From 81235666a46bd4ec70dc5f186973d7b618d05850 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:35:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/0xxx/CVE-2004-0177.json | 350 ++++++++++++++--------------- 2004/1xxx/CVE-2004-1246.json | 34 +-- 2004/1xxx/CVE-2004-1466.json | 160 ++++++------- 2004/1xxx/CVE-2004-1847.json | 160 ++++++------- 2004/1xxx/CVE-2004-1874.json | 150 ++++++------- 2004/1xxx/CVE-2004-1891.json | 120 +++++----- 2008/3xxx/CVE-2008-3317.json | 180 +++++++-------- 2008/3xxx/CVE-2008-3631.json | 210 ++++++++--------- 2008/3xxx/CVE-2008-3794.json | 210 ++++++++--------- 2008/3xxx/CVE-2008-3873.json | 330 +++++++++++++-------------- 2008/4xxx/CVE-2008-4178.json | 250 ++++++++++----------- 2008/4xxx/CVE-2008-4609.json | 270 +++++++++++----------- 2008/4xxx/CVE-2008-4724.json | 120 +++++----- 2008/6xxx/CVE-2008-6011.json | 150 ++++++------- 2008/6xxx/CVE-2008-6213.json | 170 +++++++------- 2008/6xxx/CVE-2008-6245.json | 150 ++++++------- 2008/6xxx/CVE-2008-6344.json | 130 +++++------ 2008/6xxx/CVE-2008-6837.json | 140 ++++++------ 2008/6xxx/CVE-2008-6844.json | 160 ++++++------- 2008/7xxx/CVE-2008-7308.json | 34 +-- 2013/2xxx/CVE-2013-2023.json | 210 ++++++++--------- 2013/2xxx/CVE-2013-2267.json | 34 +-- 2013/2xxx/CVE-2013-2696.json | 130 +++++------ 2013/6xxx/CVE-2013-6269.json | 34 +-- 2013/6xxx/CVE-2013-6365.json | 34 +-- 2013/6xxx/CVE-2013-6508.json | 34 +-- 2017/10xxx/CVE-2017-10092.json | 150 ++++++------- 2017/14xxx/CVE-2017-14337.json | 130 +++++------ 2017/14xxx/CVE-2017-14718.json | 160 ++++++------- 2017/14xxx/CVE-2017-14719.json | 170 +++++++------- 2017/15xxx/CVE-2017-15165.json | 34 +-- 2017/15xxx/CVE-2017-15200.json | 150 ++++++------- 2017/15xxx/CVE-2017-15206.json | 150 ++++++------- 2017/15xxx/CVE-2017-15272.json | 140 ++++++------ 2017/15xxx/CVE-2017-15525.json | 132 +++++------ 2017/9xxx/CVE-2017-9090.json | 120 +++++----- 2017/9xxx/CVE-2017-9226.json | 160 ++++++------- 2017/9xxx/CVE-2017-9297.json | 130 +++++------ 2017/9xxx/CVE-2017-9591.json | 120 +++++----- 2017/9xxx/CVE-2017-9619.json | 150 ++++++------- 2017/9xxx/CVE-2017-9916.json | 120 +++++----- 2018/0xxx/CVE-2018-0070.json | 34 +-- 2018/0xxx/CVE-2018-0576.json | 130 +++++------ 2018/0xxx/CVE-2018-0630.json | 130 +++++------ 2018/0xxx/CVE-2018-0879.json | 142 ++++++------ 2018/1000xxx/CVE-2018-1000108.json | 124 +++++----- 2018/1000xxx/CVE-2018-1000612.json | 34 +-- 2018/1000xxx/CVE-2018-1000860.json | 126 +++++------ 2018/12xxx/CVE-2018-12113.json | 140 ++++++------ 2018/12xxx/CVE-2018-12258.json | 120 +++++----- 2018/12xxx/CVE-2018-12474.json | 194 ++++++++-------- 2018/12xxx/CVE-2018-12961.json | 34 +-- 2018/16xxx/CVE-2018-16138.json | 34 +-- 2018/16xxx/CVE-2018-16218.json | 34 +-- 2018/16xxx/CVE-2018-16380.json | 120 +++++----- 2018/16xxx/CVE-2018-16487.json | 120 +++++----- 2018/16xxx/CVE-2018-16585.json | 180 +++++++-------- 2018/16xxx/CVE-2018-16926.json | 34 +-- 2018/4xxx/CVE-2018-4045.json | 120 +++++----- 2018/4xxx/CVE-2018-4254.json | 120 +++++----- 2018/4xxx/CVE-2018-4529.json | 34 +-- 2018/4xxx/CVE-2018-4670.json | 34 +-- 2018/4xxx/CVE-2018-4740.json | 34 +-- 63 files changed, 4021 insertions(+), 4021 deletions(-) diff --git a/2004/0xxx/CVE-2004-0177.json b/2004/0xxx/CVE-2004-0177.json index 9ba2d71e29f..777be60525d 100644 --- a/2004/0xxx/CVE-2004-0177.json +++ b/2004/0xxx/CVE-2004-0177.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CLA-2004:846", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846" - }, - { - "name" : "DSA-479", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-479" - }, - { - "name" : "DSA-480", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-480" - }, - { - "name" : "DSA-481", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-481" - }, - { - "name" : "DSA-482", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-482" - }, - { - "name" : "DSA-489", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-489" - }, - { - "name" : "DSA-491", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-491" - }, - { - "name" : "DSA-495", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-495" - }, - { - "name" : "ESA-20040428-004", - "refsource" : "ENGARDE", - "url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html" - }, - { - "name" : "FLSA:2336", - "refsource" : "FEDORA", - "url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2336" - }, - { - "name" : "GLSA-200407-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200407-02.xml" - }, - { - "name" : "MDKSA-2004:029", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:029" - }, - { - "name" : "RHSA-2004:166", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2004-166.html" - }, - { - "name" : "RHSA-2005:293", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-293.html" - }, - { - "name" : "RHSA-2004:504", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-504.html" - }, - { - "name" : "RHSA-2004:505", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-505.html" - }, - { - "name" : "2004-0020", - "refsource" : "TRUSTIX", - "url" : "http://marc.info/?l=bugtraq&m=108213675028441&w=2" - }, - { - "name" : "http://linux.bkbits.net:8080/linux-2.4/cset@4056b368s6vpJbGWxDD_LhQNYQrdzQ", - "refsource" : "MISC", - "url" : "http://linux.bkbits.net:8080/linux-2.4/cset@4056b368s6vpJbGWxDD_LhQNYQrdzQ" - }, - { - "name" : "O-121", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-121.shtml" - }, - { - "name" : "O-126", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-126.shtml" - }, - { - "name" : "O-127", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-127.shtml" - }, - { - "name" : "10152", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10152" - }, - { - "name" : "oval:org.mitre.oval:def:10556", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10556" - }, - { - "name" : "linux-ext3-info-disclosure(15867)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "O-127", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-127.shtml" + }, + { + "name": "2004-0020", + "refsource": "TRUSTIX", + "url": "http://marc.info/?l=bugtraq&m=108213675028441&w=2" + }, + { + "name": "FLSA:2336", + "refsource": "FEDORA", + "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2336" + }, + { + "name": "DSA-482", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-482" + }, + { + "name": "DSA-495", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-495" + }, + { + "name": "DSA-479", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-479" + }, + { + "name": "linux-ext3-info-disclosure(15867)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15867" + }, + { + "name": "DSA-480", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-480" + }, + { + "name": "10152", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10152" + }, + { + "name": "CLA-2004:846", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846" + }, + { + "name": "DSA-489", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-489" + }, + { + "name": "DSA-481", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-481" + }, + { + "name": "oval:org.mitre.oval:def:10556", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10556" + }, + { + "name": "RHSA-2005:293", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-293.html" + }, + { + "name": "ESA-20040428-004", + "refsource": "ENGARDE", + "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html" + }, + { + "name": "RHSA-2004:505", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-505.html" + }, + { + "name": "O-121", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-121.shtml" + }, + { + "name": "O-126", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-126.shtml" + }, + { + "name": "RHSA-2004:504", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-504.html" + }, + { + "name": "MDKSA-2004:029", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:029" + }, + { + "name": "GLSA-200407-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200407-02.xml" + }, + { + "name": "RHSA-2004:166", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2004-166.html" + }, + { + "name": "http://linux.bkbits.net:8080/linux-2.4/cset@4056b368s6vpJbGWxDD_LhQNYQrdzQ", + "refsource": "MISC", + "url": "http://linux.bkbits.net:8080/linux-2.4/cset@4056b368s6vpJbGWxDD_LhQNYQrdzQ" + }, + { + "name": "DSA-491", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-491" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1246.json b/2004/1xxx/CVE-2004-1246.json index d2f27dafff7..9eda9f0c869 100644 --- a/2004/1xxx/CVE-2004-1246.json +++ b/2004/1xxx/CVE-2004-1246.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1246", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1246", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1466.json b/2004/1xxx/CVE-2004-1466.json index b175ac8aa61..57189ee87c0 100644 --- a/2004/1xxx/CVE-2004-1466.json +++ b/2004/1xxx/CVE-2004-1466.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The set_time_limit function in Gallery before 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using save_photos.php, which allows remote attackers to upload and execute execute arbitrary scripts before they are deleted, if the temporary directory is under the web root." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040817 Gallery 1.4.4 save_photos.php PHP Insertion Proof of Concept", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0757.html" - }, - { - "name" : "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=134&mode=thread&order=0&thold=0", - "refsource" : "CONFIRM", - "url" : "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=134&mode=thread&order=0&thold=0" - }, - { - "name" : "GLSA-200409-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200409-05.xml" - }, - { - "name" : "10968", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10968" - }, - { - "name" : "gallery-savephotos-file-upload(17021)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17021" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The set_time_limit function in Gallery before 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using save_photos.php, which allows remote attackers to upload and execute execute arbitrary scripts before they are deleted, if the temporary directory is under the web root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10968", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10968" + }, + { + "name": "gallery-savephotos-file-upload(17021)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17021" + }, + { + "name": "20040817 Gallery 1.4.4 save_photos.php PHP Insertion Proof of Concept", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0757.html" + }, + { + "name": "GLSA-200409-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-05.xml" + }, + { + "name": "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=134&mode=thread&order=0&thold=0", + "refsource": "CONFIRM", + "url": "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=134&mode=thread&order=0&thold=0" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1847.json b/2004/1xxx/CVE-2004-1847.json index 1277d9f3df9..4da6f88d883 100644 --- a/2004/1xxx/CVE-2004-1847.json +++ b/2004/1xxx/CVE-2004-1847.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040322 Vulnerabilities in News Manager Lite 2.5 & News Manager Lite administration", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107999733503496&w=2" - }, - { - "name" : "9935", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9935" - }, - { - "name" : "1009507", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009507" - }, - { - "name" : "11180", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11180" - }, - { - "name" : "news-manager-admin-access(15550)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15550" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11180", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11180" + }, + { + "name": "9935", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9935" + }, + { + "name": "1009507", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009507" + }, + { + "name": "news-manager-admin-access(15550)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15550" + }, + { + "name": "20040322 Vulnerabilities in News Manager Lite 2.5 & News Manager Lite administration", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107999733503496&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1874.json b/2004/1xxx/CVE-2004-1874.json index 8208080aa79..79e054a2f1f 100644 --- a/2004/1xxx/CVE-2004-1874.json +++ b/2004/1xxx/CVE-2004-1874.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp and (2) billing.asp in A-CART Pro and A-CART 2.0 allow remote attackers to inject arbitrary web script or HTML via the user information forms." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040329 A-CART Pro & A-CART 2.0 Input Validation Holes", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108057887008983&w=2" - }, - { - "name" : "9997", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9997" - }, - { - "name" : "11236", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11236" - }, - { - "name" : "acart-deliverasp-billingasp-xss(15660)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp and (2) billing.asp in A-CART Pro and A-CART 2.0 allow remote attackers to inject arbitrary web script or HTML via the user information forms." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040329 A-CART Pro & A-CART 2.0 Input Validation Holes", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108057887008983&w=2" + }, + { + "name": "11236", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11236" + }, + { + "name": "9997", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9997" + }, + { + "name": "acart-deliverasp-billingasp-xss(15660)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15660" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1891.json b/2004/1xxx/CVE-2004-1891.json index 81104ebccfa..6166c558dcf 100644 --- a/2004/1xxx/CVE-2004-1891.json +++ b/2004/1xxx/CVE-2004-1891.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ftp_syslog function in ftpd in SGI IRIX 6.5.20 \"doesn't work with anonymous FTP,\" which has an unknown impact, possibly preventing the actions of anonymous users from being logged." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040401-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040401-01-P.asc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ftp_syslog function in ftpd in SGI IRIX 6.5.20 \"doesn't work with anonymous FTP,\" which has an unknown impact, possibly preventing the actions of anonymous users from being logged." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040401-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040401-01-P.asc" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3317.json b/2008/3xxx/CVE-2008-3317.json index 220a3e2c5a1..e4537de20eb 100644 --- a/2008/3xxx/CVE-2008-3317.json +++ b/2008/3xxx/CVE-2008-3317.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6066", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6066" - }, - { - "name" : "http://www.maianscriptworld.co.uk/free-php-scripts/maian-search/development/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.maianscriptworld.co.uk/free-php-scripts/maian-search/development/index.html" - }, - { - "name" : "http://www.maianscriptworld.co.uk/news.html", - "refsource" : "CONFIRM", - "url" : "http://www.maianscriptworld.co.uk/news.html" - }, - { - "name" : "30211", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30211" - }, - { - "name" : "31075", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31075" - }, - { - "name" : "4042", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4042" - }, - { - "name" : "maiansearch-index-security-bypass(43753)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43753" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.maianscriptworld.co.uk/news.html", + "refsource": "CONFIRM", + "url": "http://www.maianscriptworld.co.uk/news.html" + }, + { + "name": "6066", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6066" + }, + { + "name": "31075", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31075" + }, + { + "name": "4042", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4042" + }, + { + "name": "http://www.maianscriptworld.co.uk/free-php-scripts/maian-search/development/index.html", + "refsource": "CONFIRM", + "url": "http://www.maianscriptworld.co.uk/free-php-scripts/maian-search/development/index.html" + }, + { + "name": "30211", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30211" + }, + { + "name": "maiansearch-index-security-bypass(43753)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43753" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3631.json b/2008/3xxx/CVE-2008-3631.json index b0985c5bd6c..9e8295b703e 100644 --- a/2008/3xxx/CVE-2008-3631.json +++ b/2008/3xxx/CVE-2008-3631.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3129", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3129" - }, - { - "name" : "http://support.apple.com/kb/HT3026", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3026" - }, - { - "name" : "APPLE-SA-2008-09-09", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html" - }, - { - "name" : "APPLE-SA-2008-09-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html" - }, - { - "name" : "31092", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31092" - }, - { - "name" : "ADV-2008-2558", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2558" - }, - { - "name" : "ADV-2008-2525", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2525" - }, - { - "name" : "1020846", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020846" - }, - { - "name" : "31900", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31900" - }, - { - "name" : "31823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-2525", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2525" + }, + { + "name": "1020846", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020846" + }, + { + "name": "http://support.apple.com/kb/HT3026", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3026" + }, + { + "name": "http://support.apple.com/kb/HT3129", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3129" + }, + { + "name": "APPLE-SA-2008-09-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html" + }, + { + "name": "31823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31823" + }, + { + "name": "ADV-2008-2558", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2558" + }, + { + "name": "31900", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31900" + }, + { + "name": "31092", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31092" + }, + { + "name": "APPLE-SA-2008-09-09", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3794.json b/2008/3xxx/CVE-2008-3794.json index 863cbcae40e..10e1fd5bdf2 100644 --- a/2008/3xxx/CVE-2008-3794.json +++ b/2008/3xxx/CVE-2008-3794.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3794", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3794", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6293", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6293" - }, - { - "name" : "[oss-security] 20080824 Re: CVE id request: vlc", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/08/24/3" - }, - { - "name" : "[vlc-devel] 20080824 commit: MMS integers handling fixes, including buffer overflow ( RĂ©mi Denis-Courmont )", - "refsource" : "MLIST", - "url" : "http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048488.html" - }, - { - "name" : "http://www.orange-bat.com/adv/2008/adv.08.24.txt", - "refsource" : "MISC", - "url" : "http://www.orange-bat.com/adv/2008/adv.08.24.txt" - }, - { - "name" : "GLSA-200809-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200809-06.xml" - }, - { - "name" : "30806", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30806" - }, - { - "name" : "oval:org.mitre.oval:def:14531", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14531" - }, - { - "name" : "1020759", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020759" - }, - { - "name" : "4190", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4190" - }, - { - "name" : "vlcmediaplayer-memmove-bo(44659)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44659" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.orange-bat.com/adv/2008/adv.08.24.txt", + "refsource": "MISC", + "url": "http://www.orange-bat.com/adv/2008/adv.08.24.txt" + }, + { + "name": "30806", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30806" + }, + { + "name": "oval:org.mitre.oval:def:14531", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14531" + }, + { + "name": "[vlc-devel] 20080824 commit: MMS integers handling fixes, including buffer overflow ( R\u00e9mi Denis-Courmont )", + "refsource": "MLIST", + "url": "http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048488.html" + }, + { + "name": "6293", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6293" + }, + { + "name": "vlcmediaplayer-memmove-bo(44659)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44659" + }, + { + "name": "1020759", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020759" + }, + { + "name": "4190", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4190" + }, + { + "name": "[oss-security] 20080824 Re: CVE id request: vlc", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/08/24/3" + }, + { + "name": "GLSA-200809-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200809-06.xml" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3873.json b/2008/3xxx/CVE-2008-3873.json index 897d674b119..76e3358c7e8 100644 --- a/2008/3xxx/CVE-2008-3873.json +++ b/2008/3xxx/CVE-2008-3873.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.zdnet.com/security/?p=1733", - "refsource" : "MISC", - "url" : "http://blogs.zdnet.com/security/?p=1733" - }, - { - "name" : "http://blogs.zdnet.com/security/?p=1759", - "refsource" : "MISC", - "url" : "http://blogs.zdnet.com/security/?p=1759" - }, - { - "name" : "http://blogs.adobe.com/psirt/2008/08/clipboard_attack.html", - "refsource" : "CONFIRM", - "url" : "http://blogs.adobe.com/psirt/2008/08/clipboard_attack.html" - }, - { - "name" : "http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb08-18.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb08-18.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm" - }, - { - "name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=", - "refsource" : "CONFIRM", - "url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=" - }, - { - "name" : "GLSA-200903-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200903-23.xml" - }, - { - "name" : "RHSA-2008:0945", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0945.html" - }, - { - "name" : "RHSA-2008:0980", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0980.html" - }, - { - "name" : "248586", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1" - }, - { - "name" : "SUSE-SR:2008:025", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html" - }, - { - "name" : "31117", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31117" - }, - { - "name" : "34226", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34226" - }, - { - "name" : "ADV-2008-2838", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2838" - }, - { - "name" : "1020724", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020724" - }, - { - "name" : "32448", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32448" - }, - { - "name" : "32759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32759" - }, - { - "name" : "32702", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32702" - }, - { - "name" : "33390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33390" - }, - { - "name" : "adobe-flash-setclipboard-hijacking(44584)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44584" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=", + "refsource": "CONFIRM", + "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=" + }, + { + "name": "33390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33390" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb08-18.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb08-18.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm" + }, + { + "name": "32702", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32702" + }, + { + "name": "adobe-flash-setclipboard-hijacking(44584)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44584" + }, + { + "name": "http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html" + }, + { + "name": "http://blogs.adobe.com/psirt/2008/08/clipboard_attack.html", + "refsource": "CONFIRM", + "url": "http://blogs.adobe.com/psirt/2008/08/clipboard_attack.html" + }, + { + "name": "34226", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34226" + }, + { + "name": "ADV-2008-2838", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2838" + }, + { + "name": "http://blogs.zdnet.com/security/?p=1733", + "refsource": "MISC", + "url": "http://blogs.zdnet.com/security/?p=1733" + }, + { + "name": "GLSA-200903-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml" + }, + { + "name": "1020724", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020724" + }, + { + "name": "32759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32759" + }, + { + "name": "RHSA-2008:0945", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0945.html" + }, + { + "name": "RHSA-2008:0980", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm" + }, + { + "name": "31117", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31117" + }, + { + "name": "248586", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1" + }, + { + "name": "32448", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32448" + }, + { + "name": "SUSE-SR:2008:025", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html" + }, + { + "name": "http://blogs.zdnet.com/security/?p=1759", + "refsource": "MISC", + "url": "http://blogs.zdnet.com/security/?p=1759" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4178.json b/2008/4xxx/CVE-2008-4178.json index b27e1b482a1..496935455b6 100644 --- a/2008/4xxx/CVE-2008-4178.json +++ b/2008/4xxx/CVE-2008-4178.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6946", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6946" - }, - { - "name" : "6947", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6947" - }, - { - "name" : "6951", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6951" - }, - { - "name" : "6950", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6950" - }, - { - "name" : "http://packetstorm.linuxsecurity.com/0809-exploits/categoryaddon-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstorm.linuxsecurity.com/0809-exploits/categoryaddon-sql.txt" - }, - { - "name" : "http://packetstorm.linuxsecurity.com/0809-exploits/downline-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstorm.linuxsecurity.com/0809-exploits/downline-sql.txt" - }, - { - "name" : "http://packetstormsecurity.org/0809-exploits/newdownline-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0809-exploits/newdownline-sql.txt" - }, - { - "name" : "31169", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31169" - }, - { - "name" : "ADV-2008-2992", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2992" - }, - { - "name" : "ADV-2008-2994", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2994" - }, - { - "name" : "ADV-2008-2995", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2995" - }, - { - "name" : "31812", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31812" - }, - { - "name" : "ADV-2008-2993", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2993" - }, - { - "name" : "downlinegoldmine-tr-sql-injection(45128)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6947", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6947" + }, + { + "name": "ADV-2008-2993", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2993" + }, + { + "name": "ADV-2008-2992", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2992" + }, + { + "name": "downlinegoldmine-tr-sql-injection(45128)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45128" + }, + { + "name": "http://packetstorm.linuxsecurity.com/0809-exploits/downline-sql.txt", + "refsource": "MISC", + "url": "http://packetstorm.linuxsecurity.com/0809-exploits/downline-sql.txt" + }, + { + "name": "31169", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31169" + }, + { + "name": "6950", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6950" + }, + { + "name": "http://packetstorm.linuxsecurity.com/0809-exploits/categoryaddon-sql.txt", + "refsource": "MISC", + "url": "http://packetstorm.linuxsecurity.com/0809-exploits/categoryaddon-sql.txt" + }, + { + "name": "6951", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6951" + }, + { + "name": "ADV-2008-2995", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2995" + }, + { + "name": "6946", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6946" + }, + { + "name": "31812", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31812" + }, + { + "name": "ADV-2008-2994", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2994" + }, + { + "name": "http://packetstormsecurity.org/0809-exploits/newdownline-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0809-exploits/newdownline-sql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4609.json b/2008/4xxx/CVE-2008-4609.json index 464dc5dd571..12793c238de 100644 --- a/2008/4xxx/CVE-2008-4609.json +++ b/2008/4xxx/CVE-2008-4609.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dailydave] 20081002 TCP Resource Exhaustion DoS Attack Speculation", - "refsource" : "MLIST", - "url" : "http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html" - }, - { - "name" : "http://blog.robertlee.name/2008/10/conjecture-speculation.html", - "refsource" : "MISC", - "url" : "http://blog.robertlee.name/2008/10/conjecture-speculation.html" - }, - { - "name" : "http://insecure.org/stf/tcp-dos-attack-explained.html", - "refsource" : "MISC", - "url" : "http://insecure.org/stf/tcp-dos-attack-explained.html" - }, - { - "name" : "http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked", - "refsource" : "MISC", - "url" : "http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked" - }, - { - "name" : "http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf", - "refsource" : "MISC", - "url" : "http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf" - }, - { - "name" : "http://www.outpost24.com/news/news-2008-10-02.html", - "refsource" : "MISC", - "url" : "http://www.outpost24.com/news/news-2008-10-02.html" - }, - { - "name" : "https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html", - "refsource" : "MISC", - "url" : "https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" - }, - { - "name" : "20081017 Cisco Response to Outpost24 TCP State Table Manipulation Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html" - }, - { - "name" : "20090908 TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml" - }, - { - "name" : "HPSBMI02473", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=125856010926699&w=2" - }, - { - "name" : "SSRT080138", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=125856010926699&w=2" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "MS09-048", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048" - }, - { - "name" : "TA09-251A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-251A.html" - }, - { - "name" : "oval:org.mitre.oval:def:6340", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6340" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.robertlee.name/2008/10/conjecture-speculation.html", + "refsource": "MISC", + "url": "http://blog.robertlee.name/2008/10/conjecture-speculation.html" + }, + { + "name": "https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html", + "refsource": "MISC", + "url": "https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html" + }, + { + "name": "HPSBMI02473", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=125856010926699&w=2" + }, + { + "name": "[dailydave] 20081002 TCP Resource Exhaustion DoS Attack Speculation", + "refsource": "MLIST", + "url": "http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html" + }, + { + "name": "http://insecure.org/stf/tcp-dos-attack-explained.html", + "refsource": "MISC", + "url": "http://insecure.org/stf/tcp-dos-attack-explained.html" + }, + { + "name": "http://www.outpost24.com/news/news-2008-10-02.html", + "refsource": "MISC", + "url": "http://www.outpost24.com/news/news-2008-10-02.html" + }, + { + "name": "http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf", + "refsource": "MISC", + "url": "http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf" + }, + { + "name": "20090908 TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml" + }, + { + "name": "TA09-251A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" + }, + { + "name": "20081017 Cisco Response to Outpost24 TCP State Table Manipulation Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html" + }, + { + "name": "MS09-048", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048" + }, + { + "name": "http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked", + "refsource": "MISC", + "url": "http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked" + }, + { + "name": "oval:org.mitre.oval:def:6340", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6340" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "SSRT080138", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=125856010926699&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4724.json b/2008/4xxx/CVE-2008-4724.json index 2d633bcecc4..3a8e04f83c3 100644 --- a/2008/4xxx/CVE-2008-4724.json +++ b/2008/4xxx/CVE-2008-4724.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "31855", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31855" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31855", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31855" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6011.json b/2008/6xxx/CVE-2008-6011.json index 4d4246aaffc..8af8e535e3e 100644 --- a/2008/6xxx/CVE-2008-6011.json +++ b/2008/6xxx/CVE-2008-6011.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in SG Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6631", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6631" - }, - { - "name" : "6634", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6634" - }, - { - "name" : "31489", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31489" - }, - { - "name" : "sgrealestateportal-index-sql-injection(45568)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in SG Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6631", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6631" + }, + { + "name": "31489", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31489" + }, + { + "name": "sgrealestateportal-index-sql-injection(45568)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45568" + }, + { + "name": "6634", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6634" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6213.json b/2008/6xxx/CVE-2008-6213.json index 56e902afd98..c95a1731c29 100644 --- a/2008/6xxx/CVE-2008-6213.json +++ b/2008/6xxx/CVE-2008-6213.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in mypage.php in Harlandscripts Pro Traffic One allows remote attackers to execute arbitrary SQL commands via the trg parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081030 harlandscripts Mypage.php Sql Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497946" - }, - { - "name" : "6874", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6874" - }, - { - "name" : "31986", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31986" - }, - { - "name" : "32467", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32467" - }, - { - "name" : "ADV-2008-2964", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2964" - }, - { - "name" : "protrafficone-mypage-sql-injection(46207)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46207" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in mypage.php in Harlandscripts Pro Traffic One allows remote attackers to execute arbitrary SQL commands via the trg parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31986", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31986" + }, + { + "name": "protrafficone-mypage-sql-injection(46207)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46207" + }, + { + "name": "ADV-2008-2964", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2964" + }, + { + "name": "32467", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32467" + }, + { + "name": "6874", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6874" + }, + { + "name": "20081030 harlandscripts Mypage.php Sql Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497946" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6245.json b/2008/6xxx/CVE-2008-6245.json index 18da271c319..4ef286f562a 100644 --- a/2008/6xxx/CVE-2008-6245.json +++ b/2008/6xxx/CVE-2008-6245.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in track.php in Scripts For Sites (SFS) EZ BIZ PRO allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6910", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6910" - }, - { - "name" : "32033", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32033" - }, - { - "name" : "32552", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32552" - }, - { - "name" : "ezbizpro-track-sql-injection(46280)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in track.php in Scripts For Sites (SFS) EZ BIZ PRO allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ezbizpro-track-sql-injection(46280)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46280" + }, + { + "name": "6910", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6910" + }, + { + "name": "32033", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32033" + }, + { + "name": "32552", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32552" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6344.json b/2008/6xxx/CVE-2008-6344.json index 38e512a0212..3728295b236 100644 --- a/2008/6xxx/CVE-2008-6344.json +++ b/2008/6xxx/CVE-2008-6344.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4" - }, - { - "name" : "32981", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4" + }, + { + "name": "32981", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32981" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6837.json b/2008/6xxx/CVE-2008-6837.json index 546addd1977..9a28b706fdb 100644 --- a/2008/6xxx/CVE-2008-6837.json +++ b/2008/6xxx/CVE-2008-6837.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-3258. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/bid/30116/exploit", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/bid/30116/exploit" - }, - { - "name" : "30116", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30116" - }, - { - "name" : "zoph-login-sql-injection(43693)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-3258. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30116", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30116" + }, + { + "name": "http://www.securityfocus.com/bid/30116/exploit", + "refsource": "MISC", + "url": "http://www.securityfocus.com/bid/30116/exploit" + }, + { + "name": "zoph-login-sql-injection(43693)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43693" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6844.json b/2008/6xxx/CVE-2008-6844.json index 9200eea51af..d795a44bbdc 100644 --- a/2008/6xxx/CVE-2008-6844.json +++ b/2008/6xxx/CVE-2008-6844.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7406", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7406" - }, - { - "name" : "http://ez.no/developer/security/security_advisories/ez_publish_4_0/ezsa_2008_003_insufficient_form_handling_made_privilege_escalation_possible", - "refsource" : "CONFIRM", - "url" : "http://ez.no/developer/security/security_advisories/ez_publish_4_0/ezsa_2008_003_insufficient_form_handling_made_privilege_escalation_possible" - }, - { - "name" : "32762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32762" - }, - { - "name" : "52708", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/52708" - }, - { - "name" : "ezpublish-registration-privilege-escalation(47216)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ezpublish-registration-privilege-escalation(47216)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47216" + }, + { + "name": "52708", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/52708" + }, + { + "name": "32762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32762" + }, + { + "name": "http://ez.no/developer/security/security_advisories/ez_publish_4_0/ezsa_2008_003_insufficient_form_handling_made_privilege_escalation_possible", + "refsource": "CONFIRM", + "url": "http://ez.no/developer/security/security_advisories/ez_publish_4_0/ezsa_2008_003_insufficient_form_handling_made_privilege_escalation_possible" + }, + { + "name": "7406", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7406" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7308.json b/2008/7xxx/CVE-2008-7308.json index d91db27988e..f755a173c2b 100644 --- a/2008/7xxx/CVE-2008-7308.json +++ b/2008/7xxx/CVE-2008-7308.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7308", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7308", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2023.json b/2013/2xxx/CVE-2013-2023.json index c914917f22a..9dff40844c8 100644 --- a/2013/2xxx/CVE-2013-2023.json +++ b/2013/2xxx/CVE-2013-2023.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to incomplete blacklists, a different vulnerability than CVE-2013-1942 and CVE-2013-2022." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130421 Vulnerabilities in jPlayer", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Apr/192" - }, - { - "name" : "[oss-security] 20130411 CVE-2013-1942 jPlayer 2.2.19 XSS", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=136570964825921&w=2" - }, - { - "name" : "[oss-security] 20130429 Re: CVE-2013-1942 jPlayer 2.2.19 XSS", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=136726705917858&w=2" - }, - { - "name" : "[oss-security] 20130505 Re: CVE-2013-1942 jPlayer 2.2.19 XSS", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=136773622321563&w=2" - }, - { - "name" : "[oss-security] 20130627 Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/06/27/7" - }, - { - "name" : "[oss-security] 20130704 Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/07/04/5" - }, - { - "name" : "http://www.jplayer.org/latest/release-notes/", - "refsource" : "CONFIRM", - "url" : "http://www.jplayer.org/latest/release-notes/" - }, - { - "name" : "https://github.com/happyworm/jPlayer/commit/8ccc429598d62eebe9f65a0a4e6fd406a123c8b4", - "refsource" : "CONFIRM", - "url" : "https://github.com/happyworm/jPlayer/commit/8ccc429598d62eebe9f65a0a4e6fd406a123c8b4" - }, - { - "name" : "https://github.com/happyworm/jPlayer/commit/c2417972af1295be8dcc07470b0e3d25b0a77e0b", - "refsource" : "CONFIRM", - "url" : "https://github.com/happyworm/jPlayer/commit/c2417972af1295be8dcc07470b0e3d25b0a77e0b" - }, - { - "name" : "https://github.com/happyworm/jPlayer/issues/162", - "refsource" : "CONFIRM", - "url" : "https://github.com/happyworm/jPlayer/issues/162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to incomplete blacklists, a different vulnerability than CVE-2013-1942 and CVE-2013-2022." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/happyworm/jPlayer/commit/8ccc429598d62eebe9f65a0a4e6fd406a123c8b4", + "refsource": "CONFIRM", + "url": "https://github.com/happyworm/jPlayer/commit/8ccc429598d62eebe9f65a0a4e6fd406a123c8b4" + }, + { + "name": "https://github.com/happyworm/jPlayer/commit/c2417972af1295be8dcc07470b0e3d25b0a77e0b", + "refsource": "CONFIRM", + "url": "https://github.com/happyworm/jPlayer/commit/c2417972af1295be8dcc07470b0e3d25b0a77e0b" + }, + { + "name": "[oss-security] 20130505 Re: CVE-2013-1942 jPlayer 2.2.19 XSS", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=136773622321563&w=2" + }, + { + "name": "[oss-security] 20130627 Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/06/27/7" + }, + { + "name": "https://github.com/happyworm/jPlayer/issues/162", + "refsource": "CONFIRM", + "url": "https://github.com/happyworm/jPlayer/issues/162" + }, + { + "name": "[oss-security] 20130411 CVE-2013-1942 jPlayer 2.2.19 XSS", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=136570964825921&w=2" + }, + { + "name": "http://www.jplayer.org/latest/release-notes/", + "refsource": "CONFIRM", + "url": "http://www.jplayer.org/latest/release-notes/" + }, + { + "name": "[oss-security] 20130704 Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/07/04/5" + }, + { + "name": "20130421 Vulnerabilities in jPlayer", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Apr/192" + }, + { + "name": "[oss-security] 20130429 Re: CVE-2013-1942 jPlayer 2.2.19 XSS", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=136726705917858&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2267.json b/2013/2xxx/CVE-2013-2267.json index 00f8379a523..608e965e5c8 100644 --- a/2013/2xxx/CVE-2013-2267.json +++ b/2013/2xxx/CVE-2013-2267.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2267", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2267", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2696.json b/2013/2xxx/CVE-2013-2696.json index df7a00f6169..6f9c8279337 100644 --- a/2013/2xxx/CVE-2013-2696.json +++ b/2013/2xxx/CVE-2013-2696.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the All in One Webmaster plugin before 8.2.4 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2013-2696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wordpress.org/extend/plugins/all-in-one-webmaster/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/extend/plugins/all-in-one-webmaster/changelog/" - }, - { - "name" : "52877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52877" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the All in One Webmaster plugin before 8.2.4 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wordpress.org/extend/plugins/all-in-one-webmaster/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/extend/plugins/all-in-one-webmaster/changelog/" + }, + { + "name": "52877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52877" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6269.json b/2013/6xxx/CVE-2013-6269.json index 8786cfd06ad..aff07692940 100644 --- a/2013/6xxx/CVE-2013-6269.json +++ b/2013/6xxx/CVE-2013-6269.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6269", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6269", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6365.json b/2013/6xxx/CVE-2013-6365.json index dd29c16a6e2..3823dffb9ea 100644 --- a/2013/6xxx/CVE-2013-6365.json +++ b/2013/6xxx/CVE-2013-6365.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6365", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6365", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6508.json b/2013/6xxx/CVE-2013-6508.json index 3385bd34207..f10350796c9 100644 --- a/2013/6xxx/CVE-2013-6508.json +++ b/2013/6xxx/CVE-2013-6508.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6508", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6508", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10092.json b/2017/10xxx/CVE-2017-10092.json index c30a406ae93..ccb94a8d10b 100644 --- a/2017/10xxx/CVE-2017-10092.json +++ b/2017/10xxx/CVE-2017-10092.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Agile PLM Framework", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.3.5" - }, - { - "version_affected" : "=", - "version_value" : "9.3.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Agile PLM Framework", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.3.5" + }, + { + "version_affected": "=", + "version_value": "9.3.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99677", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99677" - }, - { - "name" : "1038947", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038947" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038947", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038947" + }, + { + "name": "99677", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99677" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14337.json b/2017/14xxx/CVE-2017-14337.json index 02578fdaf26..fadcd12dc51 100644 --- a/2017/14xxx/CVE-2017-14337.json +++ b/2017/14xxx/CVE-2017-14337.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/MISP/MISP/commit/be111a470204a974c50682054c9c7d4b94396ed9", - "refsource" : "CONFIRM", - "url" : "https://github.com/MISP/MISP/commit/be111a470204a974c50682054c9c7d4b94396ed9" - }, - { - "name" : "https://www.circl.lu/advisory/CVE-2017-14337/", - "refsource" : "CONFIRM", - "url" : "https://www.circl.lu/advisory/CVE-2017-14337/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/MISP/MISP/commit/be111a470204a974c50682054c9c7d4b94396ed9", + "refsource": "CONFIRM", + "url": "https://github.com/MISP/MISP/commit/be111a470204a974c50682054c9c7d4b94396ed9" + }, + { + "name": "https://www.circl.lu/advisory/CVE-2017-14337/", + "refsource": "CONFIRM", + "url": "https://www.circl.lu/advisory/CVE-2017-14337/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14718.json b/2017/14xxx/CVE-2017-14718.json index 09c983698ea..bd9fab1f324 100644 --- a/2017/14xxx/CVE-2017-14718.json +++ b/2017/14xxx/CVE-2017-14718.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://core.trac.wordpress.org/changeset/41393", - "refsource" : "MISC", - "url" : "https://core.trac.wordpress.org/changeset/41393" - }, - { - "name" : "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/", - "refsource" : "MISC", - "url" : "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/" - }, - { - "name" : "DSA-3997", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3997" - }, - { - "name" : "100912", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100912" - }, - { - "name" : "1039553", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3997", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3997" + }, + { + "name": "100912", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100912" + }, + { + "name": "https://core.trac.wordpress.org/changeset/41393", + "refsource": "MISC", + "url": "https://core.trac.wordpress.org/changeset/41393" + }, + { + "name": "1039553", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039553" + }, + { + "name": "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/", + "refsource": "MISC", + "url": "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14719.json b/2017/14xxx/CVE-2017-14719.json index f46110704c5..6821dc4a300 100644 --- a/2017/14xxx/CVE-2017-14719.json +++ b/2017/14xxx/CVE-2017-14719.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://core.trac.wordpress.org/changeset/41457", - "refsource" : "MISC", - "url" : "https://core.trac.wordpress.org/changeset/41457" - }, - { - "name" : "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/", - "refsource" : "MISC", - "url" : "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8911", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8911" - }, - { - "name" : "DSA-3997", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3997" - }, - { - "name" : "100912", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100912" - }, - { - "name" : "1039553", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3997", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3997" + }, + { + "name": "100912", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100912" + }, + { + "name": "1039553", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039553" + }, + { + "name": "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/", + "refsource": "MISC", + "url": "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8911", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8911" + }, + { + "name": "https://core.trac.wordpress.org/changeset/41457", + "refsource": "MISC", + "url": "https://core.trac.wordpress.org/changeset/41457" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15165.json b/2017/15xxx/CVE-2017-15165.json index b3258c8a6e4..0670bd6673b 100644 --- a/2017/15xxx/CVE-2017-15165.json +++ b/2017/15xxx/CVE-2017-15165.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15165", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15165", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15200.json b/2017/15xxx/CVE-2017-15200.json index 731fc5d889a..16471d8e1f1 100644 --- a/2017/15xxx/CVE-2017-15200.json +++ b/2017/15xxx/CVE-2017-15200.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2017/10/04/9", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2017/10/04/9" - }, - { - "name" : "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0", - "refsource" : "MISC", - "url" : "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0" - }, - { - "name" : "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524", - "refsource" : "MISC", - "url" : "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524" - }, - { - "name" : "https://kanboard.net/news/version-1.0.47", - "refsource" : "MISC", - "url" : "https://kanboard.net/news/version-1.0.47" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0", + "refsource": "MISC", + "url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/10/04/9", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2017/10/04/9" + }, + { + "name": "https://kanboard.net/news/version-1.0.47", + "refsource": "MISC", + "url": "https://kanboard.net/news/version-1.0.47" + }, + { + "name": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524", + "refsource": "MISC", + "url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15206.json b/2017/15xxx/CVE-2017-15206.json index 0f5e0a95023..625203651db 100644 --- a/2017/15xxx/CVE-2017-15206.json +++ b/2017/15xxx/CVE-2017-15206.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2017/10/04/9", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2017/10/04/9" - }, - { - "name" : "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0", - "refsource" : "MISC", - "url" : "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0" - }, - { - "name" : "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524", - "refsource" : "MISC", - "url" : "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524" - }, - { - "name" : "https://kanboard.net/news/version-1.0.47", - "refsource" : "MISC", - "url" : "https://kanboard.net/news/version-1.0.47" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0", + "refsource": "MISC", + "url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/10/04/9", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2017/10/04/9" + }, + { + "name": "https://kanboard.net/news/version-1.0.47", + "refsource": "MISC", + "url": "https://kanboard.net/news/version-1.0.47" + }, + { + "name": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524", + "refsource": "MISC", + "url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15272.json b/2017/15xxx/CVE-2017-15272.json index f63bc96c90f..4cc82143ad2 100644 --- a/2017/15xxx/CVE-2017-15272.json +++ b/2017/15xxx/CVE-2017-15272.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password \"ITsILLEGAL\"; however, this password is not required to extract the data. Cleartext is used for a user password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20171110 Advisory X41-2017-006: Multiple Vulnerabilities in PSFTPd Windows FTP Server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/541518/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/144972/PSFTPd-Windows-FTP-Server-10.0.4-Build-729-Use-After-Free-Log-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/144972/PSFTPd-Windows-FTP-Server-10.0.4-Build-729-Use-After-Free-Log-Injection.html" - }, - { - "name" : "https://www.x41-dsec.de/lab/advisories/x41-2017-006-psftpd/", - "refsource" : "MISC", - "url" : "https://www.x41-dsec.de/lab/advisories/x41-2017-006-psftpd/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password \"ITsILLEGAL\"; however, this password is not required to extract the data. Cleartext is used for a user password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/144972/PSFTPd-Windows-FTP-Server-10.0.4-Build-729-Use-After-Free-Log-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/144972/PSFTPd-Windows-FTP-Server-10.0.4-Build-729-Use-After-Free-Log-Injection.html" + }, + { + "name": "20171110 Advisory X41-2017-006: Multiple Vulnerabilities in PSFTPd Windows FTP Server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/541518/100/0/threaded" + }, + { + "name": "https://www.x41-dsec.de/lab/advisories/x41-2017-006-psftpd/", + "refsource": "MISC", + "url": "https://www.x41-dsec.de/lab/advisories/x41-2017-006-psftpd/" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15525.json b/2017/15xxx/CVE-2017-15525.json index 7500f182242..8a3ca6e124a 100644 --- a/2017/15xxx/CVE-2017-15525.json +++ b/2017/15xxx/CVE-2017-15525.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@symantec.com", - "DATE_PUBLIC" : "2017-11-13T00:00:00", - "ID" : "CVE-2017-15525", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Symantec Endpoint Encryption", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to SEE v11.1.3MP1" - } - ] - } - } - ] - }, - "vendor_name" : "Symantec Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "DATE_PUBLIC": "2017-11-13T00:00:00", + "ID": "CVE-2017-15525", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Symantec Endpoint Encryption", + "version": { + "version_data": [ + { + "version_value": "Prior to SEE v11.1.3MP1" + } + ] + } + } + ] + }, + "vendor_name": "Symantec Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171113_00", - "refsource" : "CONFIRM", - "url" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171113_00" - }, - { - "name" : "101697", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101697", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101697" + }, + { + "name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171113_00", + "refsource": "CONFIRM", + "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171113_00" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9090.json b/2017/9xxx/CVE-2017-9090.json index 30d6395f88a..1c780757afb 100644 --- a/2017/9xxx/CVE-2017-9090.json +++ b/2017/9xxx/CVE-2017-9090.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha']." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/s3131212/allendisk/issues/25", - "refsource" : "CONFIRM", - "url" : "https://github.com/s3131212/allendisk/issues/25" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha']." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/s3131212/allendisk/issues/25", + "refsource": "CONFIRM", + "url": "https://github.com/s3131212/allendisk/issues/25" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9226.json b/2017/9xxx/CVE-2017-9226.json index 30c2912a484..e96aab51fa0 100644 --- a/2017/9xxx/CVE-2017-9226.json +++ b/2017/9xxx/CVE-2017-9226.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/kkos/oniguruma/commit/b4bf968ad52afe14e60a2dc8a95d3555c543353a", - "refsource" : "CONFIRM", - "url" : "https://github.com/kkos/oniguruma/commit/b4bf968ad52afe14e60a2dc8a95d3555c543353a" - }, - { - "name" : "https://github.com/kkos/oniguruma/commit/f015fbdd95f76438cd86366467bb2b39870dd7c6", - "refsource" : "CONFIRM", - "url" : "https://github.com/kkos/oniguruma/commit/f015fbdd95f76438cd86366467bb2b39870dd7c6" - }, - { - "name" : "https://github.com/kkos/oniguruma/issues/55", - "refsource" : "CONFIRM", - "url" : "https://github.com/kkos/oniguruma/issues/55" - }, - { - "name" : "RHSA-2018:1296", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1296" - }, - { - "name" : "101244", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101244" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/kkos/oniguruma/issues/55", + "refsource": "CONFIRM", + "url": "https://github.com/kkos/oniguruma/issues/55" + }, + { + "name": "RHSA-2018:1296", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1296" + }, + { + "name": "https://github.com/kkos/oniguruma/commit/f015fbdd95f76438cd86366467bb2b39870dd7c6", + "refsource": "CONFIRM", + "url": "https://github.com/kkos/oniguruma/commit/f015fbdd95f76438cd86366467bb2b39870dd7c6" + }, + { + "name": "https://github.com/kkos/oniguruma/commit/b4bf968ad52afe14e60a2dc8a95d3555c543353a", + "refsource": "CONFIRM", + "url": "https://github.com/kkos/oniguruma/commit/b4bf968ad52afe14e60a2dc8a95d3555c543353a" + }, + { + "name": "101244", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101244" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9297.json b/2017/9xxx/CVE-2017-9297.json index cd79d8e4e23..a6f9d7c3ecb 100644 --- a/2017/9xxx/CVE-2017-9297.json +++ b/2017/9xxx/CVE-2017-9297.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-114/", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-114/" - }, - { - "name" : "98775", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98775", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98775" + }, + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-114/", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-114/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9591.json b/2017/9xxx/CVE-2017-9591.json index 8be05877295..583818969ff 100644 --- a/2017/9xxx/CVE-2017-9591.json +++ b/2017/9xxx/CVE-2017-9591.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"PCB Mobile\" by Phelps County Bank app 3.0.2 -- aka pcb-mobile/id436891295 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"PCB Mobile\" by Phelps County Bank app 3.0.2 -- aka pcb-mobile/id436891295 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9619.json b/2017/9xxx/CVE-2017-9619.json index aeeea36cff0..3d7fbcdc909 100644 --- a/2017/9xxx/CVE-2017-9619.json +++ b/2017/9xxx/CVE-2017-9619.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (Segmentation Violation and application crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c53183d4e7103e87368b7cfa15367a47d559e323", - "refsource" : "CONFIRM", - "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c53183d4e7103e87368b7cfa15367a47d559e323" - }, - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=698042", - "refsource" : "CONFIRM", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=698042" - }, - { - "name" : "GLSA-201811-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-12" - }, - { - "name" : "99988", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (Segmentation Violation and application crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201811-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-12" + }, + { + "name": "99988", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99988" + }, + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=698042", + "refsource": "CONFIRM", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=698042" + }, + { + "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c53183d4e7103e87368b7cfa15367a47d559e323", + "refsource": "CONFIRM", + "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c53183d4e7103e87368b7cfa15367a47d559e323" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9916.json b/2017/9xxx/CVE-2017-9916.json index 7721b0cc3e2..8571da88a4c 100644 --- a/2017/9xxx/CVE-2017-9916.json +++ b/2017/9xxx/CVE-2017-9916.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9916", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlFreeHandle+0x00000000000001b6.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9916", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9916" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlFreeHandle+0x00000000000001b6.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9916", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9916" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0070.json b/2018/0xxx/CVE-2018-0070.json index 879f3c75eba..d807ac392b2 100644 --- a/2018/0xxx/CVE-2018-0070.json +++ b/2018/0xxx/CVE-2018-0070.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0070", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-0070", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0576.json b/2018/0xxx/CVE-2018-0576.json index f018f07675d..447e5dc9192 100644 --- a/2018/0xxx/CVE-2018-0576.json +++ b/2018/0xxx/CVE-2018-0576.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Events Manager", - "version" : { - "version_data" : [ - { - "version_value" : "prior to version 5.9" - } - ] - } - } - ] - }, - "vendor_name" : "NetWebLogic" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Events Manager", + "version": { + "version_data": [ + { + "version_value": "prior to version 5.9" + } + ] + } + } + ] + }, + "vendor_name": "NetWebLogic" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wordpress.org/plugins/events-manager/#developers", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/events-manager/#developers" - }, - { - "name" : "JVN#85531148", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN85531148/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/events-manager/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/events-manager/#developers" + }, + { + "name": "JVN#85531148", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN85531148/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0630.json b/2018/0xxx/CVE-2018-0630.json index 7145ae97986..5ce3776672b 100644 --- a/2018/0xxx/CVE-2018-0630.json +++ b/2018/0xxx/CVE-2018-0630.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Aterm W300P", - "version" : { - "version_data" : [ - { - "version_value" : "Ver1.0.13 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "NEC Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Aterm W300P", + "version": { + "version_data": [ + { + "version_value": "Ver1.0.13 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jpn.nec.com/security-info/secinfo/nv18-011.html", - "refsource" : "MISC", - "url" : "https://jpn.nec.com/security-info/secinfo/nv18-011.html" - }, - { - "name" : "JVN#26629618", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN26629618/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jpn.nec.com/security-info/secinfo/nv18-011.html", + "refsource": "MISC", + "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html" + }, + { + "name": "JVN#26629618", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN26629618/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0879.json b/2018/0xxx/CVE-2018-0879.json index 04c9cfd81b9..73b86b3b78f 100644 --- a/2018/0xxx/CVE-2018-0879.json +++ b/2018/0xxx/CVE-2018-0879.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-03-14T00:00:00", - "ID" : "CVE-2018-0879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 1709" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge in Windows 10 1709 allows information disclosure, due to how Edge handles objects in memory, aka \"Microsoft Edge Information Disclosure Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-03-14T00:00:00", + "ID": "CVE-2018-0879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 1709" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0879", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0879" - }, - { - "name" : "103303", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103303" - }, - { - "name" : "1040507", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040507" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge in Windows 10 1709 allows information disclosure, due to how Edge handles objects in memory, aka \"Microsoft Edge Information Disclosure Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103303", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103303" + }, + { + "name": "1040507", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040507" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0879", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0879" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000108.json b/2018/1000xxx/CVE-2018-1000108.json index 5092dd58ff5..8a25796c9da 100644 --- a/2018/1000xxx/CVE-2018-1000108.json +++ b/2018/1000xxx/CVE-2018-1000108.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2018-02-26", - "ID" : "CVE-2018-1000108", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins CppNCSS Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "1.1 and older" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A cross-site scripting vulnerability exists in Jenkins CppNCSS Plugin 1.1 and earlier in AbstractProjectAction/index.jelly that allow an attacker to craft links to Jenkins URLs that run arbitrary JavaScript in the user's browser when accessed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-02-26", + "ID": "CVE-2018-1000108", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-712", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-712" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site scripting vulnerability exists in Jenkins CppNCSS Plugin 1.1 and earlier in AbstractProjectAction/index.jelly that allow an attacker to craft links to Jenkins URLs that run arbitrary JavaScript in the user's browser when accessed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-712", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-712" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000612.json b/2018/1000xxx/CVE-2018-1000612.json index 676021e90cf..991f9b36af0 100644 --- a/2018/1000xxx/CVE-2018-1000612.json +++ b/2018/1000xxx/CVE-2018-1000612.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1000612", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-12230. Reason: This candidate is a reservation duplicate of CVE-2018-12230. Notes: All CVE users should reference CVE-2018-12230 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-1000612", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-12230. Reason: This candidate is a reservation duplicate of CVE-2018-12230. Notes: All CVE users should reference CVE-2018-12230 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000860.json b/2018/1000xxx/CVE-2018-1000860.json index 0c4c9f34d3c..42259e09976 100644 --- a/2018/1000xxx/CVE-2018-1000860.json +++ b/2018/1000xxx/CVE-2018-1000860.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-12-05T14:18:48.097031", - "DATE_REQUESTED" : "2018-11-29T17:16:48", - "ID" : "CVE-2018-1000860", - "REQUESTER" : "Disgruntled3lf@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "phpipam", - "version" : { - "version_data" : [ - { - "version_value" : "1.3.2 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "phpipam" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpipam version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'>quqtl exploits an XSS vulnerability. that can result in Arbitrary code executes in victims browser.. This attack appear to be exploitable via Needs to be chained with another exploit that allows an attacker to set or modify a cookie for the phpIPAM instance's domain.." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-12-05T14:18:48.097031", + "DATE_REQUESTED": "2018-11-29T17:16:48", + "ID": "CVE-2018-1000860", + "REQUESTER": "Disgruntled3lf@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/phpipam/phpipam/issues/2338", - "refsource" : "MISC", - "url" : "https://github.com/phpipam/phpipam/issues/2338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpipam version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'>quqtl exploits an XSS vulnerability. that can result in Arbitrary code executes in victims browser.. This attack appear to be exploitable via Needs to be chained with another exploit that allows an attacker to set or modify a cookie for the phpIPAM instance's domain.." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/phpipam/phpipam/issues/2338", + "refsource": "MISC", + "url": "https://github.com/phpipam/phpipam/issues/2338" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12113.json b/2018/12xxx/CVE-2018-12113.json index 5de2fdb1b65..f9bcce27349 100644 --- a/2018/12xxx/CVE-2018-12113.json +++ b/2018/12xxx/CVE-2018-12113.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution via a PASV response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/148383/Core-FTP-LE-2.2-Buffer-Overflow.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148383/Core-FTP-LE-2.2-Buffer-Overflow.html" - }, - { - "name" : "https://gist.github.com/berkgoksel/a654c8cb661c7a27a3f763dee92016aa", - "refsource" : "MISC", - "url" : "https://gist.github.com/berkgoksel/a654c8cb661c7a27a3f763dee92016aa" - }, - { - "name" : "https://gist.github.com/berkgoksel/e97b3f3b15e2f8293f649d4ebe6a6fc9", - "refsource" : "MISC", - "url" : "https://gist.github.com/berkgoksel/e97b3f3b15e2f8293f649d4ebe6a6fc9" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution via a PASV response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/berkgoksel/e97b3f3b15e2f8293f649d4ebe6a6fc9", + "refsource": "MISC", + "url": "https://gist.github.com/berkgoksel/e97b3f3b15e2f8293f649d4ebe6a6fc9" + }, + { + "name": "https://gist.github.com/berkgoksel/a654c8cb661c7a27a3f763dee92016aa", + "refsource": "MISC", + "url": "https://gist.github.com/berkgoksel/a654c8cb661c7a27a3f763dee92016aa" + }, + { + "name": "http://packetstormsecurity.com/files/148383/Core-FTP-LE-2.2-Buffer-Overflow.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148383/Core-FTP-LE-2.2-Buffer-Overflow.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12258.json b/2018/12xxx/CVE-2018-12258.json index 6abcc1f5a3f..847850fdfb7 100644 --- a/2018/12xxx/CVE-2018-12258.json +++ b/2018/12xxx/CVE-2018-12258.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via an SD Card. With physical access, an attacker can upgrade the firmware in under 60 seconds by inserting an SD card containing the firmware with name 'ezviz.dav' and rebooting." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf", - "refsource" : "MISC", - "url" : "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via an SD Card. With physical access, an attacker can upgrade the firmware in under 60 seconds by inserting an SD card containing the firmware with name 'ezviz.dav' and rebooting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf", + "refsource": "MISC", + "url": "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12474.json b/2018/12xxx/CVE-2018-12474.json index f11b8be341e..a5e8957b404 100644 --- a/2018/12xxx/CVE-2018-12474.json +++ b/2018/12xxx/CVE-2018-12474.json @@ -1,99 +1,99 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@suse.de", - "DATE_PUBLIC" : "2018-09-26T00:00:00.000Z", - "ID" : "CVE-2018-12474", - "STATE" : "PUBLIC", - "TITLE" : "Crafted service parameters allows to induce unexpected behaviour in obs-service-tar_scm" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Open Build Service", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "51a17c553b6ae2598820b7a90fd0c11502a49106" - } - ] - } - } - ] - }, - "vendor_name" : "openSUSE" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Matthias Gerstner of SUSE" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE Open Build Service: versions prior to 51a17c553b6ae2598820b7a90fd0c11502a49106." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 5.4, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "LOW", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20: Improper Input Validation" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2018-09-26T00:00:00.000Z", + "ID": "CVE-2018-12474", + "STATE": "PUBLIC", + "TITLE": "Crafted service parameters allows to induce unexpected behaviour in obs-service-tar_scm" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Open Build Service", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "51a17c553b6ae2598820b7a90fd0c11502a49106" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1107507", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1107507" - }, - { - "name" : "https://github.com/openSUSE/obs-service-tar_scm/pull/254", - "refsource" : "CONFIRM", - "url" : "https://github.com/openSUSE/obs-service-tar_scm/pull/254" - } - ] - }, - "source" : { - "advisory" : "https://bugzilla.suse.com/show_bug.cgi?id=1107507", - "defect" : [ - "https://bugzilla.suse.com/show_bug.cgi?id=1107507" - ], - "discovery" : "INTERNAL" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Matthias Gerstner of SUSE" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE Open Build Service: versions prior to 51a17c553b6ae2598820b7a90fd0c11502a49106." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/openSUSE/obs-service-tar_scm/pull/254", + "refsource": "CONFIRM", + "url": "https://github.com/openSUSE/obs-service-tar_scm/pull/254" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1107507", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1107507" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1107507", + "defect": [ + "https://bugzilla.suse.com/show_bug.cgi?id=1107507" + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12961.json b/2018/12xxx/CVE-2018-12961.json index 63380074aef..86206a9f824 100644 --- a/2018/12xxx/CVE-2018-12961.json +++ b/2018/12xxx/CVE-2018-12961.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12961", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12961", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16138.json b/2018/16xxx/CVE-2018-16138.json index 57638e19cf5..1007426e455 100644 --- a/2018/16xxx/CVE-2018-16138.json +++ b/2018/16xxx/CVE-2018-16138.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16138", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16138", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16218.json b/2018/16xxx/CVE-2018-16218.json index d918dd7dd81..87942d1f3fe 100644 --- a/2018/16xxx/CVE-2018-16218.json +++ b/2018/16xxx/CVE-2018-16218.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16218", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16218", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16380.json b/2018/16xxx/CVE-2018-16380.json index c2d247e1aee..e4d86879712 100644 --- a/2018/16xxx/CVE-2018-16380.json +++ b/2018/16xxx/CVE-2018-16380.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action=createnew that can add an admin account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/n00dles/ogma-CMS/issues/39", - "refsource" : "MISC", - "url" : "https://github.com/n00dles/ogma-CMS/issues/39" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action=createnew that can add an admin account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/n00dles/ogma-CMS/issues/39", + "refsource": "MISC", + "url": "https://github.com/n00dles/ogma-CMS/issues/39" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16487.json b/2018/16xxx/CVE-2018-16487.json index ccb2196bc7e..48607aaca9b 100644 --- a/2018/16xxx/CVE-2018-16487.json +++ b/2018/16xxx/CVE-2018-16487.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2018-16487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "lodash", - "version" : { - "version_data" : [ - { - "version_value" : "<4.7.11" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service (CWE-400)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2018-16487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "lodash", + "version": { + "version_data": [ + { + "version_value": "<4.7.11" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/380873", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/380873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/380873", + "refsource": "MISC", + "url": "https://hackerone.com/reports/380873" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16585.json b/2018/16xxx/CVE-2018-16585.json index 3395a8ec0c5..9d353ae2f3f 100644 --- a/2018/16xxx/CVE-2018-16585.json +++ b/2018/16xxx/CVE-2018-16585.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html" - }, - { - "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=1497d65039885a52b598b137dd8622bd4672f9be", - "refsource" : "MISC", - "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=1497d65039885a52b598b137dd8622bd4672f9be" - }, - { - "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=971472c83a345a16dac9f90f91258bb22dd77f22", - "refsource" : "MISC", - "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=971472c83a345a16dac9f90f91258bb22dd77f22" - }, - { - "name" : "https://seclists.org/oss-sec/2018/q3/182", - "refsource" : "MISC", - "url" : "https://seclists.org/oss-sec/2018/q3/182" - }, - { - "name" : "DSA-4288", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4288" - }, - { - "name" : "GLSA-201811-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-12" - }, - { - "name" : "USN-3768-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3768-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201811-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-12" + }, + { + "name": "USN-3768-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3768-1/" + }, + { + "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=1497d65039885a52b598b137dd8622bd4672f9be", + "refsource": "MISC", + "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=1497d65039885a52b598b137dd8622bd4672f9be" + }, + { + "name": "DSA-4288", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4288" + }, + { + "name": "[debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html" + }, + { + "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=971472c83a345a16dac9f90f91258bb22dd77f22", + "refsource": "MISC", + "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=971472c83a345a16dac9f90f91258bb22dd77f22" + }, + { + "name": "https://seclists.org/oss-sec/2018/q3/182", + "refsource": "MISC", + "url": "https://seclists.org/oss-sec/2018/q3/182" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16926.json b/2018/16xxx/CVE-2018-16926.json index 65d0faadc01..a320d4b9408 100644 --- a/2018/16xxx/CVE-2018-16926.json +++ b/2018/16xxx/CVE-2018-16926.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16926", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16926", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4045.json b/2018/4xxx/CVE-2018-4045.json index 8e7dd324e9a..3c9474cf6ca 100644 --- a/2018/4xxx/CVE-2018-4045.json +++ b/2018/4xxx/CVE-2018-4045.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2018-4045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Clean My Mac", - "version" : { - "version_data" : [ - { - "version_value" : "Clean My Mac X 4.04" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2018-4045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Clean My Mac", + "version": { + "version_data": [ + { + "version_value": "Clean My Mac X 4.04" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0719", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0719" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0719", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0719" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4254.json b/2018/4xxx/CVE-2018-4254.json index 2a4e2597897..e0a94631ed3 100644 --- a/2018/4xxx/CVE-2018-4254.json +++ b/2018/4xxx/CVE-2018-4254.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In macOS High Sierra before 10.13.5, an input validation issue existed in the kernel. This issue was addressed with improved input validation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208849", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In macOS High Sierra before 10.13.5, an input validation issue existed in the kernel. This issue was addressed with improved input validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208849", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208849" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4529.json b/2018/4xxx/CVE-2018-4529.json index b5ce110732b..4087d0d55f2 100644 --- a/2018/4xxx/CVE-2018-4529.json +++ b/2018/4xxx/CVE-2018-4529.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4529", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4529", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4670.json b/2018/4xxx/CVE-2018-4670.json index a7fa2322238..2d48f7119cc 100644 --- a/2018/4xxx/CVE-2018-4670.json +++ b/2018/4xxx/CVE-2018-4670.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4670", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4670", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4740.json b/2018/4xxx/CVE-2018-4740.json index 0a196b6f11e..3d6445b04c0 100644 --- a/2018/4xxx/CVE-2018-4740.json +++ b/2018/4xxx/CVE-2018-4740.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4740", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4740", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file