diff --git a/2008/0xxx/CVE-2008-0192.json b/2008/0xxx/CVE-2008-0192.json index a6b06e18cba..e22bed195a6 100644 --- a/2008/0xxx/CVE-2008-0192.json +++ b/2008/0xxx/CVE-2008-0192.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080103 securityvulns.com russian vulnerabilities digest", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485786/100/0/threaded" - }, - { - "name" : "20080103 securityvulns.com russian vulnerabilities digest", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html" - }, - { - "name" : "http://securityvulns.ru/Sdocument714.html", - "refsource" : "MISC", - "url" : "http://securityvulns.ru/Sdocument714.html" - }, - { - "name" : "http://websecurity.com.ua/1658/", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/1658/" - }, - { - "name" : "27123", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27123" - }, - { - "name" : "3539", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3539" - }, - { - "name" : "wordpress-popuptitle-xss(39426)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://securityvulns.ru/Sdocument714.html", + "refsource": "MISC", + "url": "http://securityvulns.ru/Sdocument714.html" + }, + { + "name": "http://websecurity.com.ua/1658/", + "refsource": "MISC", + "url": "http://websecurity.com.ua/1658/" + }, + { + "name": "20080103 securityvulns.com russian vulnerabilities digest", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html" + }, + { + "name": "27123", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27123" + }, + { + "name": "20080103 securityvulns.com russian vulnerabilities digest", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded" + }, + { + "name": "3539", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3539" + }, + { + "name": "wordpress-popuptitle-xss(39426)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39426" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0275.json b/2008/0xxx/CVE-2008-0275.json index 5e6fea2db52..91fef5bbdc4 100644 --- a/2008/0xxx/CVE-2008-0275.json +++ b/2008/0xxx/CVE-2008-0275.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal does not properly manage permissions for node (1) titles, (2) teasers, and (3) bodies, which might allow remote attackers to gain access to syndicated content." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/208527", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/208527" - }, - { - "name" : "drupal-atom-security-bypass(39607)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal does not properly manage permissions for node (1) titles, (2) teasers, and (3) bodies, which might allow remote attackers to gain access to syndicated content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/208527", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/208527" + }, + { + "name": "drupal-atom-security-bypass(39607)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39607" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0395.json b/2008/0xxx/CVE-2008-0395.json index 1dfe8296038..ff35334a736 100644 --- a/2008/0xxx/CVE-2008-0395.json +++ b/2008/0xxx/CVE-2008-0395.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080121 [waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite 3.11.01", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/486762/100/0/threaded" - }, - { - "name" : "http://www.waraxe.us/advisory-63.html", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/advisory-63.html" - }, - { - "name" : "28613", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28613" - }, - { - "name" : "3573", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3573" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28613", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28613" + }, + { + "name": "http://www.waraxe.us/advisory-63.html", + "refsource": "MISC", + "url": "http://www.waraxe.us/advisory-63.html" + }, + { + "name": "3573", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3573" + }, + { + "name": "20080121 [waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite 3.11.01", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/486762/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0781.json b/2008/0xxx/CVE-2008-0781.json index 6cb570a807a..00ae1fb1d6d 100644 --- a/2008/0xxx/CVE-2008-0781.json +++ b/2008/0xxx/CVE-2008-0781.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.moinmo.in/moin/1.5/rev/db212dfc58ef", - "refsource" : "CONFIRM", - "url" : "http://hg.moinmo.in/moin/1.5/rev/db212dfc58ef" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=432748", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=432748" - }, - { - "name" : "DSA-1514", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1514" - }, - { - "name" : "FEDORA-2008-1880", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html" - }, - { - "name" : "FEDORA-2008-1905", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html" - }, - { - "name" : "GLSA-200803-27", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml" - }, - { - "name" : "USN-716-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/716-1/" - }, - { - "name" : "27904", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27904" - }, - { - "name" : "ADV-2008-0569", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0569/references" - }, - { - "name" : "29010", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29010" - }, - { - "name" : "28987", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28987" - }, - { - "name" : "29262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29262" - }, - { - "name" : "29444", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29444" - }, - { - "name" : "33755", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33755", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33755" + }, + { + "name": "GLSA-200803-27", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml" + }, + { + "name": "29262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29262" + }, + { + "name": "29010", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29010" + }, + { + "name": "FEDORA-2008-1880", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html" + }, + { + "name": "28987", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28987" + }, + { + "name": "ADV-2008-0569", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0569/references" + }, + { + "name": "27904", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27904" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=432748", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=432748" + }, + { + "name": "29444", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29444" + }, + { + "name": "FEDORA-2008-1905", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html" + }, + { + "name": "http://hg.moinmo.in/moin/1.5/rev/db212dfc58ef", + "refsource": "CONFIRM", + "url": "http://hg.moinmo.in/moin/1.5/rev/db212dfc58ef" + }, + { + "name": "USN-716-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/716-1/" + }, + { + "name": "DSA-1514", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1514" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1152.json b/2008/1xxx/CVE-2008-1152.json index 7ef13608ebb..3ab93f7a8eb 100644 --- a/2008/1xxx/CVE-2008-1152.json +++ b/2008/1xxx/CVE-2008-1152.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2008-1152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080326 Multiple DLSw Denial of Service Vulnerabilities in Cisco IOS", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080969866.shtml" - }, - { - "name" : "TA08-087B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-087B.html" - }, - { - "name" : "28465", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28465" - }, - { - "name" : "oval:org.mitre.oval:def:5821", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5821" - }, - { - "name" : "ADV-2008-1006", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1006/references" - }, - { - "name" : "1019712", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019712" - }, - { - "name" : "29507", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29507" - }, - { - "name" : "cisco-ios-dlsw-dos(41482)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1006", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1006/references" + }, + { + "name": "TA08-087B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html" + }, + { + "name": "1019712", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019712" + }, + { + "name": "28465", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28465" + }, + { + "name": "20080326 Multiple DLSw Denial of Service Vulnerabilities in Cisco IOS", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080969866.shtml" + }, + { + "name": "29507", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29507" + }, + { + "name": "oval:org.mitre.oval:def:5821", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5821" + }, + { + "name": "cisco-ios-dlsw-dos(41482)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41482" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1431.json b/2008/1xxx/CVE-2008-1431.json index 78219100f9f..7e5cda6c082 100644 --- a/2008/1xxx/CVE-2008-1431.json +++ b/2008/1xxx/CVE-2008-1431.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080316 raidsonic nas-4220 crypt disk key leak (stored in plain on unencrypted partition)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489690/100/0/threaded" - }, - { - "name" : "28264", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28264" - }, - { - "name" : "29401", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29401" - }, - { - "name" : "3760", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29401", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29401" + }, + { + "name": "3760", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3760" + }, + { + "name": "20080316 raidsonic nas-4220 crypt disk key leak (stored in plain on unencrypted partition)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489690/100/0/threaded" + }, + { + "name": "28264", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28264" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3160.json b/2008/3xxx/CVE-2008-3160.json index 384264ce760..4557c17f9f6 100644 --- a/2008/3xxx/CVE-2008-3160.json +++ b/2008/3xxx/CVE-2008-3160.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in IBM Data ONTAP 7.1 before 7.1.3, as used by IBM System Storage N series Filer and IBM System Storage N series Gateway, have unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=1147&uid=ssg1S7002385", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=1147&uid=ssg1S7002385" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=1147&uid=ssg1S7002386", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=1147&uid=ssg1S7002386" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=ssg1S7002372", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=ssg1S7002372" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=ssg1S7002373", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=ssg1S7002373" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=ssg1S7002385&aid=1", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=ssg1S7002385&aid=1" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=ssg1S7002386&aid=1", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=ssg1S7002386&aid=1" - }, - { - "name" : "30160", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30160" - }, - { - "name" : "ADV-2008-2054", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2054" - }, - { - "name" : "1020463", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020463" - }, - { - "name" : "30931", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30931" - }, - { - "name" : "ibm-dataontap-filer-unspecified(43700)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43700" - }, - { - "name" : "ibm-dataontap-gateway-unspecified(43699)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43699" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in IBM Data ONTAP 7.1 before 7.1.3, as used by IBM System Storage N series Filer and IBM System Storage N series Gateway, have unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-dataontap-filer-unspecified(43700)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43700" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=ssg1S7002373", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=ssg1S7002373" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=1147&uid=ssg1S7002385", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=1147&uid=ssg1S7002385" + }, + { + "name": "ibm-dataontap-gateway-unspecified(43699)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43699" + }, + { + "name": "30931", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30931" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=1147&uid=ssg1S7002386", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=1147&uid=ssg1S7002386" + }, + { + "name": "30160", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30160" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=ssg1S7002385&aid=1", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=ssg1S7002385&aid=1" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=ssg1S7002386&aid=1", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=ssg1S7002386&aid=1" + }, + { + "name": "1020463", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020463" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=ssg1S7002372", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=ssg1S7002372" + }, + { + "name": "ADV-2008-2054", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2054" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4571.json b/2008/4xxx/CVE-2008-4571.json index 8d329c22644..e26bb77f9dd 100644 --- a/2008/4xxx/CVE-2008-4571.json +++ b/2008/4xxx/CVE-2008-4571.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in an IMG tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dev.plone.org/plone/ticket/7439", - "refsource" : "CONFIRM", - "url" : "http://dev.plone.org/plone/ticket/7439" - }, - { - "name" : "http://plone.org/products/plone/releases/3.0.4", - "refsource" : "CONFIRM", - "url" : "http://plone.org/products/plone/releases/3.0.4" - }, - { - "name" : "27098", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27098" - }, - { - "name" : "40660", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40660" - }, - { - "name" : "28293", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28293" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in an IMG tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27098", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27098" + }, + { + "name": "28293", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28293" + }, + { + "name": "http://plone.org/products/plone/releases/3.0.4", + "refsource": "CONFIRM", + "url": "http://plone.org/products/plone/releases/3.0.4" + }, + { + "name": "http://dev.plone.org/plone/ticket/7439", + "refsource": "CONFIRM", + "url": "http://dev.plone.org/plone/ticket/7439" + }, + { + "name": "40660", + "refsource": "OSVDB", + "url": "http://osvdb.org/40660" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4625.json b/2008/4xxx/CVE-2008-4625.json index e015d9a51dc..4d6633ab53f 100644 --- a/2008/4xxx/CVE-2008-4625.json +++ b/2008/4xxx/CVE-2008-4625.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6777", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6777" - }, - { - "name" : "31806", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31806" - }, - { - "name" : "32336", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32336" - }, - { - "name" : "4446", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4446" - }, - { - "name" : "shiftthis-stnliframe-sql-injection(45981)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4446", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4446" + }, + { + "name": "32336", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32336" + }, + { + "name": "31806", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31806" + }, + { + "name": "6777", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6777" + }, + { + "name": "shiftthis-stnliframe-sql-injection(45981)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45981" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4646.json b/2008/4xxx/CVE-2008-4646.json index 390a373aa5a..c377ac4bd20 100644 --- a/2008/4xxx/CVE-2008-4646.json +++ b/2008/4xxx/CVE-2008-4646.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Websense Reporter Module in Websense Enterprise 6.3.2 stores the SQL database system administrator password in plaintext in CreateDbInstall.log, which allows local users to gain privileges to the database." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zebux.org/pub/Advisory/Advisory_Websense_Reporter_Password_Disclosure_200810.txt", - "refsource" : "MISC", - "url" : "http://www.zebux.org/pub/Advisory/Advisory_Websense_Reporter_Password_Disclosure_200810.txt" - }, - { - "name" : "31746", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31746" - }, - { - "name" : "ADV-2008-2819", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2819" - }, - { - "name" : "1021058", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021058" - }, - { - "name" : "32264", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32264" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Websense Reporter Module in Websense Enterprise 6.3.2 stores the SQL database system administrator password in plaintext in CreateDbInstall.log, which allows local users to gain privileges to the database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zebux.org/pub/Advisory/Advisory_Websense_Reporter_Password_Disclosure_200810.txt", + "refsource": "MISC", + "url": "http://www.zebux.org/pub/Advisory/Advisory_Websense_Reporter_Password_Disclosure_200810.txt" + }, + { + "name": "32264", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32264" + }, + { + "name": "1021058", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021058" + }, + { + "name": "ADV-2008-2819", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2819" + }, + { + "name": "31746", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31746" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4772.json b/2008/4xxx/CVE-2008-4772.json index 7d4728a8b64..fc11dc97db5 100644 --- a/2008/4xxx/CVE-2008-4772.json +++ b/2008/4xxx/CVE-2008-4772.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in main/main.php in QuestCMS allows remote attackers to execute arbitrary SQL commands via the obj parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6853", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6853" - }, - { - "name" : "31945", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31945" - }, - { - "name" : "4523", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4523" - }, - { - "name" : "questcms-main-sql-injection(46150)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in main/main.php in QuestCMS allows remote attackers to execute arbitrary SQL commands via the obj parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6853", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6853" + }, + { + "name": "4523", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4523" + }, + { + "name": "31945", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31945" + }, + { + "name": "questcms-main-sql-injection(46150)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46150" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2317.json b/2013/2xxx/CVE-2013-2317.json index c74b94f073b..9e4684d2172 100644 --- a/2013/2xxx/CVE-2013-2317.json +++ b/2013/2xxx/CVE-2013-2317.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Sleipnir Mobile application 2.9.1 and earlier and Sleipnir Mobile Black Edition application 2.9.1 and earlier for Android allow remote attackers to spoof the address bar via vectors involving the opening of a new window." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-2317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#22756333", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN22756333/index.html" - }, - { - "name" : "JVNDB-2013-000046", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sleipnir Mobile application 2.9.1 and earlier and Sleipnir Mobile Black Edition application 2.9.1 and earlier for Android allow remote attackers to spoof the address bar via vectors involving the opening of a new window." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2013-000046", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000046" + }, + { + "name": "JVN#22756333", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN22756333/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2619.json b/2013/2xxx/CVE-2013-2619.json index 667f842b12d..bbfbef626c5 100644 --- a/2013/2xxx/CVE-2013-2619.json +++ b/2013/2xxx/CVE-2013-2619.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Aspen before 0.22 allows remote attackers to read arbitrary files via a .. (dot dot) to the default URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "24915", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/24915" - }, - { - "name" : "20130401 Aspen 0.8 - Directory Traversal", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Apr/2" - }, - { - "name" : "http://packetstormsecurity.com/files/121035/Aspen-0.8-Directory-Traversal.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/121035/Aspen-0.8-Directory-Traversal.html" - }, - { - "name" : "58794", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58794" - }, - { - "name" : "aspen-cve20132619-directory-traversal(83185)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Aspen before 0.22 allows remote attackers to read arbitrary files via a .. (dot dot) to the default URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aspen-cve20132619-directory-traversal(83185)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83185" + }, + { + "name": "24915", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/24915" + }, + { + "name": "20130401 Aspen 0.8 - Directory Traversal", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Apr/2" + }, + { + "name": "http://packetstormsecurity.com/files/121035/Aspen-0.8-Directory-Traversal.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/121035/Aspen-0.8-Directory-Traversal.html" + }, + { + "name": "58794", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58794" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2652.json b/2013/2xxx/CVE-2013-2652.json index a7365c96ba4..65111e486a8 100644 --- a/2013/2xxx/CVE-2013-2652.json +++ b/2013/2xxx/CVE-2013-2652.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in help/help_language.php in WebCollab 3.30 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the item parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131024 [ISecAuditors Security Advisories] HTTP Response Splitting Vulnerability in WebCollab <= v3.30", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-10/0117.html" - }, - { - "name" : "[Webcollab-announce] 20131018 Webcollab 3.31 Released", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/p/webcollab/mailman/message/31536457/" - }, - { - "name" : "http://packetstormsecurity.com/files/123771/WebCollab-3.30-HTTP-Response-Splitting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/123771/WebCollab-3.30-HTTP-Response-Splitting.html" - }, - { - "name" : "63247", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63247" - }, - { - "name" : "98768", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/98768" - }, - { - "name" : "55235", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55235" - }, - { - "name" : "55295", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55295" - }, - { - "name" : "webcollab-cve20132652-response-splitting(88177)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88177" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in help/help_language.php in WebCollab 3.30 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the item parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55295", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55295" + }, + { + "name": "http://packetstormsecurity.com/files/123771/WebCollab-3.30-HTTP-Response-Splitting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/123771/WebCollab-3.30-HTTP-Response-Splitting.html" + }, + { + "name": "20131024 [ISecAuditors Security Advisories] HTTP Response Splitting Vulnerability in WebCollab <= v3.30", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0117.html" + }, + { + "name": "98768", + "refsource": "OSVDB", + "url": "http://osvdb.org/98768" + }, + { + "name": "webcollab-cve20132652-response-splitting(88177)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88177" + }, + { + "name": "63247", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63247" + }, + { + "name": "55235", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55235" + }, + { + "name": "[Webcollab-announce] 20131018 Webcollab 3.31 Released", + "refsource": "MLIST", + "url": "http://sourceforge.net/p/webcollab/mailman/message/31536457/" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3195.json b/2013/3xxx/CVE-2013-3195.json index 598896b24e9..9d562c4dd2f 100644 --- a/2013/3xxx/CVE-2013-3195.json +++ b/2013/3xxx/CVE-2013-3195.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DSA_InsertItem function in Comctl32.dll in the Windows common control library in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted value in an argument to an ASP.NET web application, aka \"Comctl32 Integer Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/b/srd/archive/2013/10/08/assessing-risk-for-the-october-2013-security-updates.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/b/srd/archive/2013/10/08/assessing-risk-for-the-october-2013-security-updates.aspx" - }, - { - "name" : "MS13-083", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-083" - }, - { - "name" : "TA13-288A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-288A" - }, - { - "name" : "oval:org.mitre.oval:def:18715", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18715" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DSA_InsertItem function in Comctl32.dll in the Windows common control library in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted value in an argument to an ASP.NET web application, aka \"Comctl32 Integer Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-083", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-083" + }, + { + "name": "oval:org.mitre.oval:def:18715", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18715" + }, + { + "name": "TA13-288A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-288A" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2013/10/08/assessing-risk-for-the-october-2013-security-updates.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/b/srd/archive/2013/10/08/assessing-risk-for-the-october-2013-security-updates.aspx" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3756.json b/2013/3xxx/CVE-2013-3756.json index 0be8c71c596..c9254384dad 100644 --- a/2013/3xxx/CVE-2013-3756.json +++ b/2013/3xxx/CVE-2013-3756.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Landed Cost Management component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Shipment Workbench." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-3756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" - }, - { - "name" : "61242", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61242" - }, - { - "name" : "95280", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95280" - }, - { - "name" : "1028799", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028799" - }, - { - "name" : "54222", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54222" - }, - { - "name" : "oracle-cpujuly2013-cve20133756(85667)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85667" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Landed Cost Management component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Shipment Workbench." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95280", + "refsource": "OSVDB", + "url": "http://osvdb.org/95280" + }, + { + "name": "61242", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61242" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" + }, + { + "name": "1028799", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028799" + }, + { + "name": "oracle-cpujuly2013-cve20133756(85667)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85667" + }, + { + "name": "54222", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54222" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3899.json b/2013/3xxx/CVE-2013-3899.json index 8ab154fc01f..09cec1cedf6 100644 --- a/2013/3xxx/CVE-2013-3899.json +++ b/2013/3xxx/CVE-2013-3899.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate addresses, which allows local users to gain privileges via a crafted application, aka \"Win32k Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-101", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate addresses, which allows local users to gain privileges via a crafted application, aka \"Win32k Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-101", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-101" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3993.json b/2013/3xxx/CVE-2013-3993.json index fcb545d8ac4..c29faea5eee 100644 --- a/2013/3xxx/CVE-2013-3993.json +++ b/2013/3xxx/CVE-2013-3993.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-3993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677445", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677445" - }, - { - "name" : "68449", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68449" - }, - { - "name" : "59676", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59676" - }, - { - "name" : "ibm-biginsights-cve20133993-sec-bypass(84982)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84982" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59676", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59676" + }, + { + "name": "68449", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68449" + }, + { + "name": "ibm-biginsights-cve20133993-sec-bypass(84982)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84982" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677445", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677445" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6880.json b/2013/6xxx/CVE-2013-6880.json index 1bdbf2c54c7..1a6116c811d 100644 --- a/2013/6xxx/CVE-2013-6880.json +++ b/2013/6xxx/CVE-2013-6880.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6880", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6880", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6946.json b/2013/6xxx/CVE-2013-6946.json index 74d26727d63..0dbee065387 100644 --- a/2013/6xxx/CVE-2013-6946.json +++ b/2013/6xxx/CVE-2013-6946.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6946", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6946", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7089.json b/2013/7xxx/CVE-2013-7089.json index ece6a7e65f3..30131ab0c4e 100644 --- a/2013/7xxx/CVE-2013-7089.json +++ b/2013/7xxx/CVE-2013-7089.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7089", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7089", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10670.json b/2017/10xxx/CVE-2017-10670.json index ba8eb943dc3..8d9091391d0 100644 --- a/2017/10xxx/CVE-2017-10670.json +++ b/2017/10xxx/CVE-2017-10670.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET), exploitable by sending a crafted standard-conforming OSCI message from within the infrastructure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Jun/44", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jun/44" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET), exploitable by sending a crafted standard-conforming OSCI message from within the infrastructure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Jun/44", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Jun/44" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10691.json b/2017/10xxx/CVE-2017-10691.json index f555102cf40..317e4006ea2 100644 --- a/2017/10xxx/CVE-2017-10691.json +++ b/2017/10xxx/CVE-2017-10691.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10691", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10691", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10809.json b/2017/10xxx/CVE-2017-10809.json index 9f5b2c364b4..f7f3fa5c543 100644 --- a/2017/10xxx/CVE-2017-10809.json +++ b/2017/10xxx/CVE-2017-10809.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10809", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10809", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13021.json b/2017/13xxx/CVE-2017-13021.json index 72df1c0e8f4..1c43ebe6878 100644 --- a/2017/13xxx/CVE-2017-13021.json +++ b/2017/13xxx/CVE-2017-13021.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13021", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tcpdump.org/tcpdump-changes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tcpdump.org/tcpdump-changes.txt" - }, - { - "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/67c7126062d59729cd421bb38f9594015c9907ba", - "refsource" : "CONFIRM", - "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/67c7126062d59729cd421bb38f9594015c9907ba" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "DSA-3971", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3971" - }, - { - "name" : "GLSA-201709-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-23" - }, - { - "name" : "RHEA-2018:0705", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHEA-2018:0705" - }, - { - "name" : "1039307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-23" + }, + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "DSA-3971", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3971" + }, + { + "name": "1039307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039307" + }, + { + "name": "https://github.com/the-tcpdump-group/tcpdump/commit/67c7126062d59729cd421bb38f9594015c9907ba", + "refsource": "CONFIRM", + "url": "https://github.com/the-tcpdump-group/tcpdump/commit/67c7126062d59729cd421bb38f9594015c9907ba" + }, + { + "name": "http://www.tcpdump.org/tcpdump-changes.txt", + "refsource": "CONFIRM", + "url": "http://www.tcpdump.org/tcpdump-changes.txt" + }, + { + "name": "RHEA-2018:0705", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHEA-2018:0705" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14436.json b/2017/14xxx/CVE-2017-14436.json index 328ec26861d..2554ca6e7d3 100644 --- a/2017/14xxx/CVE-2017-14436.json +++ b/2017/14xxx/CVE-2017-14436.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-04-13T00:00:00", - "ID" : "CVE-2017-14436", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Moxa", - "version" : { - "version_data" : [ - { - "version_value" : "Moxa EDR-810 V4.1 build 17030317" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to \"/MOXA\\_CFG2.ini\" without a cookie header to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-04-13T00:00:00", + "ID": "CVE-2017-14436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Moxa", + "version": { + "version_data": [ + { + "version_value": "Moxa EDR-810 V4.1 build 17030317" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0474", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to \"/MOXA\\_CFG2.ini\" without a cookie header to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0474", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0474" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14996.json b/2017/14xxx/CVE-2017-14996.json index 629a1a8b78a..bfd89d8d627 100644 --- a/2017/14xxx/CVE-2017-14996.json +++ b/2017/14xxx/CVE-2017-14996.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14996", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14996", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17094.json b/2017/17xxx/CVE-2017-17094.json index ec737beaa33..715285f6d57 100644 --- a/2017/17xxx/CVE-2017-17094.json +++ b/2017/17xxx/CVE-2017-17094.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171221 [SECURITY] [DLA 1216-1] wordpress security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00019.html" - }, - { - "name" : "https://codex.wordpress.org/Version_4.9.1", - "refsource" : "MISC", - "url" : "https://codex.wordpress.org/Version_4.9.1" - }, - { - "name" : "https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de", - "refsource" : "MISC", - "url" : "https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de" - }, - { - "name" : "https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/", - "refsource" : "MISC", - "url" : "https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8967", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8967" - }, - { - "name" : "DSA-4090", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4090" - }, - { - "name" : "102024", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wpvulndb.com/vulnerabilities/8967", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8967" + }, + { + "name": "DSA-4090", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4090" + }, + { + "name": "[debian-lts-announce] 20171221 [SECURITY] [DLA 1216-1] wordpress security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00019.html" + }, + { + "name": "102024", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102024" + }, + { + "name": "https://codex.wordpress.org/Version_4.9.1", + "refsource": "MISC", + "url": "https://codex.wordpress.org/Version_4.9.1" + }, + { + "name": "https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/", + "refsource": "MISC", + "url": "https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/" + }, + { + "name": "https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de", + "refsource": "MISC", + "url": "https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17152.json b/2017/17xxx/CVE-2017-17152.json index 89ba54fdabe..c595b176927 100644 --- a/2017/17xxx/CVE-2017-17152.json +++ b/2017/17xxx/CVE-2017-17152.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-17152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "IPS,Module,NGFW,Module,NIP6300,NIP6600,Secospace,USG6300,Secospace,USG6500,Secospace,USG6600,USG9500", - "version" : { - "version_data" : [ - { - "version_value" : "IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds write vulnerability due to insufficient input validation. An attacker could exploit it to craft special packets to trigger out-of-bounds memory write, which may further lead to system exceptions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "out-of-bounds write" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-17152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "IPS,Module,NGFW,Module,NIP6300,NIP6600,Secospace,USG6300,Secospace,USG6500,Secospace,USG6600,USG9500", + "version": { + "version_data": [ + { + "version_value": "IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-ikev2-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-ikev2-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds write vulnerability due to insufficient input validation. An attacker could exploit it to craft special packets to trigger out-of-bounds memory write, which may further lead to system exceptions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-ikev2-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-ikev2-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17195.json b/2017/17xxx/CVE-2017-17195.json index 844c3806410..4ba8a592d18 100644 --- a/2017/17xxx/CVE-2017-17195.json +++ b/2017/17xxx/CVE-2017-17195.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17195", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17195", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17594.json b/2017/17xxx/CVE-2017-17594.json index 7569bfc4b1a..7e63a0d03ec 100644 --- a/2017/17xxx/CVE-2017-17594.json +++ b/2017/17xxx/CVE-2017-17594.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43235", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43235/" - }, - { - "name" : "https://packetstormsecurity.com/files/145246/DomainSale-PHP-Script-1.0-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/145246/DomainSale-PHP-Script-1.0-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43235", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43235/" + }, + { + "name": "https://packetstormsecurity.com/files/145246/DomainSale-PHP-Script-1.0-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/145246/DomainSale-PHP-Script-1.0-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9321.json b/2017/9xxx/CVE-2017-9321.json index 1446320cd7c..b2f348c436d 100644 --- a/2017/9xxx/CVE-2017-9321.json +++ b/2017/9xxx/CVE-2017-9321.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9321", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-9321", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9447.json b/2017/9xxx/CVE-2017-9447.json index 13395f5214c..33c36bc7549 100644 --- a/2017/9xxx/CVE-2017-9447.json +++ b/2017/9xxx/CVE-2017-9447.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the \"RASHTML5Gateway\" directory. A remote, unauthenticated attacker could exploit this weakness to read arbitrary files from the vulnerable system using path traversal sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "442321", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/442321/" - }, - { - "name" : "https://blog.runesec.com/2018/02/22/parallels-ras-path-traversal/", - "refsource" : "MISC", - "url" : "https://blog.runesec.com/2018/02/22/parallels-ras-path-traversal/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the \"RASHTML5Gateway\" directory. A remote, unauthenticated attacker could exploit this weakness to read arbitrary files from the vulnerable system using path traversal sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "442321", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/442321/" + }, + { + "name": "https://blog.runesec.com/2018/02/22/parallels-ras-path-traversal/", + "refsource": "MISC", + "url": "https://blog.runesec.com/2018/02/22/parallels-ras-path-traversal/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9505.json b/2017/9xxx/CVE-2017-9505.json index 6574aef7db6..07cf431b594 100644 --- a/2017/9xxx/CVE-2017-9505.json +++ b/2017/9xxx/CVE-2017-9505.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "ID" : "CVE-2017-9505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Confluence Server", - "version" : { - "version_data" : [ - { - "version_value" : "Versions of Confluence starting with 4.3.0 before 6.2.1 are affected by this vulnerability." - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments added to a page after they started watching it even if they do not have permission to view the page itself." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Access Restriction Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "ID": "CVE-2017-9505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Confluence Server", + "version": { + "version_data": [ + { + "version_value": "Versions of Confluence starting with 4.3.0 before 6.2.1 are affected by this vulnerability." + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170613-0_Atlassian_Confluence_Access_Restriction_Bypass_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170613-0_Atlassian_Confluence_Access_Restriction_Bypass_v10.txt" - }, - { - "name" : "https://jira.atlassian.com/browse/CONFSERVER-52560", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/CONFSERVER-52560" - }, - { - "name" : "99086", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99086" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments added to a page after they started watching it even if they do not have permission to view the page itself." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access Restriction Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99086", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99086" + }, + { + "name": "https://jira.atlassian.com/browse/CONFSERVER-52560", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/CONFSERVER-52560" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170613-0_Atlassian_Confluence_Access_Restriction_Bypass_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170613-0_Atlassian_Confluence_Access_Restriction_Bypass_v10.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9595.json b/2017/9xxx/CVE-2017-9595.json index 8e9f0f095bc..b07a7167231 100644 --- a/2017/9xxx/CVE-2017-9595.json +++ b/2017/9xxx/CVE-2017-9595.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"First State Bank of Bigfork Mobile Banking\" by First State Bank of Bigfork app 4.0.3 -- aka first-state-bank-of-bigfork-mobile-banking/id1133969876 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"First State Bank of Bigfork Mobile Banking\" by First State Bank of Bigfork app 4.0.3 -- aka first-state-bank-of-bigfork-mobile-banking/id1133969876 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0601.json b/2018/0xxx/CVE-2018-0601.json index 931224998fe..17774441827 100644 --- a/2018/0xxx/CVE-2018-0601.json +++ b/2018/0xxx/CVE-2018-0601.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "axpdfium", - "version" : { - "version_data" : [ - { - "version_value" : "v0.01" - } - ] - } - } - ] - }, - "vendor_name" : "Yasutaka ATARASHI" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "axpdfium", + "version": { + "version_data": [ + { + "version_value": "v0.01" + } + ] + } + } + ] + }, + "vendor_name": "Yasutaka ATARASHI" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/yak1ex/axpdfium/wiki/JVN%2379301396(en)", - "refsource" : "MISC", - "url" : "https://github.com/yak1ex/axpdfium/wiki/JVN%2379301396(en)" - }, - { - "name" : "JVN#79301396", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN79301396/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#79301396", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN79301396/index.html" + }, + { + "name": "https://github.com/yak1ex/axpdfium/wiki/JVN%2379301396(en)", + "refsource": "MISC", + "url": "https://github.com/yak1ex/axpdfium/wiki/JVN%2379301396(en)" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0677.json b/2018/0xxx/CVE-2018-0677.json index ba9bc839e92..c71c2ee302e 100644 --- a/2018/0xxx/CVE-2018-0677.json +++ b/2018/0xxx/CVE-2018-0677.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0677", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BN-SDWBP3", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.0.9 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Panasonic Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BN-SDWBP3", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.0.9 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Panasonic Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://p3.support.panasonic.com/faq/show/5017?&site_domain=p3", - "refsource" : "MISC", - "url" : "https://p3.support.panasonic.com/faq/show/5017?&site_domain=p3" - }, - { - "name" : "JVN#65082538", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN65082538/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#65082538", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN65082538/index.html" + }, + { + "name": "https://p3.support.panasonic.com/faq/show/5017?&site_domain=p3", + "refsource": "MISC", + "url": "https://p3.support.panasonic.com/faq/show/5017?&site_domain=p3" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000534.json b/2018/1000xxx/CVE-2018-1000534.json index 0d9585a201d..ed28bc74e54 100644 --- a/2018/1000xxx/CVE-2018-1000534.json +++ b/2018/1000xxx/CVE-2018-1000534.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-06-23T11:22:33.049360", - "DATE_REQUESTED" : "2018-05-11T12:06:44", - "ID" : "CVE-2018-1000534", - "REQUESTER" : "silviavali14@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Joplin", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 1.0.90" - } - ] - } - } - ] - }, - "vendor_name" : "Joplin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89 that can result in executing unauthorized code within the rights in which the application is running. This attack appear to be exploitable via Victim synchronizing notes from the cloud services or other note-keeping services which contain malicious code. This vulnerability appears to have been fixed in 1.0.90 and later." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-06-23T11:22:33.049360", + "DATE_REQUESTED": "2018-05-11T12:06:44", + "ID": "CVE-2018-1000534", + "REQUESTER": "silviavali14@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89", - "refsource" : "MISC", - "url" : "https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89" - }, - { - "name" : "https://github.com/laurent22/joplin/issues/500", - "refsource" : "MISC", - "url" : "https://github.com/laurent22/joplin/issues/500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89 that can result in executing unauthorized code within the rights in which the application is running. This attack appear to be exploitable via Victim synchronizing notes from the cloud services or other note-keeping services which contain malicious code. This vulnerability appears to have been fixed in 1.0.90 and later." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/laurent22/joplin/issues/500", + "refsource": "MISC", + "url": "https://github.com/laurent22/joplin/issues/500" + }, + { + "name": "https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89", + "refsource": "MISC", + "url": "https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19242.json b/2018/19xxx/CVE-2018-19242.json index 33359f05b86..89159302574 100644 --- a/2018/19xxx/CVE-2018-19242.json +++ b/2018/19xxx/CVE-2018-19242.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (with authentication)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181209 Multiple vulnerabilities found in Trendnet routers and IP Cameras.", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Dec/21" - }, - { - "name" : "http://packetstormsecurity.com/files/150693/TRENDnet-Command-Injection-Buffer-Overflow-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/150693/TRENDnet-Command-Injection-Buffer-Overflow-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (with authentication)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/150693/TRENDnet-Command-Injection-Buffer-Overflow-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/150693/TRENDnet-Command-Injection-Buffer-Overflow-Cross-Site-Scripting.html" + }, + { + "name": "20181209 Multiple vulnerabilities found in Trendnet routers and IP Cameras.", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Dec/21" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19892.json b/2018/19xxx/CVE-2018-19892.json index d9fe065ba26..c468c364154 100644 --- a/2018/19xxx/CVE-2018-19892.json +++ b/2018/19xxx/CVE-2018-19892.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/domainmod/domainmod/issues/85", - "refsource" : "MISC", - "url" : "https://github.com/domainmod/domainmod/issues/85" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/domainmod/domainmod/issues/85", + "refsource": "MISC", + "url": "https://github.com/domainmod/domainmod/issues/85" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1148.json b/2018/1xxx/CVE-2018-1148.json index d6f661a878b..e9f749d5700 100644 --- a/2018/1xxx/CVE-2018-1148.json +++ b/2018/1xxx/CVE-2018-1148.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnreport@tenable.com", - "DATE_PUBLIC" : "2018-05-15T00:00:00", - "ID" : "CVE-2018-1148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Tenable Nessus", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to 7.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Tenable" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application. An authenticated attacker could maintain system access due to session fixation after a user password change." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Session Fixation" - } + "CVE_data_meta": { + "ASSIGNER": "vulnreport@tenable.com", + "DATE_PUBLIC": "2018-05-15T00:00:00", + "ID": "CVE-2018-1148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tenable Nessus", + "version": { + "version_data": [ + { + "version_value": "All versions prior to 7.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Tenable" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/tns-2018-05", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2018-05" - }, - { - "name" : "1040918", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040918" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application. An authenticated attacker could maintain system access due to session fixation after a user password change." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Session Fixation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/tns-2018-05", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2018-05" + }, + { + "name": "1040918", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040918" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1339.json b/2018/1xxx/CVE-2018-1339.json index dc7d523091a..917ba7040ac 100644 --- a/2018/1xxx/CVE-2018-1339.json +++ b/2018/1xxx/CVE-2018-1339.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-04-25T00:00:00", - "ID" : "CVE-2018-1339", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Tika", - "version" : { - "version_data" : [ - { - "version_value" : "< 1.18" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial Of Service Vulnerability -- infinite loop" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-04-25T00:00:00", + "ID": "CVE-2018-1339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Tika", + "version": { + "version_data": [ + { + "version_value": "< 1.18" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dev] 20180425 [CVE-2018-1339] DoS (Infinite Loop) Vulnerability in Apache Tika's ChmParser", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/4d2cb5c819401bb075e2a1130e0d14f0404a136541a6f91da0225828@%3Cdev.tika.apache.org%3E" - }, - { - "name" : "RHSA-2018:2669", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2669" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial Of Service Vulnerability -- infinite loop" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:2669", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2669" + }, + { + "name": "[dev] 20180425 [CVE-2018-1339] DoS (Infinite Loop) Vulnerability in Apache Tika's ChmParser", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/4d2cb5c819401bb075e2a1130e0d14f0404a136541a6f91da0225828@%3Cdev.tika.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1446.json b/2018/1xxx/CVE-2018-1446.json index fecf924c646..016f80b97b0 100644 --- a/2018/1xxx/CVE-2018-1446.json +++ b/2018/1xxx/CVE-2018-1446.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1446", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1446", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1643.json b/2018/1xxx/CVE-2018-1643.json index 9e813a8008d..4970ec8aa12 100644 --- a/2018/1xxx/CVE-2018-1643.json +++ b/2018/1xxx/CVE-2018-1643.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-11-12T00:00:00", - "ID" : "CVE-2018-1643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Application Server", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.5" - }, - { - "version_value" : "9.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144588" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "N", - "S" : "C", - "SCORE" : "6.100", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-11-12T00:00:00", + "ID": "CVE-2018-1643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Application Server", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.5" + }, + { + "version_value": "9.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10716857", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10716857" - }, - { - "name" : "106032", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106032" - }, - { - "name" : "1042088", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042088" - }, - { - "name" : "ibm-websphere-cve20181643-xss(144588)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144588" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144588" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "N", + "S": "C", + "SCORE": "6.100", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10716857", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10716857" + }, + { + "name": "1042088", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042088" + }, + { + "name": "ibm-websphere-cve20181643-xss(144588)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144588" + }, + { + "name": "106032", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106032" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4419.json b/2018/4xxx/CVE-2018-4419.json index fba43222f34..ef4cec7a415 100644 --- a/2018/4xxx/CVE-2018-4419.json +++ b/2018/4xxx/CVE-2018-4419.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4419", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4419", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4967.json b/2018/4xxx/CVE-2018-4967.json index 606ae651c45..3fc91f0df9a 100644 --- a/2018/4xxx/CVE-2018-4967.json +++ b/2018/4xxx/CVE-2018-4967.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" - }, - { - "name" : "104175", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104175" - }, - { - "name" : "1040920", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" + }, + { + "name": "1040920", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040920" + }, + { + "name": "104175", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104175" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4977.json b/2018/4xxx/CVE-2018-4977.json index 22bc01d8d20..ea999126d35 100644 --- a/2018/4xxx/CVE-2018-4977.json +++ b/2018/4xxx/CVE-2018-4977.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" - }, - { - "name" : "104169", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104169" - }, - { - "name" : "1040920", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104169", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104169" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" + }, + { + "name": "1040920", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040920" + } + ] + } +} \ No newline at end of file