/2013/7xxx/CVE-2013-7449.json +++ b/2013/7xxx/CVE-2013-7449.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hexchat.readthedocs.org/en/latest/changelog.html", - "refsource" : "CONFIRM", - "url" : "http://hexchat.readthedocs.org/en/latest/changelog.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1081839", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1081839" - }, - { - "name" : "https://github.com/hexchat/hexchat/commit/c9b63f7f9be01692b03fa15275135a4910a7e02d", - "refsource" : "CONFIRM", - "url" : "https://github.com/hexchat/hexchat/commit/c9b63f7f9be01692b03fa15275135a4910a7e02d" - }, - { - "name" : "https://github.com/hexchat/hexchat/issues/524", - "refsource" : "CONFIRM", - "url" : "https://github.com/hexchat/hexchat/issues/524" - }, - { - "name" : "USN-2945-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2945-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/hexchat/hexchat/commit/c9b63f7f9be01692b03fa15275135a4910a7e02d", + "refsource": "CONFIRM", + "url": "https://github.com/hexchat/hexchat/commit/c9b63f7f9be01692b03fa15275135a4910a7e02d" + }, + { + "name": "USN-2945-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2945-1" + }, + { + "name": "https://github.com/hexchat/hexchat/issues/524", + "refsource": "CONFIRM", + "url": "https://github.com/hexchat/hexchat/issues/524" + }, + { + "name": "http://hexchat.readthedocs.org/en/latest/changelog.html", + "refsource": "CONFIRM", + "url": "http://hexchat.readthedocs.org/en/latest/changelog.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1081839", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1081839" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10404.json b/2017/10xxx/CVE-2017-10404.json index 1600f978fb5..785e6ff3fac 100644 --- a/2017/10xxx/CVE-2017-10404.json +++ b/2017/10xxx/CVE-2017-10404.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Reporting and Analytics", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.5.1" - }, - { - "version_affected" : "=", - "version_value" : "9.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: iQuery). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. While the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. While the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Reporting and Analytics", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.5.1" + }, + { + "version_affected": "=", + "version_value": "9.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101403", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: iQuery). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. While the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. While the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "101403", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101403" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10833.json b/2017/10xxx/CVE-2017-10833.json index 551e1cf1926..39310a3dbbf 100644 --- a/2017/10xxx/CVE-2017-10833.json +++ b/2017/10xxx/CVE-2017-10833.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-10833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "\"Dokodemo eye Smart HD\" SCR02HD", - "version" : { - "version_data" : [ - { - "version_value" : "Firmware 1.0.3.1000 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "NIPPON ANTENNA Co., Ltd" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "\"Dokodemo eye Smart HD\" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Fails to restrict access" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-10833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "\"Dokodemo eye Smart HD\" SCR02HD", + "version": { + "version_data": [ + { + "version_value": "Firmware 1.0.3.1000 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NIPPON ANTENNA Co., Ltd" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nippon-antenna.co.jp/product/ine/pdf/scr02hd_about_security.pdf", - "refsource" : "MISC", - "url" : "http://www.nippon-antenna.co.jp/product/ine/pdf/scr02hd_about_security.pdf" - }, - { - "name" : "JVN#87410770", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN87410770/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "\"Dokodemo eye Smart HD\" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to restrict access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.nippon-antenna.co.jp/product/ine/pdf/scr02hd_about_security.pdf", + "refsource": "MISC", + "url": "http://www.nippon-antenna.co.jp/product/ine/pdf/scr02hd_about_security.pdf" + }, + { + "name": "JVN#87410770", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN87410770/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10967.json b/2017/10xxx/CVE-2017-10967.json index af04ed9c585..08a5c2281e5 100644 --- a/2017/10xxx/CVE-2017-10967.json +++ b/2017/10xxx/CVE-2017-10967.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In FineCMS before 2017-07-06, application\\core\\controller\\config.php allows XSS in the (1) key_name, (2) key_value, and (3) meaning parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/andrzuk/FineCMS/pull/9", - "refsource" : "CONFIRM", - "url" : "https://github.com/andrzuk/FineCMS/pull/9" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In FineCMS before 2017-07-06, application\\core\\controller\\config.php allows XSS in the (1) key_name, (2) key_value, and (3) meaning parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/andrzuk/FineCMS/pull/9", + "refsource": "CONFIRM", + "url": "https://github.com/andrzuk/FineCMS/pull/9" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12616.json b/2017/12xxx/CVE-2017-12616.json index ba7049acc48..742856295c2 100644 --- a/2017/12xxx/CVE-2017-12616.json +++ b/2017/12xxx/CVE-2017-12616.json @@ -1,108 +1,108 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2017-09-19T00:00:00", - "ID" : "CVE-2017-12616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Tomcat", - "version" : { - "version_data" : [ - { - "version_value" : "7.0.0 to 7.0.80" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2017-09-19T00:00:00", + "ID": "CVE-2017-12616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Tomcat", + "version": { + "version_data": [ + { + "version_value": "7.0.0 to 7.0.80" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[announce] 20170919 [SECURITY] CVE-2017-12616 Apache Tomcat Information Disclosure", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/1df9b4552464caa42047062fe7175da0da06c18ecc8daf99258bbda6@%3Cannounce.tomcat.apache.org%3E" - }, - { - "name" : "[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171018-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171018-0001/" - }, - { - "name" : "https://www.synology.com/support/security/Synology_SA_17_54_Tomcat", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/support/security/Synology_SA_17_54_Tomcat" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us" - }, - { - "name" : "RHSA-2018:0465", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0465" - }, - { - "name" : "RHSA-2018:0466", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0466" - }, - { - "name" : "USN-3665-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3665-1/" - }, - { - "name" : "100897", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100897" - }, - { - "name" : "1039393", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039393" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039393", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039393" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us" + }, + { + "name": "https://www.synology.com/support/security/Synology_SA_17_54_Tomcat", + "refsource": "CONFIRM", + "url": "https://www.synology.com/support/security/Synology_SA_17_54_Tomcat" + }, + { + "name": "RHSA-2018:0465", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0465" + }, + { + "name": "USN-3665-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3665-1/" + }, + { + "name": "100897", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100897" + }, + { + "name": "RHSA-2018:0466", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0466" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20171018-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171018-0001/" + }, + { + "name": "[announce] 20170919 [SECURITY] CVE-2017-12616 Apache Tomcat Information Disclosure", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/1df9b4552464caa42047062fe7175da0da06c18ecc8daf99258bbda6@%3Cannounce.tomcat.apache.org%3E" + }, + { + "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12763.json b/2017/12xxx/CVE-2017-12763.json index ad07adaa33f..86b9427165a 100644 --- a/2017/12xxx/CVE-2017-12763.json +++ b/2017/12xxx/CVE-2017-12763.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12763", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.nomachine.com/SU08O00185", - "refsource" : "CONFIRM", - "url" : "https://www.nomachine.com/SU08O00185" - }, - { - "name" : "https://www.nomachine.com/forums/topic/security-advisory-nomachine-privileges-escalation-vulnerability", - "refsource" : "CONFIRM", - "url" : "https://www.nomachine.com/forums/topic/security-advisory-nomachine-privileges-escalation-vulnerability" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.nomachine.com/SU08O00185", + "refsource": "CONFIRM", + "url": "https://www.nomachine.com/SU08O00185" + }, + { + "name": "https://www.nomachine.com/forums/topic/security-advisory-nomachine-privileges-escalation-vulnerability", + "refsource": "CONFIRM", + "url": "https://www.nomachine.com/forums/topic/security-advisory-nomachine-privileges-escalation-vulnerability" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12951.json b/2017/12xxx/CVE-2017-12951.json index ef2b1f60a1c..8cfa747cf11 100644 --- a/2017/12xxx/CVE-2017-12951.json +++ b/2017/12xxx/CVE-2017-12951.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted gig file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42546", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42546/" - }, - { - "name" : "20170822 libgig-LinuxSampler multiple vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Aug/39" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted gig file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20170822 libgig-LinuxSampler multiple vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Aug/39" + }, + { + "name": "42546", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42546/" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12979.json b/2017/12xxx/CVE-2017-12979.json index fd7a342e86f..1171c9cec03 100644 --- a/2017/12xxx/CVE-2017-12979.json +++ b/2017/12xxx/CVE-2017-12979.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/splitbrain/dokuwiki/issues/2080", - "refsource" : "CONFIRM", - "url" : "https://github.com/splitbrain/dokuwiki/issues/2080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/splitbrain/dokuwiki/issues/2080", + "refsource": "CONFIRM", + "url": "https://github.com/splitbrain/dokuwiki/issues/2080" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13412.json b/2017/13xxx/CVE-2017-13412.json index ed701567b25..8eed5c1d977 100644 --- a/2017/13xxx/CVE-2017-13412.json +++ b/2017/13xxx/CVE-2017-13412.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13412", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13412", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13555.json b/2017/13xxx/CVE-2017-13555.json index acc97877608..c4f9194f905 100644 --- a/2017/13xxx/CVE-2017-13555.json +++ b/2017/13xxx/CVE-2017-13555.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13555", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13555", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13777.json b/2017/13xxx/CVE-2017-13777.json index c924c14d446..41b89e7ccf2 100644 --- a/2017/13xxx/CVE-2017-13777.json +++ b/2017/13xxx/CVE-2017-13777.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c \"Read hex image data\" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html" - }, - { - "name" : "http://openwall.com/lists/oss-security/2017/08/31/1", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2017/08/31/1" - }, - { - "name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e", - "refsource" : "CONFIRM", - "url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e" - }, - { - "name" : "DSA-4321", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4321" - }, - { - "name" : "100575", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100575" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c \"Read hex image data\" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100575", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100575" + }, + { + "name": "DSA-4321", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4321" + }, + { + "name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/08/31/1", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2017/08/31/1" + }, + { + "name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e", + "refsource": "CONFIRM", + "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16054.json b/2017/16xxx/CVE-2017-16054.json index 9fc192f1b2a..10ac07d61e4 100644 --- a/2017/16xxx/CVE-2017-16054.json +++ b/2017/16xxx/CVE-2017-16054.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "nodefabric node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "`nodefabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Embedded Malicious Code (CWE-506)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "nodefabric node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/488", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/488" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "`nodefabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Embedded Malicious Code (CWE-506)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/488", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/488" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17265.json b/2017/17xxx/CVE-2017-17265.json index fc121210cdc..e8475a31657 100644 --- a/2017/17xxx/CVE-2017-17265.json +++ b/2017/17xxx/CVE-2017-17265.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17265", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17265", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17276.json b/2017/17xxx/CVE-2017-17276.json index f8dd2dfa7c7..95b0f9116c9 100644 --- a/2017/17xxx/CVE-2017-17276.json +++ b/2017/17xxx/CVE-2017-17276.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17276", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17276", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17576.json b/2017/17xxx/CVE-2017-17576.json index b758852e7b9..4d4234a95d1 100644 --- a/2017/17xxx/CVE-2017-17576.json +++ b/2017/17xxx/CVE-2017-17576.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43254", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43254/" - }, - { - "name" : "https://packetstormsecurity.com/files/145316/FS-Gigs-Script-1.0-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/145316/FS-Gigs-Script-1.0-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43254", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43254/" + }, + { + "name": "https://packetstormsecurity.com/files/145316/FS-Gigs-Script-1.0-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/145316/FS-Gigs-Script-1.0-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18018.json b/2018/18xxx/CVE-2018-18018.json index ffd1dcf92f3..0b0d5bd9481 100644 --- a/2018/18xxx/CVE-2018-18018.json +++ b/2018/18xxx/CVE-2018-18018.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18018", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18018", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18211.json b/2018/18xxx/CVE-2018-18211.json index 529d4d5239f..2e2374f4b13 100644 --- a/2018/18xxx/CVE-2018-18211.json +++ b/2018/18xxx/CVE-2018-18211.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Pbootcms/Pbootcms/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/Pbootcms/Pbootcms/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Pbootcms/Pbootcms/issues/1", + "refsource": "MISC", + "url": "https://github.com/Pbootcms/Pbootcms/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18376.json b/2018/18xxx/CVE-2018-18376.json index ab85489a0c7..841e30528a2 100644 --- a/2018/18xxx/CVE-2018-18376.json +++ b/2018/18xxx/CVE-2018-18376.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/remix30303/AirboxLeak", - "refsource" : "MISC", - "url" : "https://github.com/remix30303/AirboxLeak" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/remix30303/AirboxLeak", + "refsource": "MISC", + "url": "https://github.com/remix30303/AirboxLeak" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18629.json b/2018/18xxx/CVE-2018-18629.json index 34536b0ab5f..e279d3cee2d 100644 --- a/2018/18xxx/CVE-2018-18629.json +++ b/2018/18xxx/CVE-2018-18629.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/426944", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/426944" - }, - { - "name" : "https://blog.mirch.io/2018/12/21/cve-2018-18629-keybase-linux-privilege-escalation/", - "refsource" : "MISC", - "url" : "https://blog.mirch.io/2018/12/21/cve-2018-18629-keybase-linux-privilege-escalation/" - }, - { - "name" : "https://keybase.io/docs/secadv/kb002", - "refsource" : "CONFIRM", - "url" : "https://keybase.io/docs/secadv/kb002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://keybase.io/docs/secadv/kb002", + "refsource": "CONFIRM", + "url": "https://keybase.io/docs/secadv/kb002" + }, + { + "name": "https://blog.mirch.io/2018/12/21/cve-2018-18629-keybase-linux-privilege-escalation/", + "refsource": "MISC", + "url": "https://blog.mirch.io/2018/12/21/cve-2018-18629-keybase-linux-privilege-escalation/" + }, + { + "name": "https://hackerone.com/reports/426944", + "refsource": "MISC", + "url": "https://hackerone.com/reports/426944" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19121.json b/2018/19xxx/CVE-2018-19121.json index e7aeac8c1cc..35268d75115 100644 --- a/2018/19xxx/CVE-2018-19121.json +++ b/2018/19xxx/CVE-2018-19121.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue has been found in libIEC61850 v1.3. It is a SEGV in Ethernet_receivePacket in ethernet_bsd.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/fouzhe/security/tree/master/libiec61850#segv-in-function-ethernet_receivepacket", - "refsource" : "MISC", - "url" : "https://github.com/fouzhe/security/tree/master/libiec61850#segv-in-function-ethernet_receivepacket" - }, - { - "name" : "https://github.com/mz-automation/libiec61850/issues/85", - "refsource" : "MISC", - "url" : "https://github.com/mz-automation/libiec61850/issues/85" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue has been found in libIEC61850 v1.3. It is a SEGV in Ethernet_receivePacket in ethernet_bsd.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/fouzhe/security/tree/master/libiec61850#segv-in-function-ethernet_receivepacket", + "refsource": "MISC", + "url": "https://github.com/fouzhe/security/tree/master/libiec61850#segv-in-function-ethernet_receivepacket" + }, + { + "name": "https://github.com/mz-automation/libiec61850/issues/85", + "refsource": "MISC", + "url": "https://github.com/mz-automation/libiec61850/issues/85" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19289.json b/2018/19xxx/CVE-2018-19289.json index 9e8e3a7e7cf..63edf54f53b 100644 --- a/2018/19xxx/CVE-2018-19289.json +++ b/2018/19xxx/CVE-2018-19289.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/xCss/Valine/issues/127", - "refsource" : "MISC", - "url" : "https://github.com/xCss/Valine/issues/127" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/xCss/Valine/issues/127", + "refsource": "MISC", + "url": "https://github.com/xCss/Valine/issues/127" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19333.json b/2018/19xxx/CVE-2018-19333.json index b3624aa4d63..c234aa4daf9 100644 --- a/2018/19xxx/CVE-2018-19333.json +++ b/2018/19xxx/CVE-2018-19333.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19333", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via vectors involving IPC_RMID shmctl calls, because reference counting is mishandled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19333", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/google/gvisor/commit/0e277a39c8b6f905e289b75e8ad0594e6b3562ca", - "refsource" : "MISC", - "url" : "https://github.com/google/gvisor/commit/0e277a39c8b6f905e289b75e8ad0594e6b3562ca" - }, - { - "name" : "https://justi.cz/security/2018/11/14/gvisor-lpe.html", - "refsource" : "MISC", - "url" : "https://justi.cz/security/2018/11/14/gvisor-lpe.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via vectors involving IPC_RMID shmctl calls, because reference counting is mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://justi.cz/security/2018/11/14/gvisor-lpe.html", + "refsource": "MISC", + "url": "https://justi.cz/security/2018/11/14/gvisor-lpe.html" + }, + { + "name": "https://github.com/google/gvisor/commit/0e277a39c8b6f905e289b75e8ad0594e6b3562ca", + "refsource": "MISC", + "url": "https://github.com/google/gvisor/commit/0e277a39c8b6f905e289b75e8ad0594e6b3562ca" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19393.json b/2018/19xxx/CVE-2018-19393.json index 0cd1854cfc7..640a0c8eb5a 100644 --- a/2018/19xxx/CVE-2018-19393.json +++ b/2018/19xxx/CVE-2018-19393.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file. This was exploitable via multiple attack vectors depending on the device's configuration. Further analysis also indicated this vulnerability could be leveraged to achieve a Denial of Service (DoS) condition, where the device would require a factory reset to return to normal operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cyberskr.com/blog/cobham-satcom-800-900.html", - "refsource" : "MISC", - "url" : "https://cyberskr.com/blog/cobham-satcom-800-900.html" - }, - { - "name" : "https://gist.github.com/CyberSKR/1ade6d887039465d635e27fcbcc817a3", - "refsource" : "MISC", - "url" : "https://gist.github.com/CyberSKR/1ade6d887039465d635e27fcbcc817a3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file. This was exploitable via multiple attack vectors depending on the device's configuration. Further analysis also indicated this vulnerability could be leveraged to achieve a Denial of Service (DoS) condition, where the device would require a factory reset to return to normal operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/CyberSKR/1ade6d887039465d635e27fcbcc817a3", + "refsource": "MISC", + "url": "https://gist.github.com/CyberSKR/1ade6d887039465d635e27fcbcc817a3" + }, + { + "name": "https://cyberskr.com/blog/cobham-satcom-800-900.html", + "refsource": "MISC", + "url": "https://cyberskr.com/blog/cobham-satcom-800-900.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1076.json b/2018/1xxx/CVE-2018-1076.json index 4216cb7ec2f..63dbbce59ca 100644 --- a/2018/1xxx/CVE-2018-1076.json +++ b/2018/1xxx/CVE-2018-1076.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1076", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1076", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1361.json b/2018/1xxx/CVE-2018-1361.json index 1b09df4d86a..b115e673a7a 100644 --- a/2018/1xxx/CVE-2018-1361.json +++ b/2018/1xxx/CVE-2018-1361.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-01-09T00:00:00", - "ID" : "CVE-2018-1361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Portal", - "version" : { - "version_data" : [ - { - "version_value" : "8.5" - }, - { - "version_value" : "9.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137158." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-01-09T00:00:00", + "ID": "CVE-2018-1361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Portal", + "version": { + "version_data": [ + { + "version_value": "8.5" + }, + { + "version_value": "9.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137158", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137158" - }, - { - "name" : "https://www.ibm.com/support/docview.wss?uid=swg22012409", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=swg22012409" - }, - { - "name" : "102501", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102501" - }, - { - "name" : "1040132", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137158." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/docview.wss?uid=swg22012409", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=swg22012409" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137158", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137158" + }, + { + "name": "1040132", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040132" + }, + { + "name": "102501", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102501" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1537.json b/2018/1xxx/CVE-2018-1537.json index 3946da5774d..a6b3939275b 100644 --- a/2018/1xxx/CVE-2018-1537.json +++ b/2018/1xxx/CVE-2018-1537.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1537", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1537", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1605.json b/2018/1xxx/CVE-2018-1605.json index 39e9d4bf7c9..394e9f79697 100644 --- a/2018/1xxx/CVE-2018-1605.json +++ b/2018/1xxx/CVE-2018-1605.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-10-01T00:00:00", - "ID" : "CVE-2018-1605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Quality Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - }, - { - "version_value" : "6.0.6" - }, - { - "version_value" : "5.01" - }, - { - "version_value" : "5.02" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143795." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-10-01T00:00:00", + "ID": "CVE-2018-1605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Quality Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + }, + { + "version_value": "6.0.6" + }, + { + "version_value": "5.01" + }, + { + "version_value": "5.02" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10733078", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10733078" - }, - { - "name" : "ibm-rqm-cve20181605-xss(143795)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/143795" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143795." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10733078", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733078" + }, + { + "name": "ibm-rqm-cve20181605-xss(143795)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143795" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1945.json b/2018/1xxx/CVE-2018-1945.json index 13360383a3e..5d01af3e138 100644 --- a/2018/1xxx/CVE-2018-1945.json +++ b/2018/1xxx/CVE-2018-1945.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-02-18T00:00:00", - "ID" : "CVE-2018-1945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Identity Governance and Intelligence", - "version" : { - "version_data" : [ - { - "version_value" : "5.2" - }, - { - "version_value" : "5.2.1" - }, - { - "version_value" : "5.2.2" - }, - { - "version_value" : "5.2.2.1" - }, - { - "version_value" : "5.2.3" - }, - { - "version_value" : "5.2.3.1" - }, - { - "version_value" : "5.2.3.2" - }, - { - "version_value" : "5.2.4" - }, - { - "version_value" : "5.2.4.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 153387." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "N", - "S" : "C", - "SCORE" : "6.100", - "UI" : "R" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-02-18T00:00:00", + "ID": "CVE-2018-1945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Identity Governance and Intelligence", + "version": { + "version_data": [ + { + "version_value": "5.2" + }, + { + "version_value": "5.2.1" + }, + { + "version_value": "5.2.2" + }, + { + "version_value": "5.2.2.1" + }, + { + "version_value": "5.2.3" + }, + { + "version_value": "5.2.3.1" + }, + { + "version_value": "5.2.3.2" + }, + { + "version_value": "5.2.4" + }, + { + "version_value": "5.2.4.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142" - }, - { - "name" : "ibm-sig-cve20181945-clickjacking(153387)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153387" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 153387." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "N", + "S": "C", + "SCORE": "6.100", + "UI": "R" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10872142", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10872142" + }, + { + "name": "ibm-sig-cve20181945-clickjacking(153387)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153387" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5141.json b/2018/5xxx/CVE-2018-5141.json index 42dd42357a6..f24eef26f97 100644 --- a/2018/5xxx/CVE-2018-5141.json +++ b/2018/5xxx/CVE-2018-5141.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-5141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "59" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox < 59." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DOS attack through notifications Push API" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-5141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "59" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1429093", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1429093" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-06/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-06/" - }, - { - "name" : "USN-3596-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3596-1/" - }, - { - "name" : "103386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103386" - }, - { - "name" : "1040514", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox < 59." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DOS attack through notifications Push API" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103386" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1429093", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1429093" + }, + { + "name": "1040514", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040514" + }, + { + "name": "USN-3596-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3596-1/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-06/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-06/" + } + ] + } +} \ No newline at end of file