From 8bc591d1666d01bf51294787de5aba93e9d1d740 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:45:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/1xxx/CVE-2004-1096.json | 180 +++++++-------- 2004/1xxx/CVE-2004-1970.json | 140 ++++++------ 2008/0xxx/CVE-2008-0242.json | 190 ++++++++-------- 2008/0xxx/CVE-2008-0619.json | 170 +++++++------- 2008/0xxx/CVE-2008-0734.json | 140 ++++++------ 2008/3xxx/CVE-2008-3312.json | 140 ++++++------ 2008/3xxx/CVE-2008-3385.json | 160 ++++++------- 2008/3xxx/CVE-2008-3916.json | 350 ++++++++++++++--------------- 2008/4xxx/CVE-2008-4147.json | 160 ++++++------- 2008/4xxx/CVE-2008-4574.json | 160 ++++++------- 2013/2xxx/CVE-2013-2242.json | 130 +++++------ 2013/2xxx/CVE-2013-2287.json | 130 +++++------ 2013/2xxx/CVE-2013-2318.json | 140 ++++++------ 2013/2xxx/CVE-2013-2326.json | 140 ++++++------ 2013/2xxx/CVE-2013-2352.json | 140 ++++++------ 2013/2xxx/CVE-2013-2735.json | 160 ++++++------- 2013/6xxx/CVE-2013-6173.json | 160 ++++++------- 2013/6xxx/CVE-2013-6611.json | 34 +-- 2013/7xxx/CVE-2013-7276.json | 150 ++++++------- 2017/10xxx/CVE-2017-10426.json | 142 ++++++------ 2017/10xxx/CVE-2017-10988.json | 34 +-- 2017/14xxx/CVE-2017-14068.json | 34 +-- 2017/14xxx/CVE-2017-14105.json | 120 +++++----- 2017/14xxx/CVE-2017-14458.json | 142 ++++++------ 2017/14xxx/CVE-2017-14535.json | 150 ++++++------- 2017/14xxx/CVE-2017-14709.json | 120 +++++----- 2017/14xxx/CVE-2017-14849.json | 140 ++++++------ 2017/15xxx/CVE-2017-15276.json | 140 ++++++------ 2017/15xxx/CVE-2017-15533.json | 150 ++++++------- 2017/15xxx/CVE-2017-15559.json | 34 +-- 2017/15xxx/CVE-2017-15701.json | 152 ++++++------- 2017/17xxx/CVE-2017-17582.json | 130 +++++------ 2017/9xxx/CVE-2017-9036.json | 160 ++++++------- 2017/9xxx/CVE-2017-9929.json | 130 +++++------ 2018/0xxx/CVE-2018-0042.json | 120 +++++----- 2018/0xxx/CVE-2018-0219.json | 140 ++++++------ 2018/0xxx/CVE-2018-0353.json | 140 ++++++------ 2018/0xxx/CVE-2018-0710.json | 172 +++++++------- 2018/0xxx/CVE-2018-0733.json | 260 ++++++++++----------- 2018/1000xxx/CVE-2018-1000008.json | 134 +++++------ 2018/1000xxx/CVE-2018-1000165.json | 136 +++++------ 2018/1000xxx/CVE-2018-1000556.json | 126 +++++------ 2018/1000xxx/CVE-2018-1000801.json | 166 +++++++------- 2018/16xxx/CVE-2018-16447.json | 130 +++++------ 2018/19xxx/CVE-2018-19266.json | 34 +-- 2018/19xxx/CVE-2018-19571.json | 34 +-- 2018/19xxx/CVE-2018-19897.json | 120 +++++----- 2018/4xxx/CVE-2018-4099.json | 34 +-- 2018/4xxx/CVE-2018-4213.json | 180 +++++++-------- 2018/4xxx/CVE-2018-4339.json | 34 +-- 2018/4xxx/CVE-2018-4757.json | 34 +-- 51 files changed, 3373 insertions(+), 3373 deletions(-) diff --git a/2004/1xxx/CVE-2004-1096.json b/2004/1xxx/CVE-2004-1096.json index 2d3478671a4..c3810685cc8 100644 --- a/2004/1xxx/CVE-2004-1096.json +++ b/2004/1xxx/CVE-2004-1096.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200410-31", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200410-31.xml" - }, - { - "name" : "MDKSA-2004:118", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:118" - }, - { - "name" : "20041018 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true" - }, - { - "name" : "VU#492545", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/492545" - }, - { - "name" : "13038", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13038/" - }, - { - "name" : "11448", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11448" - }, - { - "name" : "antivirus-zip-protection-bypass(17761)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17761" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13038", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13038/" + }, + { + "name": "MDKSA-2004:118", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:118" + }, + { + "name": "antivirus-zip-protection-bypass(17761)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17761" + }, + { + "name": "VU#492545", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/492545" + }, + { + "name": "11448", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11448" + }, + { + "name": "20041018 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true" + }, + { + "name": "GLSA-200410-31", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-31.xml" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1970.json b/2004/1xxx/CVE-2004-1970.json index 203b43f48be..95cd49723fb 100644 --- a/2004/1xxx/CVE-2004-1970.json +++ b/2004/1xxx/CVE-2004-1970.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Samsung SmartEther SS6215S switch, and possibly other Samsung switches, allows remote attackers and local users to gain administrative access by providing the admin username followed by a password that is the maximum allowed length, then pressing the enter key after the resulting error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040426 Samsung SmartEther SS6215S Switch", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108300407424571&w=2" - }, - { - "name" : "10219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10219" - }, - { - "name" : "samsung-smartether-admin-access(15973)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15973" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Samsung SmartEther SS6215S switch, and possibly other Samsung switches, allows remote attackers and local users to gain administrative access by providing the admin username followed by a password that is the maximum allowed length, then pressing the enter key after the resulting error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10219" + }, + { + "name": "samsung-smartether-admin-access(15973)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15973" + }, + { + "name": "20040426 Samsung SmartEther SS6215S Switch", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108300407424571&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0242.json b/2008/0xxx/CVE-2008-0242.json index 013cb7ffecd..35a2d27cd71 100644 --- a/2008/0xxx/CVE-2008-0242.json +++ b/2008/0xxx/CVE-2008-0242.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "103165", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103165-1" - }, - { - "name" : "200641", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200641-1" - }, - { - "name" : "27253", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27253" - }, - { - "name" : "ADV-2008-0131", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0131" - }, - { - "name" : "oval:org.mitre.oval:def:5211", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5211" - }, - { - "name" : "1019187", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019187" - }, - { - "name" : "28493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28493" - }, - { - "name" : "solaris-libdevinfo-privilege-escalation(39629)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:5211", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5211" + }, + { + "name": "103165", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103165-1" + }, + { + "name": "200641", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200641-1" + }, + { + "name": "28493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28493" + }, + { + "name": "ADV-2008-0131", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0131" + }, + { + "name": "1019187", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019187" + }, + { + "name": "solaris-libdevinfo-privilege-escalation(39629)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39629" + }, + { + "name": "27253", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27253" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0619.json b/2008/0xxx/CVE-2008-0619.json index 322776c4847..5087a96bdcc 100644 --- a/2008/0xxx/CVE-2008-0619.json +++ b/2008/0xxx/CVE-2008-0619.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in NeroMediaPlayer.exe in Nero Media Player 1.4.0.35 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (persistent crash) via a long URI in a .M3U file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080205 NERO Media Player <= 1.4.0.35b Remote Buffer Overflow( .M3U)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487578/100/0/threaded" - }, - { - "name" : "5063", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5063" - }, - { - "name" : "27615", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27615" - }, - { - "name" : "ADV-2008-0405", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0405" - }, - { - "name" : "28765", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28765" - }, - { - "name" : "3616", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3616" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in NeroMediaPlayer.exe in Nero Media Player 1.4.0.35 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (persistent crash) via a long URI in a .M3U file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28765", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28765" + }, + { + "name": "27615", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27615" + }, + { + "name": "3616", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3616" + }, + { + "name": "5063", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5063" + }, + { + "name": "20080205 NERO Media Player <= 1.4.0.35b Remote Buffer Overflow( .M3U)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487578/100/0/threaded" + }, + { + "name": "ADV-2008-0405", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0405" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0734.json b/2008/0xxx/CVE-2008-0734.json index 96493ffc842..39a3eaa2aac 100644 --- a/2008/0xxx/CVE-2008-0734.json +++ b/2008/0xxx/CVE-2008-0734.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the cuid cookie parameter to admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5088", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5088" - }, - { - "name" : "27710", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27710" - }, - { - "name" : "limbo-admin-sql-injection(40415)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40415" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the cuid cookie parameter to admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5088", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5088" + }, + { + "name": "27710", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27710" + }, + { + "name": "limbo-admin-sql-injection(40415)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40415" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3312.json b/2008/3xxx/CVE-2008-3312.json index ceaaecabd19..8624b969311 100644 --- a/2008/3xxx/CVE-2008-3312.json +++ b/2008/3xxx/CVE-2008-3312.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in lemon_includes/FCKeditor/editor/filemanager/browser/browser.php in Lemon CMS 1.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might be an issue in FCKeditor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/bid/30285/exploit", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/bid/30285/exploit" - }, - { - "name" : "30285", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30285" - }, - { - "name" : "lemoncms-browser-file-include(43907)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43907" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in lemon_includes/FCKeditor/editor/filemanager/browser/browser.php in Lemon CMS 1.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might be an issue in FCKeditor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "lemoncms-browser-file-include(43907)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43907" + }, + { + "name": "http://www.securityfocus.com/bid/30285/exploit", + "refsource": "MISC", + "url": "http://www.securityfocus.com/bid/30285/exploit" + }, + { + "name": "30285", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30285" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3385.json b/2008/3xxx/CVE-2008-3385.json index 291f39729c5..a62a1aed394 100644 --- a/2008/3xxx/CVE-2008-3385.json +++ b/2008/3xxx/CVE-2008-3385.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in include/head_chat.inc.php in php Help Agent 1.0 and 1.1 Full allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6080", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6080" - }, - { - "name" : "30240", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30240" - }, - { - "name" : "31099", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31099" - }, - { - "name" : "4074", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4074" - }, - { - "name" : "phphelpagent-headchat-file-include(43833)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43833" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in include/head_chat.inc.php in php Help Agent 1.0 and 1.1 Full allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6080", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6080" + }, + { + "name": "30240", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30240" + }, + { + "name": "4074", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4074" + }, + { + "name": "phphelpagent-headchat-file-include(43833)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43833" + }, + { + "name": "31099", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31099" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3916.json b/2008/3xxx/CVE-2008-3916.json index 7458561654d..1363ee3ec72 100644 --- a/2008/3xxx/CVE-2008-3916.json +++ b/2008/3xxx/CVE-2008-3916.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3916", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090227 VMSA-2009-0003 ESX 2.5.5 patch 12 updates service console package ed", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501298/100/0/threaded" - }, - { - "name" : "[bug-ed] 20080821 Version 1.0 of GNU ed released", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/bug-ed/2008-08/msg00000.html" - }, - { - "name" : "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-461.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-461.htm" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0003.html" - }, - { - "name" : "FEDORA-2008-9236", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00847.html" - }, - { - "name" : "FEDORA-2008-9263", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00873.html" - }, - { - "name" : "GLSA-200809-15", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200809-15.xml" - }, - { - "name" : "MDVSA-2008:200", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:200" - }, - { - "name" : "RHSA-2008:0946", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0946.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "30815", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30815" - }, - { - "name" : "oval:org.mitre.oval:def:10678", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10678" - }, - { - "name" : "38794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38794" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2008-2642", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2642" - }, - { - "name" : "1020734", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020734" - }, - { - "name" : "32460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32460" - }, - { - "name" : "33005", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33005" - }, - { - "name" : "32349", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32349" - }, - { - "name" : "ADV-2008-3347", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3347" - }, - { - "name" : "ADV-2010-0528", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0528" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "gnued-stripescapes-bo(44643)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44643" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "ADV-2008-3347", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3347" + }, + { + "name": "oval:org.mitre.oval:def:10678", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10678" + }, + { + "name": "RHSA-2008:0946", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0946.html" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "38794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38794" + }, + { + "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" + }, + { + "name": "30815", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30815" + }, + { + "name": "FEDORA-2008-9263", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00873.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-461.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-461.htm" + }, + { + "name": "gnued-stripescapes-bo(44643)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44643" + }, + { + "name": "ADV-2008-2642", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2642" + }, + { + "name": "FEDORA-2008-9236", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00847.html" + }, + { + "name": "[bug-ed] 20080821 Version 1.0 of GNU ed released", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/bug-ed/2008-08/msg00000.html" + }, + { + "name": "MDVSA-2008:200", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:200" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0003.html" + }, + { + "name": "33005", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33005" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "1020734", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020734" + }, + { + "name": "20090227 VMSA-2009-0003 ESX 2.5.5 patch 12 updates service console package ed", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501298/100/0/threaded" + }, + { + "name": "32349", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32349" + }, + { + "name": "GLSA-200809-15", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200809-15.xml" + }, + { + "name": "32460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32460" + }, + { + "name": "ADV-2010-0528", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0528" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4147.json b/2008/4xxx/CVE-2008-4147.json index 56dea37c099..507d4a1e7f6 100644 --- a/2008/4xxx/CVE-2008-4147.json +++ b/2008/4xxx/CVE-2008-4147.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Mailsave module 5.x before 5.x-3.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an attached file that has a modified Content-Type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/309802", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/309802" - }, - { - "name" : "31232", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31232" - }, - { - "name" : "31889", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31889" - }, - { - "name" : "ADV-2008-2617", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2617" - }, - { - "name" : "mailsave-mimetype-xss(45212)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Mailsave module 5.x before 5.x-3.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an attached file that has a modified Content-Type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/309802", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/309802" + }, + { + "name": "31232", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31232" + }, + { + "name": "31889", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31889" + }, + { + "name": "ADV-2008-2617", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2617" + }, + { + "name": "mailsave-mimetype-xss(45212)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45212" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4574.json b/2008/4xxx/CVE-2008-4574.json index 6563cdbc095..d81d08c818a 100644 --- a/2008/4xxx/CVE-2008-4574.json +++ b/2008/4xxx/CVE-2008-4574.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in default.asp in Ayco Okul Portali allows remote attackers to execute arbitrary SQL commands via the linkid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6720", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6720" - }, - { - "name" : "31704", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31704" - }, - { - "name" : "32244", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32244" - }, - { - "name" : "4426", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4426" - }, - { - "name" : "aop-linkid-sql-injection(45801)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in default.asp in Ayco Okul Portali allows remote attackers to execute arbitrary SQL commands via the linkid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31704", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31704" + }, + { + "name": "4426", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4426" + }, + { + "name": "aop-linkid-sql-injection(45801)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45801" + }, + { + "name": "32244", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32244" + }, + { + "name": "6720", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6720" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2242.json b/2013/2xxx/CVE-2013-2242.json index e7f53d8c459..4fb8c71625e 100644 --- a/2013/2xxx/CVE-2013-2242.json +++ b/2013/2xxx/CVE-2013-2242.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/chat:chat capability before authorizing daemon-mode chat, which allows remote authenticated users to bypass intended access restrictions via an HTTP session to a chat server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39628", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39628" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=232498", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=232498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/chat:chat capability before authorizing daemon-mode chat, which allows remote authenticated users to bypass intended access restrictions via an HTTP session to a chat server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39628", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39628" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=232498", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=232498" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2287.json b/2013/2xxx/CVE-2013-2287.json index 240b26ff5da..8e7e9bc6282 100644 --- a/2013/2xxx/CVE-2013-2287.json +++ b/2013/2xxx/CVE-2013-2287.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.dognaedis.com/vulns/DGS-SEC-16.html", - "refsource" : "MISC", - "url" : "https://www.dognaedis.com/vulns/DGS-SEC-16.html" - }, - { - "name" : "90840", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/90840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.dognaedis.com/vulns/DGS-SEC-16.html", + "refsource": "MISC", + "url": "https://www.dognaedis.com/vulns/DGS-SEC-16.html" + }, + { + "name": "90840", + "refsource": "OSVDB", + "url": "http://osvdb.org/90840" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2318.json b/2013/2xxx/CVE-2013-2318.json index 6ba8946e6f2..083855b0dca 100644 --- a/2013/2xxx/CVE-2013-2318.json +++ b/2013/2xxx/CVE-2013-2318.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Content Provider in the MovatwiTouch application before 1.793 and MovatwiTouch Paid application before 1.793 for Android does not properly restrict access to authorization information, which allows attackers to hijack Twitter accounts via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-2318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://movatwitter.jugem.jp/?eid=442", - "refsource" : "CONFIRM", - "url" : "http://movatwitter.jugem.jp/?eid=442" - }, - { - "name" : "JVN#90289505", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN90289505/index.html" - }, - { - "name" : "JVNDB-2013-000047", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000047" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Content Provider in the MovatwiTouch application before 1.793 and MovatwiTouch Paid application before 1.793 for Android does not properly restrict access to authorization information, which allows attackers to hijack Twitter accounts via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#90289505", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN90289505/index.html" + }, + { + "name": "http://movatwitter.jugem.jp/?eid=442", + "refsource": "CONFIRM", + "url": "http://movatwitter.jugem.jp/?eid=442" + }, + { + "name": "JVNDB-2013-000047", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000047" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2326.json b/2013/2xxx/CVE-2013-2326.json index 923c28d54b7..8b03c0cdd94 100644 --- a/2013/2xxx/CVE-2013-2326.json +++ b/2013/2xxx/CVE-2013-2326.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1634." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-2326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02883", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" - }, - { - "name" : "SSRT101046", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" - }, - { - "name" : "SSRT101227", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1634." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101227", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" + }, + { + "name": "SSRT101046", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" + }, + { + "name": "HPSBMU02883", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2352.json b/2013/2xxx/CVE-2013-2352.json index 27458ad9488..e917780cf16 100644 --- a/2013/2xxx/CVE-2013-2352.json +++ b/2013/2xxx/CVE-2013-2352.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2352", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-2352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/", - "refsource" : "MISC", - "url" : "http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/" - }, - { - "name" : "HPSBST02896", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537" - }, - { - "name" : "SSRT101257", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101257", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537" + }, + { + "name": "http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/", + "refsource": "MISC", + "url": "http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/" + }, + { + "name": "HPSBST02896", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2735.json b/2013/2xxx/CVE-2013-2735.json index f98ea8afde7..a70ba666e78 100644 --- a/2013/2xxx/CVE-2013-2735.json +++ b/2013/2xxx/CVE-2013-2735.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-2735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-15.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-15.html" - }, - { - "name" : "GLSA-201308-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml" - }, - { - "name" : "RHSA-2013:0826", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0826.html" - }, - { - "name" : "SUSE-SU-2013:0809", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html" - }, - { - "name" : "oval:org.mitre.oval:def:16557", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16557" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16557", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16557" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-15.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-15.html" + }, + { + "name": "SUSE-SU-2013:0809", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html" + }, + { + "name": "RHSA-2013:0826", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0826.html" + }, + { + "name": "GLSA-201308-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-03.xml" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6173.json b/2013/6xxx/CVE-2013-6173.json index 254bea67c59..7fe660092f6 100644 --- a/2013/6xxx/CVE-2013-6173.json +++ b/2013/6xxx/CVE-2013-6173.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to hijack the authentication of administrators for requests that perform administrative actions in (1) xAdmin or (2) xDashboard." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2013-6173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131119 ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html" - }, - { - "name" : "http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html" - }, - { - "name" : "VU#346982", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/346982" - }, - { - "name" : "99985", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/99985" - }, - { - "name" : "1029384", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029384" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to hijack the authentication of administrators for requests that perform administrative actions in (1) xAdmin or (2) xDashboard." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131119 ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html" + }, + { + "name": "1029384", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029384" + }, + { + "name": "http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html" + }, + { + "name": "99985", + "refsource": "OSVDB", + "url": "http://osvdb.org/99985" + }, + { + "name": "VU#346982", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/346982" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6611.json b/2013/6xxx/CVE-2013-6611.json index 64fca2735f8..39db43727bd 100644 --- a/2013/6xxx/CVE-2013-6611.json +++ b/2013/6xxx/CVE-2013-6611.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6611", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6611", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7276.json b/2013/7xxx/CVE-2013-7276.json index 0b13279305b..73c9a344906 100644 --- a/2013/7xxx/CVE-2013-7276.json +++ b/2013/7xxx/CVE-2013-7276.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7276", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Recommend to a friend plugin 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the current_url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/124587/WordPress-Recommend-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/124587/WordPress-Recommend-Cross-Site-Scripting.html" - }, - { - "name" : "101487", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101487" - }, - { - "name" : "56209", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56209" - }, - { - "name" : "wp-recommendafriend-rafform-xss(89989)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89989" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Recommend to a friend plugin 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the current_url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/124587/WordPress-Recommend-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/124587/WordPress-Recommend-Cross-Site-Scripting.html" + }, + { + "name": "wp-recommendafriend-rafform-xss(89989)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89989" + }, + { + "name": "56209", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56209" + }, + { + "name": "101487", + "refsource": "OSVDB", + "url": "http://osvdb.org/101487" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10426.json b/2017/10xxx/CVE-2017-10426.json index 139b1aca38f..8f7ad02ef38 100644 --- a/2017/10xxx/CVE-2017-10426.json +++ b/2017/10xxx/CVE-2017-10426.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise FIN Staffing Front Office", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise FSCM accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise FSCM accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise FIN Staffing Front Office", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101481", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101481" - }, - { - "name" : "1039598", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039598" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise FSCM accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise FSCM accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039598", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039598" + }, + { + "name": "101481", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101481" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10988.json b/2017/10xxx/CVE-2017-10988.json index a0b9de30301..3261514363d 100644 --- a/2017/10xxx/CVE-2017-10988.json +++ b/2017/10xxx/CVE-2017-10988.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10988", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-10988", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14068.json b/2017/14xxx/CVE-2017-14068.json index 97ad1f1140f..daae1c68b04 100644 --- a/2017/14xxx/CVE-2017-14068.json +++ b/2017/14xxx/CVE-2017-14068.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14068", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14068", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14105.json b/2017/14xxx/CVE-2017-14105.json index aff85ca8b5b..cbec7aa22d3 100644 --- a/2017/14xxx/CVE-2017-14105.json +++ b/2017/14xxx/CVE-2017-14105.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker - even restricted as a tenant - can add a jsp at HiveManager/tomcat/webapps/hm/domains/$yourtenant/maps (it will be exposed at the web interface)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/theguly/CVE-2017-14105", - "refsource" : "MISC", - "url" : "https://github.com/theguly/CVE-2017-14105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker - even restricted as a tenant - can add a jsp at HiveManager/tomcat/webapps/hm/domains/$yourtenant/maps (it will be exposed at the web interface)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/theguly/CVE-2017-14105", + "refsource": "MISC", + "url": "https://github.com/theguly/CVE-2017-14105" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14458.json b/2017/14xxx/CVE-2017-14458.json index 3e157de53ad..17caf4f4e61 100644 --- a/2017/14xxx/CVE-2017-14458.json +++ b/2017/14xxx/CVE-2017-14458.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-04-19T00:00:00", - "ID" : "CVE-2017-14458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit", - "version" : { - "version_data" : [ - { - "version_value" : "Foxit Software Foxit PDF Reader 8.3.2.25013." - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-04-19T00:00:00", + "ID": "CVE-2017-14458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit", + "version": { + "version_data": [ + { + "version_value": "Foxit Software Foxit PDF Reader 8.3.2.25013." + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0506", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0506" - }, - { - "name" : "103942", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103942" - }, - { - "name" : "1040733", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040733" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0506", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0506" + }, + { + "name": "1040733", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040733" + }, + { + "name": "103942", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103942" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14535.json b/2017/14xxx/CVE-2017-14535.json index c887b634cb6..f4de75f63f0 100644 --- a/2017/14xxx/CVE-2017-14535.json +++ b/2017/14xxx/CVE-2017-14535.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/", - "refsource" : "MISC", - "url" : "https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/" - }, - { - "name" : "https://twitter.com/tiger_tigerboy/status/962689803270500352", - "refsource" : "MISC", - "url" : "https://twitter.com/tiger_tigerboy/status/962689803270500352" - }, - { - "name" : "https://www.linkedin.com/pulse/trixbox-os-command-injection-vulnerability-sachin-wagh-ceh-ecsa-/?published=t", - "refsource" : "MISC", - "url" : "https://www.linkedin.com/pulse/trixbox-os-command-injection-vulnerability-sachin-wagh-ceh-ecsa-/?published=t" - }, - { - "name" : "103004", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://twitter.com/tiger_tigerboy/status/962689803270500352", + "refsource": "MISC", + "url": "https://twitter.com/tiger_tigerboy/status/962689803270500352" + }, + { + "name": "103004", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103004" + }, + { + "name": "https://www.linkedin.com/pulse/trixbox-os-command-injection-vulnerability-sachin-wagh-ceh-ecsa-/?published=t", + "refsource": "MISC", + "url": "https://www.linkedin.com/pulse/trixbox-os-command-injection-vulnerability-sachin-wagh-ceh-ecsa-/?published=t" + }, + { + "name": "https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/", + "refsource": "MISC", + "url": "https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14709.json b/2017/14xxx/CVE-2017-14709.json index 2256e10fc9f..c4f80aee23c 100644 --- a/2017/14xxx/CVE-2017-14709.json +++ b/2017/14xxx/CVE-2017-14709.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The komoot GmbH \"Komoot - Cycling & Hiking Maps\" app before 9.3.2 -- aka komoot-cycling-hiking-maps/id447374873 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/", - "refsource" : "MISC", - "url" : "https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The komoot GmbH \"Komoot - Cycling & Hiking Maps\" app before 9.3.2 -- aka komoot-cycling-hiking-maps/id447374873 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/", + "refsource": "MISC", + "url": "https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14849.json b/2017/14xxx/CVE-2017-14849.json index becc3ce5e17..2c1094b8a0a 100644 --- a/2017/14xxx/CVE-2017-14849.json +++ b/2017/14xxx/CVE-2017-14849.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14849", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to \"..\" handling was incompatible with the pathname validation used by unspecified community modules." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/", - "refsource" : "CONFIRM", - "url" : "https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/" - }, - { - "name" : "https://twitter.com/nodejs/status/913131152868876288", - "refsource" : "CONFIRM", - "url" : "https://twitter.com/nodejs/status/913131152868876288" - }, - { - "name" : "101056", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101056" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to \"..\" handling was incompatible with the pathname validation used by unspecified community modules." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/", + "refsource": "CONFIRM", + "url": "https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/" + }, + { + "name": "101056", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101056" + }, + { + "name": "https://twitter.com/nodejs/status/913131152868876288", + "refsource": "CONFIRM", + "url": "https://twitter.com/nodejs/status/913131152868876288" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15276.json b/2017/15xxx/CVE-2017-15276.json index 27afb20c60c..4e9251c8d8d 100644 --- a/2017/15xxx/CVE-2017-15276.json +++ b/2017/15xxx/CVE-2017-15276.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15276", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR archives, Content Server fails to verify the contents of an archive, which causes a path traversal vulnerability via symlinks. Because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43002", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43002/" - }, - { - "name" : "http://seclists.org/bugtraq/2017/Oct/19", - "refsource" : "MISC", - "url" : "http://seclists.org/bugtraq/2017/Oct/19" - }, - { - "name" : "101639", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101639" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR archives, Content Server fails to verify the contents of an archive, which causes a path traversal vulnerability via symlinks. Because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101639", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101639" + }, + { + "name": "43002", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43002/" + }, + { + "name": "http://seclists.org/bugtraq/2017/Oct/19", + "refsource": "MISC", + "url": "http://seclists.org/bugtraq/2017/Oct/19" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15533.json b/2017/15xxx/CVE-2017-15533.json index c8460a6297d..8fab93741ea 100644 --- a/2017/15xxx/CVE-2017-15533.json +++ b/2017/15xxx/CVE-2017-15533.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@symantec.com", - "DATE_PUBLIC" : "2018-05-16T00:00:00", - "ID" : "CVE-2017-15533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SSL Visibility (SSLV)", - "version" : { - "version_data" : [ - { - "version_value" : "3.8.4FC" - }, - { - "version_value" : "3.10 prior to 3.10.4.1" - }, - { - "version_value" : "3.11" - }, - { - "version_value" : "3.12 prior to 3.12.2.1" - } - ] - } - } - ] - }, - "vendor_name" : "Symantec Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. All affected SSLV versions act as weak oracles according the oracle classification used in the ROBOT research paper. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish multiple millions of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "DATE_PUBLIC": "2018-05-16T00:00:00", + "ID": "CVE-2017-15533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SSL Visibility (SSLV)", + "version": { + "version_data": [ + { + "version_value": "3.8.4FC" + }, + { + "version_value": "3.10 prior to 3.10.4.1" + }, + { + "version_value": "3.11" + }, + { + "version_value": "3.12 prior to 3.12.2.1" + } + ] + } + } + ] + }, + "vendor_name": "Symantec Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.symantec.com/security-center/network-protection-security-advisories/SA160", - "refsource" : "CONFIRM", - "url" : "https://www.symantec.com/security-center/network-protection-security-advisories/SA160" - }, - { - "name" : "104163", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. All affected SSLV versions act as weak oracles according the oracle classification used in the ROBOT research paper. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish multiple millions of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA160", + "refsource": "CONFIRM", + "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA160" + }, + { + "name": "104163", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104163" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15559.json b/2017/15xxx/CVE-2017-15559.json index 34837a5ebdf..ef2ae52efd2 100644 --- a/2017/15xxx/CVE-2017-15559.json +++ b/2017/15xxx/CVE-2017-15559.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15559", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15559", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15701.json b/2017/15xxx/CVE-2017-15701.json index 0f109b78aa3..48c02bacd4c 100644 --- a/2017/15xxx/CVE-2017-15701.json +++ b/2017/15xxx/CVE-2017-15701.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2017-11-30T00:00:00", - "ID" : "CVE-2017-15701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Qpid Broker-J", - "version" : { - "version_data" : [ - { - "version_value" : "6.1.0, 6.1.1, 6.1.2, 6.1.3, and 6.1.4" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Apache Qpid Broker-J Denial of Service Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2017-11-30T00:00:00", + "ID": "CVE-2017-15701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Qpid Broker-J", + "version": { + "version_data": [ + { + "version_value": "6.1.0, 6.1.1, 6.1.2, 6.1.3, and 6.1.4" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dev] 20171130 [SECURITY] [CVE-2017-15701] Apache Qpid Broker-J Denial of Service Vulnerability", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/4054e1c90993f337eeea24a312841c0661653e673c0ff8e2cd9520fe@%3Cdev.qpid.apache.org%3E" - }, - { - "name" : "https://issues.apache.org/jira/browse/QPID-7947", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/QPID-7947" - }, - { - "name" : "https://qpid.apache.org/cves/CVE-2017-15701.html", - "refsource" : "CONFIRM", - "url" : "https://qpid.apache.org/cves/CVE-2017-15701.html" - }, - { - "name" : "102041", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Apache Qpid Broker-J Denial of Service Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://issues.apache.org/jira/browse/QPID-7947", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/QPID-7947" + }, + { + "name": "[dev] 20171130 [SECURITY] [CVE-2017-15701] Apache Qpid Broker-J Denial of Service Vulnerability", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/4054e1c90993f337eeea24a312841c0661653e673c0ff8e2cd9520fe@%3Cdev.qpid.apache.org%3E" + }, + { + "name": "https://qpid.apache.org/cves/CVE-2017-15701.html", + "refsource": "CONFIRM", + "url": "https://qpid.apache.org/cves/CVE-2017-15701.html" + }, + { + "name": "102041", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102041" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17582.json b/2017/17xxx/CVE-2017-17582.json index af1df970c79..1d3daafbd9a 100644 --- a/2017/17xxx/CVE-2017-17582.json +++ b/2017/17xxx/CVE-2017-17582.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17582", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43252", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43252/" - }, - { - "name" : "https://packetstormsecurity.com/files/145314/FS-Grubhub-Clone-1.0-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/145314/FS-Grubhub-Clone-1.0-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/145314/FS-Grubhub-Clone-1.0-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/145314/FS-Grubhub-Clone-1.0-SQL-Injection.html" + }, + { + "name": "43252", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43252/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9036.json b/2017/9xxx/CVE-2017-9036.json index 44ae66f92ef..70c456d6633 100644 --- a/2017/9xxx/CVE-2017-9036.json +++ b/2017/9xxx/CVE-2017-9036.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170523 [CORE-2017-0002] - Trend Micro ServerProtect Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/May/91" - }, - { - "name" : "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html" - }, - { - "name" : "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities" - }, - { - "name" : "https://success.trendmicro.com/solution/1117411", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1117411" - }, - { - "name" : "1038548", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038548", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038548" + }, + { + "name": "https://success.trendmicro.com/solution/1117411", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1117411" + }, + { + "name": "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities" + }, + { + "name": "20170523 [CORE-2017-0002] - Trend Micro ServerProtect Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/May/91" + }, + { + "name": "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9929.json b/2017/9xxx/CVE-2017-9929.json index cf607e5e066..813c334780c 100644 --- a/2017/9xxx/CVE-2017-9929.json +++ b/2017/9xxx/CVE-2017-9929.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://somevulnsofadlab.blogspot.com/2017/06/lrzipstack-buffer-overflow-in_24.html", - "refsource" : "MISC", - "url" : "http://somevulnsofadlab.blogspot.com/2017/06/lrzipstack-buffer-overflow-in_24.html" - }, - { - "name" : "https://github.com/ckolivas/lrzip/issues/75", - "refsource" : "MISC", - "url" : "https://github.com/ckolivas/lrzip/issues/75" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://somevulnsofadlab.blogspot.com/2017/06/lrzipstack-buffer-overflow-in_24.html", + "refsource": "MISC", + "url": "http://somevulnsofadlab.blogspot.com/2017/06/lrzipstack-buffer-overflow-in_24.html" + }, + { + "name": "https://github.com/ckolivas/lrzip/issues/75", + "refsource": "MISC", + "url": "https://github.com/ckolivas/lrzip/issues/75" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0042.json b/2018/0xxx/CVE-2018-0042.json index a795444124c..b4b0ae0e37a 100644 --- a/2018/0xxx/CVE-2018-0042.json +++ b/2018/0xxx/CVE-2018-0042.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "ID" : "CVE-2018-0042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "ID": "CVE-2018-0042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10872", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10872" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10872", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10872" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0219.json b/2018/0xxx/CVE-2018-0219.json index 0a37008f717..1bc916c7955 100644 --- a/2018/0xxx/CVE-2018-0219.json +++ b/2018/0xxx/CVE-2018-0219.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco UCS Director", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco UCS Director" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of Cisco Unified Computing System (UCS) Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg86518." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco UCS Director", + "version": { + "version_data": [ + { + "version_value": "Cisco UCS Director" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ucs", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ucs" - }, - { - "name" : "103326", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103326" - }, - { - "name" : "1040467", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Unified Computing System (UCS) Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg86518." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103326", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103326" + }, + { + "name": "1040467", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040467" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ucs", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ucs" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0353.json b/2018/0xxx/CVE-2018-0353.json index 3fff5230f15..0a6f5712456 100644 --- a/2018/0xxx/CVE-2018-0353.json +++ b/2018/0xxx/CVE-2018-0353.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Web Security Appliance unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Web Security Appliance unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and bypass security protections. The vulnerability is due to a change in the underlying operating system software that is responsible for monitoring affected traffic. An attacker could exploit this vulnerability by sending crafted IP packets to an affected device. A successful exploit could allow the attacker to pass traffic through the device, which the WSA was configured to deny. This vulnerability affects both IPv4 and IPv6 traffic. This vulnerability affects Cisco AsyncOS versions for WSA on both virtual and hardware appliances running any release of the 10.5.1, 10.5.2, or 11.0.0 WSA Software. The WSA is vulnerable if it is configured for L4TM. Cisco Bug IDs: CSCvg78875." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-254" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Web Security Appliance unknown", + "version": { + "version_data": [ + { + "version_value": "Cisco Web Security Appliance unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-wsa", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-wsa" - }, - { - "name" : "104417", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104417" - }, - { - "name" : "1041081", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and bypass security protections. The vulnerability is due to a change in the underlying operating system software that is responsible for monitoring affected traffic. An attacker could exploit this vulnerability by sending crafted IP packets to an affected device. A successful exploit could allow the attacker to pass traffic through the device, which the WSA was configured to deny. This vulnerability affects both IPv4 and IPv6 traffic. This vulnerability affects Cisco AsyncOS versions for WSA on both virtual and hardware appliances running any release of the 10.5.1, 10.5.2, or 11.0.0 WSA Software. The WSA is vulnerable if it is configured for L4TM. Cisco Bug IDs: CSCvg78875." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-254" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104417", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104417" + }, + { + "name": "1041081", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041081" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-wsa", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-wsa" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0710.json b/2018/0xxx/CVE-2018-0710.json index fa386d41939..1760ae49620 100644 --- a/2018/0xxx/CVE-2018-0710.json +++ b/2018/0xxx/CVE-2018-0710.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@qnapsecurity.com.tw", - "DATE_PUBLIC" : "2018-07-10T00:00:00", - "ID" : "CVE-2018-0710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Q'center Virtual Appliance", - "version" : { - "version_data" : [ - { - "version_value" : "1.7.1063 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "QNAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "security@qnap.com", + "DATE_PUBLIC": "2018-07-10T00:00:00", + "ID": "CVE-2018-0710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Q'center Virtual Appliance", + "version": { + "version_data": [ + { + "version_value": "1.7.1063 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "QNAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "https://www.securityfocus.com/archive/1/542141/100/0/threaded" - }, - { - "name" : "45015", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45015/" - }, - { - "name" : "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Jul/45" - }, - { - "name" : "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html" - }, - { - "name" : "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities" - }, - { - "name" : "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10", - "refsource" : "CONFIRM", - "url" : "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45015", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45015/" + }, + { + "name": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities" + }, + { + "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Jul/45" + }, + { + "name": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html" + }, + { + "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10", + "refsource": "CONFIRM", + "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10" + }, + { + "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0733.json b/2018/0xxx/CVE-2018-0733.json index a6be618e2b8..5e75efd1bde 100644 --- a/2018/0xxx/CVE-2018-0733.json +++ b/2018/0xxx/CVE-2018-0733.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "openssl-security@openssl.org", - "DATE_PUBLIC" : "2018-03-27", - "ID" : "CVE-2018-0733", - "STATE" : "PUBLIC", - "TITLE" : "Incorrect CRYPTO_memcmp on HP-UX PA-RISC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OpenSSL", - "version" : { - "version_data" : [ - { - "version_value" : "Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g)" - } - ] - } - } - ] - }, - "vendor_name" : "OpenSSL" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Peter Waltenberg (IBM)" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g)." - } - ] - }, - "impact" : [ - { - "lang" : "eng", - "url" : "https://www.openssl.org/policies/secpolicy.html#Moderate", - "value" : "Moderate" - } - ], - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Message forgery" - } + "CVE_data_meta": { + "ASSIGNER": "openssl-security@openssl.org", + "DATE_PUBLIC": "2018-03-27", + "ID": "CVE-2018-0733", + "STATE": "PUBLIC", + "TITLE": "Incorrect CRYPTO_memcmp on HP-UX PA-RISC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OpenSSL", + "version": { + "version_data": [ + { + "version_value": "Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g)" + } + ] + } + } + ] + }, + "vendor_name": "OpenSSL" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56d5a4bfcaf37fa420aef2bb881aa55e61cf5f2f", - "refsource" : "CONFIRM", - "url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56d5a4bfcaf37fa420aef2bb881aa55e61cf5f2f" - }, - { - "name" : "https://www.openssl.org/news/secadv/20180327.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv/20180327.txt" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180330-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180330-0002/" - }, - { - "name" : "https://www.tenable.com/security/tns-2018-04", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2018-04" - }, - { - "name" : "https://www.tenable.com/security/tns-2018-06", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2018-06" - }, - { - "name" : "https://www.tenable.com/security/tns-2018-07", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2018-07" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "GLSA-201811-21", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-21" - }, - { - "name" : "103517", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103517" - }, - { - "name" : "1040576", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040576" - } - ] - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Peter Waltenberg (IBM)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g)." + } + ] + }, + "impact": [ + { + "lang": "eng", + "url": "https://www.openssl.org/policies/secpolicy.html#Moderate", + "value": "Moderate" + } + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Message forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/tns-2018-07", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2018-07" + }, + { + "name": "https://www.tenable.com/security/tns-2018-04", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2018-04" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "GLSA-201811-21", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-21" + }, + { + "name": "103517", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103517" + }, + { + "name": "https://www.tenable.com/security/tns-2018-06", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2018-06" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180330-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180330-0002/" + }, + { + "name": "1040576", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040576" + }, + { + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56d5a4bfcaf37fa420aef2bb881aa55e61cf5f2f", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56d5a4bfcaf37fa420aef2bb881aa55e61cf5f2f" + }, + { + "name": "https://www.openssl.org/news/secadv/20180327.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20180327.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000008.json b/2018/1000xxx/CVE-2018-1000008.json index 281d0e5d4a7..62a9d744ff6 100644 --- a/2018/1000xxx/CVE-2018-1000008.json +++ b/2018/1000xxx/CVE-2018-1000008.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2018-01-22", - "ID" : "CVE-2018-1000008", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins PMD Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "3.49 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins PMD Plugin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XML External Entity Processing" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-01-22", + "ID": "CVE-2018-1000008", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-01-22/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-01-22/" - }, - { - "name" : "102844", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102844" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-01-22/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-01-22/" + }, + { + "name": "102844", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102844" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000165.json b/2018/1000xxx/CVE-2018-1000165.json index fed1ae71060..d4041029a78 100644 --- a/2018/1000xxx/CVE-2018-1000165.json +++ b/2018/1000xxx/CVE-2018-1000165.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-04-06T14:09:26.587150", - "DATE_REQUESTED" : "2018-04-04T02:32:08", - "ID" : "CVE-2018-1000165", - "REQUESTER" : "tmilos@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LightSAML", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 1.3.5" - } - ] - } - } - ] - }, - "vendor_name" : "lightsaml" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LightSAML version prior to 1.3.5 contains a Incorrect Access Control vulnerability in signature validation in readers in src/LightSaml/Model/XmlDSig/ that can result in impersonation of any user from Identity Provider. This vulnerability appears to have been fixed in 1.3.5 and later." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-04-06T14:09:26.587150", + "DATE_REQUESTED": "2018-04-04T02:32:08", + "ID": "CVE-2018-1000165", + "REQUESTER": "tmilos@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/lightSAML/lightSAML/commit/47cef07bb09779df15620799f3763d1b8d32307a", - "refsource" : "MISC", - "url" : "https://github.com/lightSAML/lightSAML/commit/47cef07bb09779df15620799f3763d1b8d32307a" - }, - { - "name" : "https://github.com/lightSAML/lightSAML/releases/tag/1.3.5", - "refsource" : "MISC", - "url" : "https://github.com/lightSAML/lightSAML/releases/tag/1.3.5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LightSAML version prior to 1.3.5 contains a Incorrect Access Control vulnerability in signature validation in readers in src/LightSaml/Model/XmlDSig/ that can result in impersonation of any user from Identity Provider. This vulnerability appears to have been fixed in 1.3.5 and later." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/lightSAML/lightSAML/commit/47cef07bb09779df15620799f3763d1b8d32307a", + "refsource": "MISC", + "url": "https://github.com/lightSAML/lightSAML/commit/47cef07bb09779df15620799f3763d1b8d32307a" + }, + { + "name": "https://github.com/lightSAML/lightSAML/releases/tag/1.3.5", + "refsource": "MISC", + "url": "https://github.com/lightSAML/lightSAML/releases/tag/1.3.5" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000556.json b/2018/1000xxx/CVE-2018-1000556.json index 8c2b0ea66ba..4913450a5f4 100644 --- a/2018/1000xxx/CVE-2018-1000556.json +++ b/2018/1000xxx/CVE-2018-1000556.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-06-23T11:22:33.083759", - "DATE_REQUESTED" : "2018-03-05T05:51:12", - "ID" : "CVE-2018-1000556", - "REQUESTER" : "3ntr0py1337@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WordPress", - "version" : { - "version_data" : [ - { - "version_value" : "4.8 +" - } - ] - } - } - ] - }, - "vendor_name" : "WordPress" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. This attack appear to be exploitable via an attacker must craft an URL with payload and send to the user. Victim need to open the link to be affected by reflected XSS. ." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-06-23T11:22:33.083759", + "DATE_REQUESTED": "2018-03-05T05:51:12", + "ID": "CVE-2018-1000556", + "REQUESTER": "3ntr0py1337@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.pluginvulnerabilities.com/2017/04/28/reflected-cross-site-scripting-xss-vulnerability-in-wp-statistics/", - "refsource" : "MISC", - "url" : "https://www.pluginvulnerabilities.com/2017/04/28/reflected-cross-site-scripting-xss-vulnerability-in-wp-statistics/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. This attack appear to be exploitable via an attacker must craft an URL with payload and send to the user. Victim need to open the link to be affected by reflected XSS. ." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.pluginvulnerabilities.com/2017/04/28/reflected-cross-site-scripting-xss-vulnerability-in-wp-statistics/", + "refsource": "MISC", + "url": "https://www.pluginvulnerabilities.com/2017/04/28/reflected-cross-site-scripting-xss-vulnerability-in-wp-statistics/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000801.json b/2018/1000xxx/CVE-2018-1000801.json index 8265a5ba533..a3f997c73cf 100644 --- a/2018/1000xxx/CVE-2018-1000801.json +++ b/2018/1000xxx/CVE-2018-1000801.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-09-03T16:07:16.983221", - "DATE_REQUESTED" : "2018-09-01T10:41:39", - "ID" : "CVE-2018-1000801", - "REQUESTER" : "joran.herve@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "okular", - "version" : { - "version_data" : [ - { - "version_value" : "18.08 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "okular" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "okular version 18.08 and earlier contains a Directory Traversal vulnerability in function \"unpackDocumentArchive(...)\" in \"core/document.cpp\" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory Traversal" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-09-03T16:07:16.983221", + "DATE_REQUESTED": "2018-09-01T10:41:39", + "ID": "CVE-2018-1000801", + "REQUESTER": "joran.herve@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180923 [SECURITY] [DLA 1516-1] okular security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00027.html" - }, - { - "name" : "https://bugs.kde.org/show_bug.cgi?id=398096", - "refsource" : "CONFIRM", - "url" : "https://bugs.kde.org/show_bug.cgi?id=398096" - }, - { - "name" : "https://cgit.kde.org/okular.git/commit/?id=8ff7abc14d41906ad978b6bc67e69693863b9d47", - "refsource" : "CONFIRM", - "url" : "https://cgit.kde.org/okular.git/commit/?id=8ff7abc14d41906ad978b6bc67e69693863b9d47" - }, - { - "name" : "DSA-4303", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4303" - }, - { - "name" : "GLSA-201811-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-08" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "okular version 18.08 and earlier contains a Directory Traversal vulnerability in function \"unpackDocumentArchive(...)\" in \"core/document.cpp\" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180923 [SECURITY] [DLA 1516-1] okular security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00027.html" + }, + { + "name": "https://cgit.kde.org/okular.git/commit/?id=8ff7abc14d41906ad978b6bc67e69693863b9d47", + "refsource": "CONFIRM", + "url": "https://cgit.kde.org/okular.git/commit/?id=8ff7abc14d41906ad978b6bc67e69693863b9d47" + }, + { + "name": "GLSA-201811-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-08" + }, + { + "name": "https://bugs.kde.org/show_bug.cgi?id=398096", + "refsource": "CONFIRM", + "url": "https://bugs.kde.org/show_bug.cgi?id=398096" + }, + { + "name": "DSA-4303", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4303" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16447.json b/2018/16xxx/CVE-2018-16447.json index 0c44ae22fb9..492e37c2556 100644 --- a/2018/16xxx/CVE-2018-16447.json +++ b/2018/16xxx/CVE-2018-16447.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/philippe/FrogCMS/issues/12", - "refsource" : "MISC", - "url" : "https://github.com/philippe/FrogCMS/issues/12" - }, - { - "name" : "https://github.com/security-breachlock/CVE-2018-16447/blob/master/frog_CSRF.pdf", - "refsource" : "MISC", - "url" : "https://github.com/security-breachlock/CVE-2018-16447/blob/master/frog_CSRF.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/philippe/FrogCMS/issues/12", + "refsource": "MISC", + "url": "https://github.com/philippe/FrogCMS/issues/12" + }, + { + "name": "https://github.com/security-breachlock/CVE-2018-16447/blob/master/frog_CSRF.pdf", + "refsource": "MISC", + "url": "https://github.com/security-breachlock/CVE-2018-16447/blob/master/frog_CSRF.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19266.json b/2018/19xxx/CVE-2018-19266.json index acd99779f9b..32053e2140c 100644 --- a/2018/19xxx/CVE-2018-19266.json +++ b/2018/19xxx/CVE-2018-19266.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19266", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-19266", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19571.json b/2018/19xxx/CVE-2018-19571.json index e0505bbde2f..b770526f9dd 100644 --- a/2018/19xxx/CVE-2018-19571.json +++ b/2018/19xxx/CVE-2018-19571.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19571", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19571", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19897.json b/2018/19xxx/CVE-2018-19897.json index 095aaed898a..c704ae2ad8f 100644 --- a/2018/19xxx/CVE-2018-19897.json +++ b/2018/19xxx/CVE-2018-19897.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in AdminbaseController.class.php and is exploitable with the manager privilege via the listorders[key][1] parameter in a Link listorders action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/thinkcmf/cmfx/issues/26", - "refsource" : "MISC", - "url" : "https://github.com/thinkcmf/cmfx/issues/26" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in AdminbaseController.class.php and is exploitable with the manager privilege via the listorders[key][1] parameter in a Link listorders action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/thinkcmf/cmfx/issues/26", + "refsource": "MISC", + "url": "https://github.com/thinkcmf/cmfx/issues/26" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4099.json b/2018/4xxx/CVE-2018-4099.json index fc1b528aa53..4c609244f1c 100644 --- a/2018/4xxx/CVE-2018-4099.json +++ b/2018/4xxx/CVE-2018-4099.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4099", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4099", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4213.json b/2018/4xxx/CVE-2018-4213.json index 8b9e85bd5b4..c462c49f28b 100644 --- a/2018/4xxx/CVE-2018-4213.json +++ b/2018/4xxx/CVE-2018-4213.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208693,https://support.apple.com/HT208698,", - "refsource" : "MISC", - "url" : "https://support.apple.com/HT208693,https://support.apple.com/HT208698," - }, - { - "name" : "https://support.apple.com/HT208695,", - "refsource" : "MISC", - "url" : "https://support.apple.com/HT208695," - }, - { - "name" : "https://support.apple.com/HT208696,", - "refsource" : "MISC", - "url" : "https://support.apple.com/HT208696," - }, - { - "name" : "https://support.apple.com/HT208697,", - "refsource" : "MISC", - "url" : "https://support.apple.com/HT208697," - }, - { - "name" : "https://support.apple.com/HT208694", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208694" - }, - { - "name" : "GLSA-201812-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201812-04" - }, - { - "name" : "USN-3781-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3781-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208695,", + "refsource": "MISC", + "url": "https://support.apple.com/HT208695," + }, + { + "name": "https://support.apple.com/HT208697,", + "refsource": "MISC", + "url": "https://support.apple.com/HT208697," + }, + { + "name": "https://support.apple.com/HT208693,https://support.apple.com/HT208698,", + "refsource": "MISC", + "url": "https://support.apple.com/HT208693,https://support.apple.com/HT208698," + }, + { + "name": "https://support.apple.com/HT208696,", + "refsource": "MISC", + "url": "https://support.apple.com/HT208696," + }, + { + "name": "USN-3781-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3781-1/" + }, + { + "name": "GLSA-201812-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201812-04" + }, + { + "name": "https://support.apple.com/HT208694", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208694" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4339.json b/2018/4xxx/CVE-2018-4339.json index 4e63e3ef7d6..48c003c690a 100644 --- a/2018/4xxx/CVE-2018-4339.json +++ b/2018/4xxx/CVE-2018-4339.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4339", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4339", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4757.json b/2018/4xxx/CVE-2018-4757.json index b62ebef2f7e..bdad9fc39e7 100644 --- a/2018/4xxx/CVE-2018-4757.json +++ b/2018/4xxx/CVE-2018-4757.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4757", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4757", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file