From 77b46a0c418c77dbc83553e4349b6b4a3bdfeea1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:58:43 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2008/0xxx/CVE-2008-0017.json | 440 ++++++++++++++--------------- 2008/0xxx/CVE-2008-0084.json | 200 ++++++------- 2008/0xxx/CVE-2008-0203.json | 150 +++++----- 2008/3xxx/CVE-2008-3249.json | 170 +++++------ 2008/3xxx/CVE-2008-3380.json | 170 +++++------ 2008/3xxx/CVE-2008-3417.json | 160 +++++------ 2008/3xxx/CVE-2008-3743.json | 200 ++++++------- 2008/4xxx/CVE-2008-4144.json | 150 +++++----- 2008/4xxx/CVE-2008-4658.json | 160 +++++------ 2008/6xxx/CVE-2008-6335.json | 150 +++++----- 2013/2xxx/CVE-2013-2203.json | 150 +++++----- 2013/2xxx/CVE-2013-2481.json | 220 +++++++-------- 2013/2xxx/CVE-2013-2542.json | 34 +-- 2013/2xxx/CVE-2013-2760.json | 130 ++++----- 2013/2xxx/CVE-2013-2821.json | 120 ++++---- 2013/3xxx/CVE-2013-3614.json | 120 ++++---- 2013/6xxx/CVE-2013-6579.json | 34 +-- 2013/6xxx/CVE-2013-6613.json | 34 +-- 2013/6xxx/CVE-2013-6696.json | 120 ++++---- 2013/6xxx/CVE-2013-6948.json | 130 ++++----- 2013/6xxx/CVE-2013-6974.json | 160 +++++------ 2013/7xxx/CVE-2013-7031.json | 34 +-- 2017/10xxx/CVE-2017-10223.json | 150 +++++----- 2017/10xxx/CVE-2017-10249.json | 150 +++++----- 2017/10xxx/CVE-2017-10445.json | 34 +-- 2017/10xxx/CVE-2017-10522.json | 34 +-- 2017/10xxx/CVE-2017-10647.json | 34 +-- 2017/10xxx/CVE-2017-10661.json | 210 +++++++------- 2017/14xxx/CVE-2017-14248.json | 130 ++++----- 2017/14xxx/CVE-2017-14318.json | 160 +++++------ 2017/14xxx/CVE-2017-14594.json | 128 ++++----- 2017/15xxx/CVE-2017-15159.json | 34 +-- 2017/15xxx/CVE-2017-15959.json | 130 ++++----- 2017/17xxx/CVE-2017-17603.json | 130 ++++----- 2017/17xxx/CVE-2017-17976.json | 130 ++++----- 2017/9xxx/CVE-2017-9341.json | 34 +-- 2017/9xxx/CVE-2017-9350.json | 170 +++++------ 2017/9xxx/CVE-2017-9456.json | 34 +-- 2017/9xxx/CVE-2017-9767.json | 140 ++++----- 2018/0xxx/CVE-2018-0235.json | 130 ++++----- 2018/0xxx/CVE-2018-0377.json | 130 ++++----- 2018/0xxx/CVE-2018-0528.json | 130 ++++----- 2018/1000xxx/CVE-2018-1000883.json | 136 ++++----- 2018/16xxx/CVE-2018-16056.json | 170 +++++------ 2018/19xxx/CVE-2018-19050.json | 120 ++++---- 2018/19xxx/CVE-2018-19187.json | 130 ++++----- 2018/19xxx/CVE-2018-19700.json | 130 ++++----- 2018/19xxx/CVE-2018-19765.json | 130 ++++----- 2018/19xxx/CVE-2018-19824.json | 170 +++++------ 2018/1xxx/CVE-2018-1839.json | 34 +-- 2018/4xxx/CVE-2018-4562.json | 34 +-- 2018/4xxx/CVE-2018-4648.json | 34 +-- 2018/4xxx/CVE-2018-4771.json | 34 +-- 53 files changed, 3290 insertions(+), 3290 deletions(-) diff --git a/2008/0xxx/CVE-2008-0017.json b/2008/0xxx/CVE-2008-0017.json index dd20b9a7153..eb2080f2f75 100644 --- a/2008/0xxx/CVE-2008-0017.json +++ b/2008/0xxx/CVE-2008-0017.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081113 Mozilla Unchecked Allocation Remote Code Execution", - "refsource" : "ISS", - "url" : "http://www.iss.net/threats/311.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=443299", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=443299" - }, - { - "name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-54.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-54.html" - }, - { - "name" : "DSA-1669", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1669" - }, - { - "name" : "DSA-1671", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1671" - }, - { - "name" : "DSA-1697", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1697" - }, - { - "name" : "FEDORA-2008-9669", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html" - }, - { - "name" : "FEDORA-2008-9667", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html" - }, - { - "name" : "MDVSA-2008:228", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:228" - }, - { - "name" : "MDVSA-2008:230", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:230" - }, - { - "name" : "RHSA-2008:0977", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0977.html" - }, - { - "name" : "RHSA-2008:0978", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0978.html" - }, - { - "name" : "256408", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" - }, - { - "name" : "SUSE-SA:2008:055", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html" - }, - { - "name" : "USN-667-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-667-1" - }, - { - "name" : "TA08-319A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-319A.html" - }, - { - "name" : "32281", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32281" - }, - { - "name" : "oval:org.mitre.oval:def:11005", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11005" - }, - { - "name" : "1021185", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021185" - }, - { - "name" : "34501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34501" - }, - { - "name" : "32684", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32684" - }, - { - "name" : "32713", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32713" - }, - { - "name" : "32778", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32778" - }, - { - "name" : "32853", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32853" - }, - { - "name" : "ADV-2008-3146", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3146" - }, - { - "name" : "32721", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32721" - }, - { - "name" : "32845", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32845" - }, - { - "name" : "32693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32693" - }, - { - "name" : "32694", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32694" - }, - { - "name" : "32695", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32695" - }, - { - "name" : "32714", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32714" - }, - { - "name" : "33433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33433" - }, - { - "name" : "ADV-2009-0977", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-3146", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3146" + }, + { + "name": "1021185", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021185" + }, + { + "name": "DSA-1697", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1697" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=443299", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=443299" + }, + { + "name": "DSA-1671", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1671" + }, + { + "name": "32281", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32281" + }, + { + "name": "FEDORA-2008-9667", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html" + }, + { + "name": "32713", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32713" + }, + { + "name": "RHSA-2008:0977", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0977.html" + }, + { + "name": "MDVSA-2008:230", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:230" + }, + { + "name": "ADV-2009-0977", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0977" + }, + { + "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-54.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-54.html" + }, + { + "name": "32695", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32695" + }, + { + "name": "RHSA-2008:0978", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0978.html" + }, + { + "name": "DSA-1669", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1669" + }, + { + "name": "32778", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32778" + }, + { + "name": "FEDORA-2008-9669", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html" + }, + { + "name": "33433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33433" + }, + { + "name": "256408", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" + }, + { + "name": "SUSE-SA:2008:055", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html" + }, + { + "name": "32694", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32694" + }, + { + "name": "32721", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32721" + }, + { + "name": "TA08-319A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-319A.html" + }, + { + "name": "32853", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32853" + }, + { + "name": "oval:org.mitre.oval:def:11005", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11005" + }, + { + "name": "32693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32693" + }, + { + "name": "MDVSA-2008:228", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:228" + }, + { + "name": "32845", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32845" + }, + { + "name": "20081113 Mozilla Unchecked Allocation Remote Code Execution", + "refsource": "ISS", + "url": "http://www.iss.net/threats/311.html" + }, + { + "name": "32684", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32684" + }, + { + "name": "USN-667-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-667-1" + }, + { + "name": "32714", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32714" + }, + { + "name": "34501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34501" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0084.json b/2008/0xxx/CVE-2008-0084.json index f5221ab681f..6e577bf49f9 100644 --- a/2008/0xxx/CVE-2008-0084.json +++ b/2008/0xxx/CVE-2008-0084.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the TCP/IP support in Microsoft Windows Vista allows remote DHCP servers to cause a denial of service (hang and restart) via a crafted DHCP packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-0084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02314", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=120361015026386&w=2" - }, - { - "name" : "SSRT080016", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=120361015026386&w=2" - }, - { - "name" : "MS08-004", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-004" - }, - { - "name" : "TA08-043C", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-043C.html" - }, - { - "name" : "27634", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27634" - }, - { - "name" : "ADV-2008-0506", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0506/references" - }, - { - "name" : "oval:org.mitre.oval:def:5240", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5240" - }, - { - "name" : "1019383", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019383" - }, - { - "name" : "28828", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28828" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the TCP/IP support in Microsoft Windows Vista allows remote DHCP servers to cause a denial of service (hang and restart) via a crafted DHCP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28828", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28828" + }, + { + "name": "MS08-004", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-004" + }, + { + "name": "HPSBST02314", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=120361015026386&w=2" + }, + { + "name": "ADV-2008-0506", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0506/references" + }, + { + "name": "1019383", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019383" + }, + { + "name": "SSRT080016", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=120361015026386&w=2" + }, + { + "name": "27634", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27634" + }, + { + "name": "TA08-043C", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html" + }, + { + "name": "oval:org.mitre.oval:def:5240", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5240" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0203.json b/2008/0xxx/CVE-2008-0203.json index c304482ebe5..0fccb4b77f8 100644 --- a/2008/0xxx/CVE-2008-0203.json +++ b/2008/0xxx/CVE-2008-0203.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/admin.php in the Cryptographp 1.2 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cryptwidth, (2) cryptheight, (3) bgimg, (4) charR, (5) charG, (6) charB, (7) charclear, (8) tfont, (9) charel, (10) charelc, (11) charelv, (12) charnbmin, (13) charnbmax, (14) charspace, (15) charsizemin, (16) charsizemax, (17) charanglemax, (18) noisepxmin, (19) noisepxmax, (20) noiselinemin, (21) noiselinemax, (22) nbcirclemin, (23) nbcirclemax, or (24) brushsize parameter to wp-admin/options-general.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080103 securityvulns.com russian vulnerabilities digest", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485786/100/0/threaded" - }, - { - "name" : "20080103 securityvulns.com russian vulnerabilities digest", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html" - }, - { - "name" : "http://websecurity.com.ua/1596/", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/1596/" - }, - { - "name" : "3539", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/admin.php in the Cryptographp 1.2 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cryptwidth, (2) cryptheight, (3) bgimg, (4) charR, (5) charG, (6) charB, (7) charclear, (8) tfont, (9) charel, (10) charelc, (11) charelv, (12) charnbmin, (13) charnbmax, (14) charspace, (15) charsizemin, (16) charsizemax, (17) charanglemax, (18) noisepxmin, (19) noisepxmax, (20) noiselinemin, (21) noiselinemax, (22) nbcirclemin, (23) nbcirclemax, or (24) brushsize parameter to wp-admin/options-general.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080103 securityvulns.com russian vulnerabilities digest", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html" + }, + { + "name": "http://websecurity.com.ua/1596/", + "refsource": "MISC", + "url": "http://websecurity.com.ua/1596/" + }, + { + "name": "20080103 securityvulns.com russian vulnerabilities digest", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded" + }, + { + "name": "3539", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3539" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3249.json b/2008/3xxx/CVE-2008-3249.json index 2a5e7e8cf3f..5bf90011138 100644 --- a/2008/3xxx/CVE-2008-3249.json +++ b/2008/3xxx/CVE-2008-3249.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080525 SECOBJADV-2008-01: Lenovo SystemUpdate SSL Certificate Issuer Spoofing Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492579" - }, - { - "name" : "http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt", - "refsource" : "MISC", - "url" : "http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt" - }, - { - "name" : "29366", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29366" - }, - { - "name" : "1020112", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020112" - }, - { - "name" : "30379", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30379" - }, - { - "name" : "ibm-thinkvantage-ssl-spoofing(42638)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30379", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30379" + }, + { + "name": "http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt", + "refsource": "MISC", + "url": "http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt" + }, + { + "name": "29366", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29366" + }, + { + "name": "20080525 SECOBJADV-2008-01: Lenovo SystemUpdate SSL Certificate Issuer Spoofing Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492579" + }, + { + "name": "ibm-thinkvantage-ssl-spoofing(42638)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42638" + }, + { + "name": "1020112", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020112" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3380.json b/2008/3xxx/CVE-2008-3380.json index afc05847cc2..6c39f90dad4 100644 --- a/2008/3xxx/CVE-2008-3380.json +++ b/2008/3xxx/CVE-2008-3380.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ajaxp_backend.php in MyioSoft EasyBookMarker 4.0 trial edition (tr) allows remote attackers to inject arbitrary web script or HTML via the rs parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080719 Easybookmarker 40tr Xss Vulnerability By Khashayar Fereidani", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494550/100/0/threaded" - }, - { - "name" : "30304", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30304" - }, - { - "name" : "ADV-2008-2165", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2165/references" - }, - { - "name" : "31191", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31191" - }, - { - "name" : "4072", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4072" - }, - { - "name" : "easybookmarker-ajaxpbackend-xss(43918)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43918" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ajaxp_backend.php in MyioSoft EasyBookMarker 4.0 trial edition (tr) allows remote attackers to inject arbitrary web script or HTML via the rs parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "easybookmarker-ajaxpbackend-xss(43918)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43918" + }, + { + "name": "30304", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30304" + }, + { + "name": "ADV-2008-2165", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2165/references" + }, + { + "name": "31191", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31191" + }, + { + "name": "4072", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4072" + }, + { + "name": "20080719 Easybookmarker 40tr Xss Vulnerability By Khashayar Fereidani", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494550/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3417.json b/2008/3xxx/CVE-2008-3417.json index daae142397f..47bd7eead0c 100644 --- a/2008/3xxx/CVE-2008-3417.json +++ b/2008/3xxx/CVE-2008-3417.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3417", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in home/index.asp in fipsCMS light 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the r parameter, a different vector than CVE-2006-6115 and CVE-2007-2561." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6135", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6135" - }, - { - "name" : "30380", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30380" - }, - { - "name" : "31250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31250" - }, - { - "name" : "4095", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4095" - }, - { - "name" : "fipscmslight-index-sql-injection(44022)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44022" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in home/index.asp in fipsCMS light 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the r parameter, a different vector than CVE-2006-6115 and CVE-2007-2561." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6135", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6135" + }, + { + "name": "31250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31250" + }, + { + "name": "30380", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30380" + }, + { + "name": "4095", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4095" + }, + { + "name": "fipscmslight-index-sql-injection(44022)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44022" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3743.json b/2008/3xxx/CVE-2008-3743.json index fd768c9c1e0..94f83bae5b5 100644 --- a/2008/3xxx/CVE-2008-3743.json +++ b/2008/3xxx/CVE-2008-3743.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH elements." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/295053", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/295053" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=459108", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=459108" - }, - { - "name" : "FEDORA-2008-7467", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00259.html" - }, - { - "name" : "FEDORA-2008-7626", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00508.html" - }, - { - "name" : "30689", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30689" - }, - { - "name" : "31462", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31462" - }, - { - "name" : "ADV-2008-2392", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2392" - }, - { - "name" : "31825", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31825" - }, - { - "name" : "drupal-ahah-csrf(44453)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44453" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH elements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=459108", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=459108" + }, + { + "name": "30689", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30689" + }, + { + "name": "drupal-ahah-csrf(44453)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44453" + }, + { + "name": "31825", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31825" + }, + { + "name": "ADV-2008-2392", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2392" + }, + { + "name": "FEDORA-2008-7626", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00508.html" + }, + { + "name": "http://drupal.org/node/295053", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/295053" + }, + { + "name": "FEDORA-2008-7467", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00259.html" + }, + { + "name": "31462", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31462" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4144.json b/2008/4xxx/CVE-2008-4144.json index c8b5a29c8b2..863ac6ea723 100644 --- a/2008/4xxx/CVE-2008-4144.json +++ b/2008/4xxx/CVE-2008-4144.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in ACG-ScriptShop E-Gold Script Shop allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6364", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6364" - }, - { - "name" : "31015", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31015" - }, - { - "name" : "31740", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31740" - }, - { - "name" : "acgscript-egoldscriptshop-cid-sql-injection(44966)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in ACG-ScriptShop E-Gold Script Shop allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "acgscript-egoldscriptshop-cid-sql-injection(44966)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44966" + }, + { + "name": "31740", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31740" + }, + { + "name": "6364", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6364" + }, + { + "name": "31015", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31015" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4658.json b/2008/4xxx/CVE-2008-4658.json index 82110287b78..d6c86d4be23 100644 --- a/2008/4xxx/CVE-2008-4658.json +++ b/2008/4xxx/CVE-2008-4658.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4658", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/extensions/repository/view/dmmjobcontrol/1.15.5/", - "refsource" : "MISC", - "url" : "http://typo3.org/extensions/repository/view/dmmjobcontrol/1.15.5/" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/" - }, - { - "name" : "31840", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31840" - }, - { - "name" : "ADV-2008-2870", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2870" - }, - { - "name" : "32342", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31840", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31840" + }, + { + "name": "http://typo3.org/extensions/repository/view/dmmjobcontrol/1.15.5/", + "refsource": "MISC", + "url": "http://typo3.org/extensions/repository/view/dmmjobcontrol/1.15.5/" + }, + { + "name": "ADV-2008-2870", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2870" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/" + }, + { + "name": "32342", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32342" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6335.json b/2008/6xxx/CVE-2008-6335.json index 4ce92ea9b3c..6b5f7b198fa 100644 --- a/2008/6xxx/CVE-2008-6335.json +++ b/2008/6xxx/CVE-2008-6335.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in download.php in eMetrix Online Keyword Research Tool allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7524", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7524" - }, - { - "name" : "32932", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32932" - }, - { - "name" : "33255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33255" - }, - { - "name" : "online-download-directory-traversal(47516)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47516" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in download.php in eMetrix Online Keyword Research Tool allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7524", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7524" + }, + { + "name": "32932", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32932" + }, + { + "name": "33255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33255" + }, + { + "name": "online-download-directory-traversal(47516)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47516" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2203.json b/2013/2xxx/CVE-2013-2203.json index da5e3d9b924..46252d7777e 100644 --- a/2013/2xxx/CVE-2013-2203.json +++ b/2013/2xxx/CVE-2013-2203.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an XMLHttpRequest error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codex.wordpress.org/Version_3.5.2", - "refsource" : "CONFIRM", - "url" : "http://codex.wordpress.org/Version_3.5.2" - }, - { - "name" : "http://wordpress.org/news/2013/06/wordpress-3-5-2/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/news/2013/06/wordpress-3-5-2/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=976784", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=976784" - }, - { - "name" : "DSA-2718", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an XMLHttpRequest error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wordpress.org/news/2013/06/wordpress-3-5-2/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/news/2013/06/wordpress-3-5-2/" + }, + { + "name": "DSA-2718", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2718" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=976784", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=976784" + }, + { + "name": "http://codex.wordpress.org/Version_3.5.2", + "refsource": "CONFIRM", + "url": "http://codex.wordpress.org/Version_3.5.2" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2481.json b/2013/2xxx/CVE-2013-2481.json index fb2d1d121df..7edad2b4b1f 100644 --- a/2013/2xxx/CVE-2013-2481.json +++ b/2013/2xxx/CVE-2013-2481.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-mount.c?r1=47672&r2=47671&pathrev=47672", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-mount.c?r1=47672&r2=47671&pathrev=47672" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47672", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47672" - }, - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.6.14.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.6.14.html" - }, - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2013-16.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2013-16.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8335", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8335" - }, - { - "name" : "DSA-2644", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2644" - }, - { - "name" : "openSUSE-SU-2013:0494", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00065.html" - }, - { - "name" : "openSUSE-SU-2013:0506", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00077.html" - }, - { - "name" : "oval:org.mitre.oval:def:16420", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16420" - }, - { - "name" : "52471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52471" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8335", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8335" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.6.14.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.6.14.html" + }, + { + "name": "openSUSE-SU-2013:0494", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00065.html" + }, + { + "name": "oval:org.mitre.oval:def:16420", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16420" + }, + { + "name": "52471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52471" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html" + }, + { + "name": "openSUSE-SU-2013:0506", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00077.html" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47672", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47672" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2013-16.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2013-16.html" + }, + { + "name": "DSA-2644", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2644" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-mount.c?r1=47672&r2=47671&pathrev=47672", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-mount.c?r1=47672&r2=47671&pathrev=47672" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2542.json b/2013/2xxx/CVE-2013-2542.json index 6256ea9d098..82844c81c5f 100644 --- a/2013/2xxx/CVE-2013-2542.json +++ b/2013/2xxx/CVE-2013-2542.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2542", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2542", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2760.json b/2013/2xxx/CVE-2013-2760.json index 4e8636d1ca5..117ac40fa1e 100644 --- a/2013/2xxx/CVE-2013-2760.json +++ b/2013/2xxx/CVE-2013-2760.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Groovy Media Player 3.2.0 allows remote attackers to execute arbitrary code via a long string in a .m3u file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "24930", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/24930/" - }, - { - "name" : "92040", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/92040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Groovy Media Player 3.2.0 allows remote attackers to execute arbitrary code via a long string in a .m3u file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24930", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/24930/" + }, + { + "name": "92040", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/92040" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2821.json b/2013/2xxx/CVE-2013-2821.json index f303ad67505..091b569094c 100644 --- a/2013/2xxx/CVE-2013-2821.json +++ b/2013/2xxx/CVE-2013-2821.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NovaTech Orion Substation Automation Platform OrionLX DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier and Orion5/Orion5r DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier allow remote attackers to cause a denial of service (driver crash and process restart) via a crafted DNP3 TCP packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2013-2821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-352-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-352-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NovaTech Orion Substation Automation Platform OrionLX DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier and Orion5/Orion5r DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier allow remote attackers to cause a denial of service (driver crash and process restart) via a crafted DNP3 TCP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-352-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-352-01" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3614.json b/2013/3xxx/CVE-2013-3614.json index d0babe16816..31e6b8ff7e7 100644 --- a/2013/3xxx/CVE-2013-3614.json +++ b/2013/3xxx/CVE-2013-3614.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3614", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-3614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#800094", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/800094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#800094", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/800094" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6579.json b/2013/6xxx/CVE-2013-6579.json index 61c0c6f08d8..9c0375255dd 100644 --- a/2013/6xxx/CVE-2013-6579.json +++ b/2013/6xxx/CVE-2013-6579.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6579", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6579", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6613.json b/2013/6xxx/CVE-2013-6613.json index 1ca3dfac2b8..75ce37423e3 100644 --- a/2013/6xxx/CVE-2013-6613.json +++ b/2013/6xxx/CVE-2013-6613.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6613", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6613", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6696.json b/2013/6xxx/CVE-2013-6696.json index ec86b7f6c6f..d410c13e2ee 100644 --- a/2013/6xxx/CVE-2013-6696.json +++ b/2013/6xxx/CVE-2013-6696.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via a malformed response, aka Bug ID CSCuj28861." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-6696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131202 Cisco ASA Malformed DNS Reply Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via a malformed response, aka Bug ID CSCuj28861." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131202 Cisco ASA Malformed DNS Reply Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6696" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6948.json b/2013/6xxx/CVE-2013-6948.json index 4d34cf4f6dc..18228baf242 100644 --- a/2013/6xxx/CVE-2013-6948.json +++ b/2013/6xxx/CVE-2013-6948.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6948", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-6948", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ioactive.com/pdfs/IOActive_Belkin-advisory-lite.pdf", - "refsource" : "MISC", - "url" : "http://www.ioactive.com/pdfs/IOActive_Belkin-advisory-lite.pdf" - }, - { - "name" : "VU#656302", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/656302" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ioactive.com/pdfs/IOActive_Belkin-advisory-lite.pdf", + "refsource": "MISC", + "url": "http://www.ioactive.com/pdfs/IOActive_Belkin-advisory-lite.pdf" + }, + { + "name": "VU#656302", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/656302" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6974.json b/2013/6xxx/CVE-2013-6974.json index 355a2b72b1b..cfd6afad657 100644 --- a/2013/6xxx/CVE-2013-6974.json +++ b/2013/6xxx/CVE-2013-6974.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud89431." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-6974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140109 Cisco Secure Access Control System Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6974" - }, - { - "name" : "64752", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64752" - }, - { - "name" : "101894", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101894" - }, - { - "name" : "1029594", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029594" - }, - { - "name" : "56353", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud89431." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029594", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029594" + }, + { + "name": "20140109 Cisco Secure Access Control System Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6974" + }, + { + "name": "56353", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56353" + }, + { + "name": "101894", + "refsource": "OSVDB", + "url": "http://osvdb.org/101894" + }, + { + "name": "64752", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64752" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7031.json b/2013/7xxx/CVE-2013-7031.json index be30b494c90..420892beb6c 100644 --- a/2013/7xxx/CVE-2013-7031.json +++ b/2013/7xxx/CVE-2013-7031.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7031", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7031", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10223.json b/2017/10xxx/CVE-2017-10223.json index 5d2ddbe37a8..8c8a0d0f668 100644 --- a/2017/10xxx/CVE-2017-10223.json +++ b/2017/10xxx/CVE-2017-10223.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Materials Control", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.31.4" - }, - { - "version_affected" : "=", - "version_value" : "8.32.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Purchasing). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Materials Control", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.31.4" + }, + { + "version_affected": "=", + "version_value": "8.32.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99704", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99704" - }, - { - "name" : "1038941", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Purchasing). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99704", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99704" + }, + { + "name": "1038941", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038941" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10249.json b/2017/10xxx/CVE-2017-10249.json index f2de1752e5d..e3f5897cf0d 100644 --- a/2017/10xxx/CVE-2017-10249.json +++ b/2017/10xxx/CVE-2017-10249.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.54" - }, - { - "version_affected" : "=", - "version_value" : "8.55" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.54" + }, + { + "version_affected": "=", + "version_value": "8.55" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99764" - }, - { - "name" : "1038932", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038932", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038932" + }, + { + "name": "99764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99764" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10445.json b/2017/10xxx/CVE-2017-10445.json index bd411b56301..8a3eaed8629 100644 --- a/2017/10xxx/CVE-2017-10445.json +++ b/2017/10xxx/CVE-2017-10445.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10445", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10445", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10522.json b/2017/10xxx/CVE-2017-10522.json index a35149fa271..8253e3d67b3 100644 --- a/2017/10xxx/CVE-2017-10522.json +++ b/2017/10xxx/CVE-2017-10522.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10522", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10522", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10647.json b/2017/10xxx/CVE-2017-10647.json index e05136f4d38..ab7217052fa 100644 --- a/2017/10xxx/CVE-2017-10647.json +++ b/2017/10xxx/CVE-2017-10647.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10647", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10647", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10661.json b/2017/10xxx/CVE-2017-10661.json index 55f9e07df8e..c420117731e 100644 --- a/2017/10xxx/CVE-2017-10661.json +++ b/2017/10xxx/CVE-2017-10661.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43345", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43345/" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e38da300e1e395a15048b0af1e5305bd91402f6", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e38da300e1e395a15048b0af1e5305bd91402f6" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.15", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.15" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1481136", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1481136" - }, - { - "name" : "https://github.com/torvalds/linux/commit/1e38da300e1e395a15048b0af1e5305bd91402f6", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/1e38da300e1e395a15048b0af1e5305bd91402f6" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-08-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-08-01" - }, - { - "name" : "DSA-3981", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3981" - }, - { - "name" : "RHSA-2018:3083", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3083" - }, - { - "name" : "RHSA-2018:3096", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3096" - }, - { - "name" : "100215", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:3083", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3083" + }, + { + "name": "100215", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100215" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1481136", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1481136" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.15", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.15" + }, + { + "name": "DSA-3981", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3981" + }, + { + "name": "https://source.android.com/security/bulletin/2017-08-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-08-01" + }, + { + "name": "https://github.com/torvalds/linux/commit/1e38da300e1e395a15048b0af1e5305bd91402f6", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/1e38da300e1e395a15048b0af1e5305bd91402f6" + }, + { + "name": "43345", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43345/" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e38da300e1e395a15048b0af1e5305bd91402f6", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e38da300e1e395a15048b0af1e5305bd91402f6" + }, + { + "name": "RHSA-2018:3096", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3096" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14248.json b/2017/14xxx/CVE-2017-14248.json index 51005d4815a..d2d5c77ba4f 100644 --- a/2017/14xxx/CVE-2017-14248.json +++ b/2017/14xxx/CVE-2017-14248.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14248", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/717", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/717" - }, - { - "name" : "GLSA-201711-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201711-07" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/717", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/717" + }, + { + "name": "GLSA-201711-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201711-07" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14318.json b/2017/14xxx/CVE-2017-14318.json index 7b2a34d5f3c..4dd8746ed92 100644 --- a/2017/14xxx/CVE-2017-14318.json +++ b/2017/14xxx/CVE-2017-14318.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner's grant table is checked to see if a grant mapping to the calling domain exists for the page in question. However, the function does not check to see if the owning domain actually has a grant table or not. Some special domains, such as `DOMID_XEN`, `DOMID_IO` and `DOMID_COW` are created without grant tables. Hence, if __gnttab_cache_flush operates on a page owned by these special domains, it will attempt to dereference a NULL pointer in the domain struct." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xenbits.xen.org/xsa/advisory-232.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-232.html" - }, - { - "name" : "https://support.citrix.com/article/CTX227185", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX227185" - }, - { - "name" : "DSA-4050", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4050" - }, - { - "name" : "100817", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100817" - }, - { - "name" : "1039349", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039349" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner's grant table is checked to see if a grant mapping to the calling domain exists for the page in question. However, the function does not check to see if the owning domain actually has a grant table or not. Some special domains, such as `DOMID_XEN`, `DOMID_IO` and `DOMID_COW` are created without grant tables. Hence, if __gnttab_cache_flush operates on a page owned by these special domains, it will attempt to dereference a NULL pointer in the domain struct." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.citrix.com/article/CTX227185", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX227185" + }, + { + "name": "DSA-4050", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4050" + }, + { + "name": "1039349", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039349" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-232.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-232.html" + }, + { + "name": "100817", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100817" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14594.json b/2017/14xxx/CVE-2017-14594.json index 872b9c5f84d..311be78096c 100644 --- a/2017/14xxx/CVE-2017-14594.json +++ b/2017/14xxx/CVE-2017-14594.json @@ -1,66 +1,66 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2017-12-18T00:00:00", - "ID" : "CVE-2017-14594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jira", - "version" : { - "version_data" : [ - { - "version_value" : "prior 7.2.12" - }, - { - "version_value" : "7.3.0 before 7.6.1" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2017-12-18T00:00:00", + "ID": "CVE-2017-14594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_value": "prior 7.2.12" + }, + { + "version_value": "7.3.0 before 7.6.1" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/JRASERVER-66495", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/JRASERVER-66495" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.atlassian.com/browse/JRASERVER-66495", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/JRASERVER-66495" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15159.json b/2017/15xxx/CVE-2017-15159.json index 38b7fd6e58d..8ff1279acf4 100644 --- a/2017/15xxx/CVE-2017-15159.json +++ b/2017/15xxx/CVE-2017-15159.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15159", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15159", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15959.json b/2017/15xxx/CVE-2017-15959.json index 34b0f185c54..1f8d398751f 100644 --- a/2017/15xxx/CVE-2017-15959.json +++ b/2017/15xxx/CVE-2017-15959.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43100", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43100/" - }, - { - "name" : "https://packetstormsecurity.com/files/144428/Adult-Script-Pro-2.2.4-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/144428/Adult-Script-Pro-2.2.4-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43100", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43100/" + }, + { + "name": "https://packetstormsecurity.com/files/144428/Adult-Script-Pro-2.2.4-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/144428/Adult-Script-Pro-2.2.4-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17603.json b/2017/17xxx/CVE-2017-17603.json index e9a4d2ae3cb..cdd603569f4 100644 --- a/2017/17xxx/CVE-2017-17603.json +++ b/2017/17xxx/CVE-2017-17603.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17603", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43304", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43304/" - }, - { - "name" : "https://packetstormsecurity.com/files/145345/Advanced-Real-Estate-Script-4.0.7-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/145345/Advanced-Real-Estate-Script-4.0.7-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43304", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43304/" + }, + { + "name": "https://packetstormsecurity.com/files/145345/Advanced-Real-Estate-Script-4.0.7-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/145345/Advanced-Real-Estate-Script-4.0.7-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17976.json b/2017/17xxx/CVE-2017-17976.json index 79d279544ab..e7088d93f8f 100644 --- a/2017/17xxx/CVE-2017-17976.json +++ b/2017/17xxx/CVE-2017-17976.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43590", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43590/" - }, - { - "name" : "http://packetstormsecurity.com/files/145903/PerfexCRM-1.9.7-Arbitrary-File-Upload.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/145903/PerfexCRM-1.9.7-Arbitrary-File-Upload.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43590", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43590/" + }, + { + "name": "http://packetstormsecurity.com/files/145903/PerfexCRM-1.9.7-Arbitrary-File-Upload.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/145903/PerfexCRM-1.9.7-Arbitrary-File-Upload.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9341.json b/2017/9xxx/CVE-2017-9341.json index fbc66642df9..e90fa570cf0 100644 --- a/2017/9xxx/CVE-2017-9341.json +++ b/2017/9xxx/CVE-2017-9341.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9341", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9341", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9350.json b/2017/9xxx/CVE-2017-9350.json index 992aa2a0dc5..9f97064b6f6 100644 --- a/2017/9xxx/CVE-2017-9350.json +++ b/2017/9xxx/CVE-2017-9350.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1212", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1212" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13649", - "refsource" : "MISC", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13649" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dbc7cb0bbdd501fa96e0cb98668f6d6bf17ac4e6", - "refsource" : "MISC", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dbc7cb0bbdd501fa96e0cb98668f6d6bf17ac4e6" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2017-28.html", - "refsource" : "MISC", - "url" : "https://www.wireshark.org/security/wnpa-sec-2017-28.html" - }, - { - "name" : "98806", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98806" - }, - { - "name" : "1038612", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038612" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13649", + "refsource": "MISC", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13649" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dbc7cb0bbdd501fa96e0cb98668f6d6bf17ac4e6", + "refsource": "MISC", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dbc7cb0bbdd501fa96e0cb98668f6d6bf17ac4e6" + }, + { + "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1212", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1212" + }, + { + "name": "98806", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98806" + }, + { + "name": "1038612", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038612" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2017-28.html", + "refsource": "MISC", + "url": "https://www.wireshark.org/security/wnpa-sec-2017-28.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9456.json b/2017/9xxx/CVE-2017-9456.json index 81011c3a128..aba2e7f57bc 100644 --- a/2017/9xxx/CVE-2017-9456.json +++ b/2017/9xxx/CVE-2017-9456.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9456", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9456", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9767.json b/2017/9xxx/CVE-2017-9767.json index 3e58fb949e2..8a508a4992d 100644 --- a/2017/9xxx/CVE-2017-9767.json +++ b/2017/9xxx/CVE-2017-9767.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter to RM/Reservation/ReserveNew; the (3) Description parameter to RM/Topology/Update; the (4) Name, (5) Description, (6) ExecutionBatches[0].Name, (7) ExecutionBatches[0].Description, or (8) Labels parameter to SnQ/JobTemplate/Edit; or (9) Alias or (10) Description parameter to RM/AbstractTemplate/AddOrUpdateAbstractTemplate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170814 [CVE-2017-9767] Quali CloudShell (v7.1.0.6508 Patch 6) Multiple Stored Cross Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/541023/100/0/threaded" - }, - { - "name" : "42453", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42453/" - }, - { - "name" : "http://packetstormsecurity.com/files/143746/Quali-CloudShell-7.1.0.6508-Patch-6-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/143746/Quali-CloudShell-7.1.0.6508-Patch-6-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter to RM/Reservation/ReserveNew; the (3) Description parameter to RM/Topology/Update; the (4) Name, (5) Description, (6) ExecutionBatches[0].Name, (7) ExecutionBatches[0].Description, or (8) Labels parameter to SnQ/JobTemplate/Edit; or (9) Alias or (10) Description parameter to RM/AbstractTemplate/AddOrUpdateAbstractTemplate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42453", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42453/" + }, + { + "name": "http://packetstormsecurity.com/files/143746/Quali-CloudShell-7.1.0.6508-Patch-6-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/143746/Quali-CloudShell-7.1.0.6508-Patch-6-Cross-Site-Scripting.html" + }, + { + "name": "20170814 [CVE-2017-9767] Quali CloudShell (v7.1.0.6508 Patch 6) Multiple Stored Cross Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/541023/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0235.json b/2018/0xxx/CVE-2018-0235.json index 6a4cbc9a56c..14d1f249f1b 100644 --- a/2018/0xxx/CVE-2018-0235.json +++ b/2018/0xxx/CVE-2018-0235.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Wireless LAN Controller", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Wireless LAN Controller" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the 802.11 frame validation functionality of the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of certain 802.11 management information element frames that an affected device receives from wireless clients. An attacker could exploit this vulnerability by sending a malformed 802.11 management frame to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects only Cisco Wireless LAN Controllers that are running Cisco Mobility Express Release 8.5.103.0. Cisco Bug IDs: CSCvg07024." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Wireless LAN Controller", + "version": { + "version_data": [ + { + "version_value": "Cisco Wireless LAN Controller" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-mfdos", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-mfdos" - }, - { - "name" : "104080", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the 802.11 frame validation functionality of the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of certain 802.11 management information element frames that an affected device receives from wireless clients. An attacker could exploit this vulnerability by sending a malformed 802.11 management frame to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects only Cisco Wireless LAN Controllers that are running Cisco Mobility Express Release 8.5.103.0. Cisco Bug IDs: CSCvg07024." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-mfdos", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-mfdos" + }, + { + "name": "104080", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104080" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0377.json b/2018/0xxx/CVE-2018-0377.json index b53e2ae4217..2fb00be097b 100644 --- a/2018/0xxx/CVE-2018-0377.json +++ b/2018/0xxx/CVE-2018-0377.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Policy Suite unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Policy Suite unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An exploit could allow the attacker to access or change any files that are accessible by the OSGi process. Cisco Bug IDs: CSCvh18017." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-306" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Policy Suite unknown", + "version": { + "version_data": [ + { + "version_value": "Cisco Policy Suite unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ps-osgi-unauth-access", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ps-osgi-unauth-access" - }, - { - "name" : "104850", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104850" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An exploit could allow the attacker to access or change any files that are accessible by the OSGi process. Cisco Bug IDs: CSCvh18017." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ps-osgi-unauth-access", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ps-osgi-unauth-access" + }, + { + "name": "104850", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104850" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0528.json b/2018/0xxx/CVE-2018-0528.json index dff72aeccaf..900c9650333 100644 --- a/2018/0xxx/CVE-2018-0528.json +++ b/2018/0xxx/CVE-2018-0528.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0528", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cybozu Office", - "version" : { - "version_data" : [ - { - "version_value" : "10.0.0 to 10.7.0" - } - ] - } - } - ] - }, - "vendor_name" : "Cybozu, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authentication bypass" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0528", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cybozu Office", + "version": { + "version_data": [ + { + "version_value": "10.0.0 to 10.7.0" + } + ] + } + } + ] + }, + "vendor_name": "Cybozu, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.cybozu.com/ja-jp/article/9812", - "refsource" : "CONFIRM", - "url" : "https://support.cybozu.com/ja-jp/article/9812" - }, - { - "name" : "JVN#51737843", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN51737843/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.cybozu.com/ja-jp/article/9812", + "refsource": "CONFIRM", + "url": "https://support.cybozu.com/ja-jp/article/9812" + }, + { + "name": "JVN#51737843", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN51737843/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000883.json b/2018/1000xxx/CVE-2018-1000883.json index d1c5543dda4..5f008ed8dd1 100644 --- a/2018/1000xxx/CVE-2018-1000883.json +++ b/2018/1000xxx/CVE-2018-1000883.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-12-20T10:18:08.690224", - "DATE_REQUESTED" : "2018-12-19T13:39:45", - "ID" : "CVE-2018-1000883", - "REQUESTER" : "maennchen@joshmartin.ch", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Plug", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "Elixir Plug" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in >= 1.3.5 or ~> 1.2.5 or ~> 1.1.9 or ~> 1.0.6." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Header Injection" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-12-20T10:18:08.690224", + "DATE_REQUESTED": "2018-12-19T13:39:45", + "ID": "CVE-2018-1000883", + "REQUESTER": "maennchen@joshmartin.ch", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/dependabot/elixir-security-advisories/blob/master/packages/plug/2017-04-17.yml", - "refsource" : "MISC", - "url" : "https://github.com/dependabot/elixir-security-advisories/blob/master/packages/plug/2017-04-17.yml" - }, - { - "name" : "https://github.com/elixir-plug/plug/commit/8857f8ab4acf9b9c22e80480dae2636692f5f573", - "refsource" : "MISC", - "url" : "https://github.com/elixir-plug/plug/commit/8857f8ab4acf9b9c22e80480dae2636692f5f573" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in >= 1.3.5 or ~> 1.2.5 or ~> 1.1.9 or ~> 1.0.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/elixir-plug/plug/commit/8857f8ab4acf9b9c22e80480dae2636692f5f573", + "refsource": "MISC", + "url": "https://github.com/elixir-plug/plug/commit/8857f8ab4acf9b9c22e80480dae2636692f5f573" + }, + { + "name": "https://github.com/dependabot/elixir-security-advisories/blob/master/packages/plug/2017-04-17.yml", + "refsource": "MISC", + "url": "https://github.com/dependabot/elixir-security-advisories/blob/master/packages/plug/2017-04-17.yml" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16056.json b/2018/16xxx/CVE-2018-16056.json index 789aab9efd9..879b6504eba 100644 --- a/2018/16xxx/CVE-2018-16056.json +++ b/2018/16xxx/CVE-2018-16056.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14994", - "refsource" : "MISC", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14994" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f98fbce64cb230e94a2cafc410a3cedad657b485", - "refsource" : "MISC", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f98fbce64cb230e94a2cafc410a3cedad657b485" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2018-45.html", - "refsource" : "MISC", - "url" : "https://www.wireshark.org/security/wnpa-sec-2018-45.html" - }, - { - "name" : "DSA-4315", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4315" - }, - { - "name" : "105174", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105174" - }, - { - "name" : "1041609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f98fbce64cb230e94a2cafc410a3cedad657b485", + "refsource": "MISC", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f98fbce64cb230e94a2cafc410a3cedad657b485" + }, + { + "name": "DSA-4315", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4315" + }, + { + "name": "105174", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105174" + }, + { + "name": "1041609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041609" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14994", + "refsource": "MISC", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14994" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2018-45.html", + "refsource": "MISC", + "url": "https://www.wireshark.org/security/wnpa-sec-2018-45.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19050.json b/2018/19xxx/CVE-2018-19050.json index b3d4103214e..c16633f7fb6 100644 --- a/2018/19xxx/CVE-2018-19050.json +++ b/2018/19xxx/CVE-2018-19050.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/m3lon/XSS-Expoit/blob/master/METINFO_XSS.md", - "refsource" : "MISC", - "url" : "https://github.com/m3lon/XSS-Expoit/blob/master/METINFO_XSS.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/m3lon/XSS-Expoit/blob/master/METINFO_XSS.md", + "refsource": "MISC", + "url": "https://github.com/m3lon/XSS-Expoit/blob/master/METINFO_XSS.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19187.json b/2018/19xxx/CVE-2018-19187.json index ed5e0ba581c..db004331276 100644 --- a/2018/19xxx/CVE-2018-19187.json +++ b/2018/19xxx/CVE-2018-19187.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19187", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in a success.php echo statement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19187", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.seekurity.com/blog/general/payfort-multiple-security-issues-and-concerns-in-a-supposed-to-be-pci-dss-compliant-payment-processor-sdk", - "refsource" : "MISC", - "url" : "https://www.seekurity.com/blog/general/payfort-multiple-security-issues-and-concerns-in-a-supposed-to-be-pci-dss-compliant-payment-processor-sdk" - }, - { - "name" : "105930", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105930" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in a success.php echo statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.seekurity.com/blog/general/payfort-multiple-security-issues-and-concerns-in-a-supposed-to-be-pci-dss-compliant-payment-processor-sdk", + "refsource": "MISC", + "url": "https://www.seekurity.com/blog/general/payfort-multiple-security-issues-and-concerns-in-a-supposed-to-be-pci-dss-compliant-payment-processor-sdk" + }, + { + "name": "105930", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105930" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19700.json b/2018/19xxx/CVE-2018-19700.json index 7ff78f5085b..2f44f9127cd 100644 --- a/2018/19xxx/CVE-2018-19700.json +++ b/2018/19xxx/CVE-2018-19700.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-19700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-19700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" - }, - { - "name" : "106164", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106164", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106164" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19765.json b/2018/19xxx/CVE-2018-19765.json index b458222f563..360b3c99d2f 100644 --- a/2018/19xxx/CVE-2018-19765.json +++ b/2018/19xxx/CVE-2018-19765.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page \"EditCurrentPresentSpace.jsp\" has reflected XSS via the ConnPoolName, GroupId, and ParentId parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Dec/20" - }, - { - "name" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page \"EditCurrentPresentSpace.jsp\" has reflected XSS via the ConnPoolName, GroupId, and ParentId parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html" + }, + { + "name": "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Dec/20" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19824.json b/2018/19xxx/CVE-2018-19824.json index a3fb456bc9f..d0c8b71c7b1 100644 --- a/2018/19xxx/CVE-2018-19824.json +++ b/2018/19xxx/CVE-2018-19824.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19824", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1118152", - "refsource" : "MISC", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1118152" - }, - { - "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=5f8cf712582617d523120df67d392059eaf2fc4b", - "refsource" : "MISC", - "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=5f8cf712582617d523120df67d392059eaf2fc4b" - }, - { - "name" : "https://github.com/torvalds/linux/commit/5f8cf712582617d523120df67d392059eaf2fc4b", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/5f8cf712582617d523120df67d392059eaf2fc4b" - }, - { - "name" : "USN-3879-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3879-1/" - }, - { - "name" : "USN-3879-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3879-2/" - }, - { - "name" : "106109", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/5f8cf712582617d523120df67d392059eaf2fc4b", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/5f8cf712582617d523120df67d392059eaf2fc4b" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1118152", + "refsource": "MISC", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1118152" + }, + { + "name": "USN-3879-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3879-2/" + }, + { + "name": "USN-3879-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3879-1/" + }, + { + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=5f8cf712582617d523120df67d392059eaf2fc4b", + "refsource": "MISC", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=5f8cf712582617d523120df67d392059eaf2fc4b" + }, + { + "name": "106109", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106109" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1839.json b/2018/1xxx/CVE-2018-1839.json index 9b924f22004..adf34c3b8ff 100644 --- a/2018/1xxx/CVE-2018-1839.json +++ b/2018/1xxx/CVE-2018-1839.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1839", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1839", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4562.json b/2018/4xxx/CVE-2018-4562.json index 3f2edb46921..cca149ece6d 100644 --- a/2018/4xxx/CVE-2018-4562.json +++ b/2018/4xxx/CVE-2018-4562.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4562", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4562", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4648.json b/2018/4xxx/CVE-2018-4648.json index 701f16cba7a..6ebeeb723b5 100644 --- a/2018/4xxx/CVE-2018-4648.json +++ b/2018/4xxx/CVE-2018-4648.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4648", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4648", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4771.json b/2018/4xxx/CVE-2018-4771.json index eea40b75cfd..6692c9a2b0b 100644 --- a/2018/4xxx/CVE-2018-4771.json +++ b/2018/4xxx/CVE-2018-4771.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4771", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4771", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file