From 97a17ac3e42db759284038befa3de243127bb83e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:05:01 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/1xxx/CVE-2004-1069.json | 150 ++++---- 2004/1xxx/CVE-2004-1109.json | 150 ++++---- 2004/1xxx/CVE-2004-1336.json | 150 ++++---- 2004/1xxx/CVE-2004-1464.json | 170 ++++----- 2004/1xxx/CVE-2004-1743.json | 170 ++++----- 2004/1xxx/CVE-2004-1821.json | 160 ++++----- 2008/2xxx/CVE-2008-2592.json | 210 +++++------ 2008/2xxx/CVE-2008-2767.json | 160 ++++----- 2008/3xxx/CVE-2008-3198.json | 150 ++++---- 2008/3xxx/CVE-2008-3246.json | 200 +++++------ 2008/3xxx/CVE-2008-3366.json | 150 ++++---- 2008/4xxx/CVE-2008-4059.json | 550 ++++++++++++++--------------- 2008/4xxx/CVE-2008-4907.json | 190 +++++----- 2008/6xxx/CVE-2008-6490.json | 140 ++++---- 2008/6xxx/CVE-2008-6847.json | 140 ++++---- 2008/6xxx/CVE-2008-6968.json | 140 ++++---- 2013/2xxx/CVE-2013-2309.json | 140 ++++---- 2013/2xxx/CVE-2013-2396.json | 130 +++---- 2013/2xxx/CVE-2013-2675.json | 34 +- 2013/2xxx/CVE-2013-2677.json | 34 +- 2013/6xxx/CVE-2013-6391.json | 190 +++++----- 2013/6xxx/CVE-2013-6800.json | 140 ++++---- 2017/11xxx/CVE-2017-11001.json | 130 +++---- 2017/11xxx/CVE-2017-11203.json | 34 +- 2017/11xxx/CVE-2017-11465.json | 130 +++---- 2017/11xxx/CVE-2017-11771.json | 142 ++++---- 2017/11xxx/CVE-2017-11935.json | 142 ++++---- 2017/14xxx/CVE-2017-14201.json | 34 +- 2017/14xxx/CVE-2017-14258.json | 120 +++---- 2017/14xxx/CVE-2017-14792.json | 34 +- 2017/14xxx/CVE-2017-14957.json | 150 ++++---- 2017/15xxx/CVE-2017-15265.json | 310 ++++++++-------- 2017/15xxx/CVE-2017-15295.json | 140 ++++---- 2017/15xxx/CVE-2017-15832.json | 36 +- 2017/15xxx/CVE-2017-15911.json | 130 +++---- 2017/15xxx/CVE-2017-15965.json | 140 ++++---- 2017/9xxx/CVE-2017-9216.json | 130 +++---- 2017/9xxx/CVE-2017-9290.json | 34 +- 2017/9xxx/CVE-2017-9476.json | 120 +++---- 2018/0xxx/CVE-2018-0429.json | 130 +++---- 2018/0xxx/CVE-2018-0855.json | 142 ++++---- 2018/1000xxx/CVE-2018-1000156.json | 274 +++++++------- 2018/12xxx/CVE-2018-12341.json | 34 +- 2018/12xxx/CVE-2018-12581.json | 140 ++++---- 2018/16xxx/CVE-2018-16652.json | 34 +- 2018/16xxx/CVE-2018-16850.json | 206 +++++------ 2018/17xxx/CVE-2018-17996.json | 58 ++- 2018/4xxx/CVE-2018-4018.json | 34 +- 2018/4xxx/CVE-2018-4068.json | 34 +- 2018/4xxx/CVE-2018-4514.json | 34 +- 2018/4xxx/CVE-2018-4768.json | 34 +- 51 files changed, 3406 insertions(+), 3352 deletions(-) diff --git a/2004/1xxx/CVE-2004-1069.json b/2004/1xxx/CVE-2004-1069.json index 5c9e06bcf29..5ccaff2ba8c 100644 --- a/2004/1xxx/CVE-2004-1069.json +++ b/2004/1xxx/CVE-2004-1069.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in SELinux 2.6.x through 2.6.9 allows local users to cause a denial of service (kernel crash) via SOCK_SEQPACKET unix domain sockets, which are not properly handled in the sock_dgram_sendmsg function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20041114 [PATCH] linux 2.9.10-rc1: Fix oops in unix_dgram_sendmsg when using", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-kernel&m=110045613004761" - }, - { - "name" : "MDKSA-2005:022", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:022" - }, - { - "name" : "20041214 [USN-38-1] Linux kernel vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110306397320336&w=2" - }, - { - "name" : "linux-sockdgramsendmsg-race-condition(18312)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18312" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in SELinux 2.6.x through 2.6.9 allows local users to cause a denial of service (kernel crash) via SOCK_SEQPACKET unix domain sockets, which are not properly handled in the sock_dgram_sendmsg function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2005:022", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:022" + }, + { + "name": "20041214 [USN-38-1] Linux kernel vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110306397320336&w=2" + }, + { + "name": "[linux-kernel] 20041114 [PATCH] linux 2.9.10-rc1: Fix oops in unix_dgram_sendmsg when using", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-kernel&m=110045613004761" + }, + { + "name": "linux-sockdgramsendmsg-race-condition(18312)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18312" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1109.json b/2004/1xxx/CVE-2004-1109.json index c83fbb37f41..a8bf8c50a3f 100644 --- a/2004/1xxx/CVE-2004-1109.json +++ b/2004/1xxx/CVE-2004-1109.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allows remote attackers to cause a denial of service (CPU consumption and system freeze from infinite loop) via a (1) TCP, (2) UDP, or (3) ICMP packet with a zero length IP Option field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "AD20041109", - "refsource" : "EEYE", - "url" : "http://www.eeye.com/html/research/advisories/AD20041109.html" - }, - { - "name" : "http://www.kerio.com/security_advisory.html", - "refsource" : "CONFIRM", - "url" : "http://www.kerio.com/security_advisory.html" - }, - { - "name" : "11639", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11639" - }, - { - "name" : "kerio-pf-packet-dos(17992)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allows remote attackers to cause a denial of service (CPU consumption and system freeze from infinite loop) via a (1) TCP, (2) UDP, or (3) ICMP packet with a zero length IP Option field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "kerio-pf-packet-dos(17992)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17992" + }, + { + "name": "http://www.kerio.com/security_advisory.html", + "refsource": "CONFIRM", + "url": "http://www.kerio.com/security_advisory.html" + }, + { + "name": "11639", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11639" + }, + { + "name": "AD20041109", + "refsource": "EEYE", + "url": "http://www.eeye.com/html/research/advisories/AD20041109.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1336.json b/2004/1xxx/CVE-2004-1336.json index 41a15b47a93..7494b6fa64a 100644 --- a/2004/1xxx/CVE-2004-1336.json +++ b/2004/1xxx/CVE-2004-1336.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The xdvizilla script in tetex-bin 2.0.2 creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041223 [USN-51-1] teTeX auxiliary script vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110383942014839&w=2" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286370", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286370" - }, - { - "name" : "12100", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12100" - }, - { - "name" : "xdvizilla-symlink(18708)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18708" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The xdvizilla script in tetex-bin 2.0.2 creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12100", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12100" + }, + { + "name": "xdvizilla-symlink(18708)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18708" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286370", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286370" + }, + { + "name": "20041223 [USN-51-1] teTeX auxiliary script vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110383942014839&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1464.json b/2004/1xxx/CVE-2004-1464.json index 1eb50e78506..81326a84aae 100644 --- a/2004/1xxx/CVE-2004-1464.json +++ b/2004/1xxx/CVE-2004-1464.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040827 Cisco Telnet Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml" - }, - { - "name" : "VU#384230", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/384230" - }, - { - "name" : "11060", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11060" - }, - { - "name" : "1011079", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011079" - }, - { - "name" : "12395", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12395/" - }, - { - "name" : "cisco-ios-telnet-dos(17131)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-ios-telnet-dos(17131)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17131" + }, + { + "name": "1011079", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011079" + }, + { + "name": "VU#384230", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/384230" + }, + { + "name": "12395", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12395/" + }, + { + "name": "20040827 Cisco Telnet Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml" + }, + { + "name": "11060", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11060" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1743.json b/2004/1xxx/CVE-2004-1743.json index 1457264a12a..6eab6fd3204 100644 --- a/2004/1xxx/CVE-2004-1743.json +++ b/2004/1xxx/CVE-2004-1743.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view arbitrary files via an HTTP request for the disk_c virtual folder." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040824 Easy File Sharing Webserver v1.25 Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109341398102863&w=2" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00045-08242004", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00045-08242004" - }, - { - "name" : "11034", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11034" - }, - { - "name" : "1011045", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011045" - }, - { - "name" : "12372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12372" - }, - { - "name" : "easyfilesharing-obtain-info(17109)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view arbitrary files via an HTTP request for the disk_c virtual folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11034", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11034" + }, + { + "name": "12372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12372" + }, + { + "name": "20040824 Easy File Sharing Webserver v1.25 Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109341398102863&w=2" + }, + { + "name": "easyfilesharing-obtain-info(17109)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17109" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00045-08242004", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00045-08242004" + }, + { + "name": "1011045", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011045" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1821.json b/2004/1xxx/CVE-2004-1821.json index af59e150a76..feb875519f2 100644 --- a/2004/1xxx/CVE-2004-1821.json +++ b/2004/1xxx/CVE-2004-1821.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to gain privileges or perform unauthorized database operations via the gid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040315 [waraxe-2004-SA#006 - Multiple vulnerabilities in 4nalbum module for PhpNuke]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107937780222514&w=2" - }, - { - "name" : "9881", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9881" - }, - { - "name" : "4294", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4294" - }, - { - "name" : "11134", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11134" - }, - { - "name" : "4nalbum-modulesphp-SQL-injection(15498)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to gain privileges or perform unauthorized database operations via the gid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4nalbum-modulesphp-SQL-injection(15498)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15498" + }, + { + "name": "11134", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11134" + }, + { + "name": "9881", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9881" + }, + { + "name": "20040315 [waraxe-2004-SA#006 - Multiple vulnerabilities in 4nalbum module for PhpNuke]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107937780222514&w=2" + }, + { + "name": "4294", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4294" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2592.json b/2008/2xxx/CVE-2008-2592.json index b118f7180aa..4a6f1f0c1d6 100644 --- a/2008/2xxx/CVE-2008-2592.json +++ b/2008/2xxx/CVE-2008-2592.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMS_DEFER_SYS. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a SQL injection vulnerability in the DELETE_TRAN procedure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080804 Team SHATTER Security Advisory: SQL Injection in Oracle Database (DBMS_DEFER_SYS.DELETE_TRAN)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495094/100/0/threaded" - }, - { - "name" : "20080811 Re: Team SHATTER Security Advisory: SQL Injection in Oracle Database (DBMS_DEFER_SYS.DELETE_TRAN)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495336/100/0/threaded" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "ADV-2008-2115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2115" - }, - { - "name" : "ADV-2008-2109", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2109/references" - }, - { - "name" : "1020499", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020499" - }, - { - "name" : "31113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31113" - }, - { - "name" : "31087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMS_DEFER_SYS. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a SQL injection vulnerability in the DELETE_TRAN procedure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" + }, + { + "name": "ADV-2008-2115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2115" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "20080804 Team SHATTER Security Advisory: SQL Injection in Oracle Database (DBMS_DEFER_SYS.DELETE_TRAN)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495094/100/0/threaded" + }, + { + "name": "ADV-2008-2109", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2109/references" + }, + { + "name": "1020499", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020499" + }, + { + "name": "31087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31087" + }, + { + "name": "20080811 Re: Team SHATTER Security Advisory: SQL Injection in Oracle Database (DBMS_DEFER_SYS.DELETE_TRAN)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495336/100/0/threaded" + }, + { + "name": "31113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31113" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2767.json b/2008/2xxx/CVE-2008-2767.json index 35498168e87..b873e5ebe6b 100644 --- a/2008/2xxx/CVE-2008-2767.json +++ b/2008/2xxx/CVE-2008-2767.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to execute arbitrary SQL commands via the orderby parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080611 Xigla Multiple Products - Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=121322052622903&w=2" - }, - { - "name" : "http://bugreport.ir/index.php?/41", - "refsource" : "MISC", - "url" : "http://bugreport.ir/index.php?/41" - }, - { - "name" : "29672", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29672" - }, - { - "name" : "3950", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3950" - }, - { - "name" : "absolutepoll-search-sql-injection(43055)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to execute arbitrary SQL commands via the orderby parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugreport.ir/index.php?/41", + "refsource": "MISC", + "url": "http://bugreport.ir/index.php?/41" + }, + { + "name": "29672", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29672" + }, + { + "name": "absolutepoll-search-sql-injection(43055)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43055" + }, + { + "name": "20080611 Xigla Multiple Products - Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=121322052622903&w=2" + }, + { + "name": "3950", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3950" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3198.json b/2008/3xxx/CVE-2008-3198.json index 47d00d97521..079dbb0b5cd 100644 --- a/2008/3xxx/CVE-2008-3198.json +++ b/2008/3xxx/CVE-2008-3198.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3198", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arbitrary web script into a chrome document via unspecified vectors, as demonstrated by injection into a XUL error page. NOTE: this can be leveraged to execute arbitrary code using CVE-2008-2933." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-35.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-35.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=441169", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=441169" - }, - { - "name" : "30244", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30244" - }, - { - "name" : "firefox-chrome-xss(44199)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44199" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arbitrary web script into a chrome document via unspecified vectors, as demonstrated by injection into a XUL error page. NOTE: this can be leveraged to execute arbitrary code using CVE-2008-2933." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-35.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-35.html" + }, + { + "name": "firefox-chrome-xss(44199)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44199" + }, + { + "name": "30244", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30244" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=441169", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=441169" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3246.json b/2008/3xxx/CVE-2008-3246.json index c4638f7f985..5e7b016efb3 100644 --- a/2008/3xxx/CVE-2008-3246.json +++ b/2008/3xxx/CVE-2008-3246.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.blackberry.com/btsc/articles/635/KB15770_f.SAL_Public.html", - "refsource" : "CONFIRM", - "url" : "http://www.blackberry.com/btsc/articles/635/KB15770_f.SAL_Public.html" - }, - { - "name" : "http://www.blackberry.com/btsc/articles/660/KB15766_f.SAL_Public.html", - "refsource" : "CONFIRM", - "url" : "http://www.blackberry.com/btsc/articles/660/KB15766_f.SAL_Public.html" - }, - { - "name" : "VU#289235", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/289235" - }, - { - "name" : "ADV-2008-2108", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2108/references" - }, - { - "name" : "1020505", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020505" - }, - { - "name" : "31092", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31092" - }, - { - "name" : "31141", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31141" - }, - { - "name" : "blackberry-es-pdf-code-execution(43840)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43840" - }, - { - "name" : "blackberry-unite-pdf-code-execution(43843)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43843" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31141", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31141" + }, + { + "name": "blackberry-unite-pdf-code-execution(43843)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43843" + }, + { + "name": "http://www.blackberry.com/btsc/articles/660/KB15766_f.SAL_Public.html", + "refsource": "CONFIRM", + "url": "http://www.blackberry.com/btsc/articles/660/KB15766_f.SAL_Public.html" + }, + { + "name": "blackberry-es-pdf-code-execution(43840)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43840" + }, + { + "name": "VU#289235", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/289235" + }, + { + "name": "1020505", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020505" + }, + { + "name": "31092", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31092" + }, + { + "name": "ADV-2008-2108", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2108/references" + }, + { + "name": "http://www.blackberry.com/btsc/articles/635/KB15770_f.SAL_Public.html", + "refsource": "CONFIRM", + "url": "http://www.blackberry.com/btsc/articles/635/KB15770_f.SAL_Public.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3366.json b/2008/3xxx/CVE-2008-3366.json index e8b83a24c14..6b76843f74b 100644 --- a/2008/3xxx/CVE-2008-3366.json +++ b/2008/3xxx/CVE-2008-3366.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3366", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2008-1774." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3366", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6146", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6146" - }, - { - "name" : "ADV-2008-2214", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2214/references" - }, - { - "name" : "4063", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4063" - }, - { - "name" : "pliggcms-story-sql-injection(44021)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44021" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2008-1774." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4063", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4063" + }, + { + "name": "pliggcms-story-sql-injection(44021)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44021" + }, + { + "name": "ADV-2008-2214", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2214/references" + }, + { + "name": "6146", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6146" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4059.json b/2008/4xxx/CVE-2008-4059.json index 2558bcee8fa..9b73216ed56 100644 --- a/2008/4xxx/CVE-2008-4059.json +++ b/2008/4xxx/CVE-2008-4059.json @@ -1,277 +1,277 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to \"pollute XPCNativeWrappers\" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-4059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-41.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-41.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=419848", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=419848" - }, - { - "name" : "http://download.novell.com/Download?buildid=WZXONb-tqBw~", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=WZXONb-tqBw~" - }, - { - "name" : "DSA-1669", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1669" - }, - { - "name" : "DSA-1697", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1697" - }, - { - "name" : "DSA-1696", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1696" - }, - { - "name" : "DSA-1649", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1649" - }, - { - "name" : "FEDORA-2008-8401", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html" - }, - { - "name" : "FEDORA-2008-8429", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html" - }, - { - "name" : "MDVSA-2008:205", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:205" - }, - { - "name" : "MDVSA-2008:206", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:206" - }, - { - "name" : "RHSA-2008:0908", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0908.html" - }, - { - "name" : "RHSA-2008:0882", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0882.html" - }, - { - "name" : "SSA:2008-269-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232" - }, - { - "name" : "SSA:2008-269-02", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422" - }, - { - "name" : "SSA:2008-270-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123" - }, - { - "name" : "256408", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" - }, - { - "name" : "SUSE-SA:2008:050", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html" - }, - { - "name" : "USN-647-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-647-1" - }, - { - "name" : "USN-645-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-645-1" - }, - { - "name" : "USN-645-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-645-2" - }, - { - "name" : "31346", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31346" - }, - { - "name" : "oval:org.mitre.oval:def:9529", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9529" - }, - { - "name" : "34501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34501" - }, - { - "name" : "32185", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32185" - }, - { - "name" : "32196", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32196" - }, - { - "name" : "ADV-2008-2661", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2661" - }, - { - "name" : "1020915", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020915" - }, - { - "name" : "32042", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32042" - }, - { - "name" : "32025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32025" - }, - { - "name" : "32092", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32092" - }, - { - "name" : "32144", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32144" - }, - { - "name" : "32044", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32044" - }, - { - "name" : "32082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32082" - }, - { - "name" : "32845", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32845" - }, - { - "name" : "31984", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31984" - }, - { - "name" : "31985", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31985" - }, - { - "name" : "32007", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32007" - }, - { - "name" : "32010", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32010" - }, - { - "name" : "32012", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32012" - }, - { - "name" : "33433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33433" - }, - { - "name" : "33434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33434" - }, - { - "name" : "ADV-2009-0977", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0977" - }, - { - "name" : "firefox2-xpcnativewrappers-code-execution(45352)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45352" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to \"pollute XPCNativeWrappers\" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32025" + }, + { + "name": "SSA:2008-269-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232" + }, + { + "name": "DSA-1697", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1697" + }, + { + "name": "FEDORA-2008-8401", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html" + }, + { + "name": "USN-645-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-645-1" + }, + { + "name": "MDVSA-2008:206", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:206" + }, + { + "name": "32144", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32144" + }, + { + "name": "32010", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32010" + }, + { + "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-41.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-41.html" + }, + { + "name": "ADV-2009-0977", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0977" + }, + { + "name": "USN-645-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-645-2" + }, + { + "name": "31346", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31346" + }, + { + "name": "31985", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31985" + }, + { + "name": "SUSE-SA:2008:050", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html" + }, + { + "name": "31984", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31984" + }, + { + "name": "32185", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32185" + }, + { + "name": "32196", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32196" + }, + { + "name": "firefox2-xpcnativewrappers-code-execution(45352)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45352" + }, + { + "name": "DSA-1669", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1669" + }, + { + "name": "32042", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32042" + }, + { + "name": "33433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33433" + }, + { + "name": "ADV-2008-2661", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2661" + }, + { + "name": "SSA:2008-269-02", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422" + }, + { + "name": "256408", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" + }, + { + "name": "32092", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32092" + }, + { + "name": "MDVSA-2008:205", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:205" + }, + { + "name": "DSA-1696", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1696" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=419848", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=419848" + }, + { + "name": "http://download.novell.com/Download?buildid=WZXONb-tqBw~", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=WZXONb-tqBw~" + }, + { + "name": "FEDORA-2008-8429", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html" + }, + { + "name": "1020915", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020915" + }, + { + "name": "USN-647-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-647-1" + }, + { + "name": "32007", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32007" + }, + { + "name": "RHSA-2008:0882", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0882.html" + }, + { + "name": "32845", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32845" + }, + { + "name": "DSA-1649", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1649" + }, + { + "name": "oval:org.mitre.oval:def:9529", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9529" + }, + { + "name": "32012", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32012" + }, + { + "name": "33434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33434" + }, + { + "name": "SSA:2008-270-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123" + }, + { + "name": "32044", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32044" + }, + { + "name": "RHSA-2008:0908", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0908.html" + }, + { + "name": "34501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34501" + }, + { + "name": "32082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32082" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4907.json b/2008/4xxx/CVE-2008-4907.json index e4812c98198..1da6fcadb1d 100644 --- a/2008/4xxx/CVE-2008-4907.json +++ b/2008/4xxx/CVE-2008-4907.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka \"invalid message address parsing bug.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Dovecot-news] 20081030 v1.1.6 released", - "refsource" : "MLIST", - "url" : "http://www.dovecot.org/list/dovecot-news/2008-October/000089.html" - }, - { - "name" : "GLSA-200812-16", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200812-16.xml" - }, - { - "name" : "USN-666-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-666-1" - }, - { - "name" : "31997", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31997" - }, - { - "name" : "32479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32479" - }, - { - "name" : "32677", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32677" - }, - { - "name" : "33149", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33149" - }, - { - "name" : "dovecot-mail-header-dos(46227)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46227" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka \"invalid message address parsing bug.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[Dovecot-news] 20081030 v1.1.6 released", + "refsource": "MLIST", + "url": "http://www.dovecot.org/list/dovecot-news/2008-October/000089.html" + }, + { + "name": "33149", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33149" + }, + { + "name": "dovecot-mail-header-dos(46227)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46227" + }, + { + "name": "USN-666-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-666-1" + }, + { + "name": "31997", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31997" + }, + { + "name": "GLSA-200812-16", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200812-16.xml" + }, + { + "name": "32677", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32677" + }, + { + "name": "32479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32479" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6490.json b/2008/6xxx/CVE-2008-6490.json index 2c5ca2feedd..2cf98737868 100644 --- a/2008/6xxx/CVE-2008-6490.json +++ b/2008/6xxx/CVE-2008-6490.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6490", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "function/update_xml.php in FLABER 1.1 and earlier allows remote attackers to overwrite arbitrary files by specifying the target filename in the target_file parameter. NOTE: this can be leveraged for code execution by overwriting a PHP file, as demonstrated using function/upload_file.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6490", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5407", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5407" - }, - { - "name" : "ADV-2008-1163", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1163/references" - }, - { - "name" : "flaber-updatexml-code-execution(41715)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41715" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "function/update_xml.php in FLABER 1.1 and earlier allows remote attackers to overwrite arbitrary files by specifying the target filename in the target_file parameter. NOTE: this can be leveraged for code execution by overwriting a PHP file, as demonstrated using function/upload_file.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5407", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5407" + }, + { + "name": "flaber-updatexml-code-execution(41715)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41715" + }, + { + "name": "ADV-2008-1163", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1163/references" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6847.json b/2008/6xxx/CVE-2008-6847.json index e90b45ff55e..16322a2b496 100644 --- a/2008/6xxx/CVE-2008-6847.json +++ b/2008/6xxx/CVE-2008-6847.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Employee/emp_login.asp in Pre ASP Job Board allows remote attackers to inject arbitrary web script or HTML via the msg parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0812-exploits/preaspjob-xsscm.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0812-exploits/preaspjob-xsscm.txt" - }, - { - "name" : "32572", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32572" - }, - { - "name" : "preaspjobboard-emplogin-xss(47007)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47007" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Employee/emp_login.asp in Pre ASP Job Board allows remote attackers to inject arbitrary web script or HTML via the msg parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32572", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32572" + }, + { + "name": "http://packetstormsecurity.org/0812-exploits/preaspjob-xsscm.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0812-exploits/preaspjob-xsscm.txt" + }, + { + "name": "preaspjobboard-emplogin-xss(47007)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47007" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6968.json b/2008/6xxx/CVE-2008-6968.json index fd82f2ccb8c..707af888733 100644 --- a/2008/6xxx/CVE-2008-6968.json +++ b/2008/6xxx/CVE-2008-6968.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9.5 allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.digitrustgroup.com/advisories/web-application-security-pligg", - "refsource" : "MISC", - "url" : "http://www.digitrustgroup.com/advisories/web-application-security-pligg" - }, - { - "name" : "31062", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31062" - }, - { - "name" : "pligg-submit-sql-injection(45086)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45086" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9.5 allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31062", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31062" + }, + { + "name": "http://www.digitrustgroup.com/advisories/web-application-security-pligg", + "refsource": "MISC", + "url": "http://www.digitrustgroup.com/advisories/web-application-security-pligg" + }, + { + "name": "pligg-submit-sql-injection(45086)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45086" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2309.json b/2013/2xxx/CVE-2013-2309.json index 5a1e7404d8d..676b13928db 100644 --- a/2013/2xxx/CVE-2013-2309.json +++ b/2013/2xxx/CVE-2013-2309.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the management screen in OpenPNE 3.4.x before 3.4.21.1, 3.6.x before 3.6.9.1, and 3.8.x before 3.8.5.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the \"mobile version color scheme.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-2309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openpne.jp/archives/11096/", - "refsource" : "CONFIRM", - "url" : "http://www.openpne.jp/archives/11096/" - }, - { - "name" : "JVN#18501376", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN18501376/index.html" - }, - { - "name" : "JVNDB-2013-000038", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the management screen in OpenPNE 3.4.x before 3.4.21.1, 3.6.x before 3.6.9.1, and 3.8.x before 3.8.5.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the \"mobile version color scheme.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.openpne.jp/archives/11096/", + "refsource": "CONFIRM", + "url": "http://www.openpne.jp/archives/11096/" + }, + { + "name": "JVNDB-2013-000038", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000038" + }, + { + "name": "JVN#18501376", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN18501376/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2396.json b/2013/2xxx/CVE-2013-2396.json index 736b4d6c515..155a5fd85ad 100644 --- a/2013/2xxx/CVE-2013-2396.json +++ b/2013/2xxx/CVE-2013-2396.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via vectors related to HTML OAM client." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-2396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via vectors related to HTML OAM client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2675.json b/2013/2xxx/CVE-2013-2675.json index 4edc1d4a1db..da4574819fe 100644 --- a/2013/2xxx/CVE-2013-2675.json +++ b/2013/2xxx/CVE-2013-2675.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2675", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2675", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2677.json b/2013/2xxx/CVE-2013-2677.json index 0809cc5af23..600022e922e 100644 --- a/2013/2xxx/CVE-2013-2677.json +++ b/2013/2xxx/CVE-2013-2677.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2677", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2677", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6391.json b/2013/6xxx/CVE-2013-6391.json index 7d3f572414e..fc8bb94ce4a 100644 --- a/2013/6xxx/CVE-2013-6391.json +++ b/2013/6xxx/CVE-2013-6391.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131211 [OSSA 2013-032] Keystone trust circumvention through EC2-style tokens (CVE-2013-6391)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/12/11/7" - }, - { - "name" : "https://bugs.launchpad.net/keystone/+bug/1242597", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/keystone/+bug/1242597" - }, - { - "name" : "RHSA-2014:0089", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0089.html" - }, - { - "name" : "USN-2061-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2061-1" - }, - { - "name" : "64253", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64253" - }, - { - "name" : "56079", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56079" - }, - { - "name" : "56154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56154" - }, - { - "name" : "keystone-cve20136391-sec-bypass(89657)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2061-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2061-1" + }, + { + "name": "64253", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64253" + }, + { + "name": "[oss-security] 20131211 [OSSA 2013-032] Keystone trust circumvention through EC2-style tokens (CVE-2013-6391)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/12/11/7" + }, + { + "name": "56154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56154" + }, + { + "name": "56079", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56079" + }, + { + "name": "RHSA-2014:0089", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0089.html" + }, + { + "name": "https://bugs.launchpad.net/keystone/+bug/1242597", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/keystone/+bug/1242597" + }, + { + "name": "keystone-cve20136391-sec-bypass(89657)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89657" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6800.json b/2013/6xxx/CVE-2013-6800.json index 1c96e7c9444..00b28577eab 100644 --- a/2013/6xxx/CVE-2013-6800.json +++ b/2013/6xxx/CVE-2013-6800.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757", - "refsource" : "CONFIRM", - "url" : "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757" - }, - { - "name" : "https://github.com/krb5/krb5/commit/c2ccf4197f697c4ff143b8a786acdd875e70a89d", - "refsource" : "CONFIRM", - "url" : "https://github.com/krb5/krb5/commit/c2ccf4197f697c4ff143b8a786acdd875e70a89d" - }, - { - "name" : "63770", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63770" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/krb5/krb5/commit/c2ccf4197f697c4ff143b8a786acdd875e70a89d", + "refsource": "CONFIRM", + "url": "https://github.com/krb5/krb5/commit/c2ccf4197f697c4ff143b8a786acdd875e70a89d" + }, + { + "name": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757", + "refsource": "CONFIRM", + "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757" + }, + { + "name": "63770", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63770" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11001.json b/2017/11xxx/CVE-2017-11001.json index 4e2b9818ee6..967092bab03 100644 --- a/2017/11xxx/CVE-2017-11001.json +++ b/2017/11xxx/CVE-2017-11001.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-11001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, the length of the MAC address is not checked which may cause out of bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-11001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "100658", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, the length of the MAC address is not checked which may cause out of bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + }, + { + "name": "100658", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100658" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11203.json b/2017/11xxx/CVE-2017-11203.json index 5984f940098..a868e3e5d9c 100644 --- a/2017/11xxx/CVE-2017-11203.json +++ b/2017/11xxx/CVE-2017-11203.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11203", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11203", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11465.json b/2017/11xxx/CVE-2017-11465.json index bc9d7002788..0ad0cfba9fd 100644 --- a/2017/11xxx/CVE-2017-11465.json +++ b/2017/11xxx/CVE-2017-11465.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.ruby-lang.org/issues/13742", - "refsource" : "MISC", - "url" : "https://bugs.ruby-lang.org/issues/13742" - }, - { - "name" : "https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/59344", - "refsource" : "MISC", - "url" : "https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/59344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.ruby-lang.org/issues/13742", + "refsource": "MISC", + "url": "https://bugs.ruby-lang.org/issues/13742" + }, + { + "name": "https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/59344", + "refsource": "MISC", + "url": "https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/59344" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11771.json b/2017/11xxx/CVE-2017-11771.json index 7805d7f802b..6c84e267900 100644 --- a/2017/11xxx/CVE-2017-11771.json +++ b/2017/11xxx/CVE-2017-11771.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-11771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Search", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka \"Windows Search Remote Code Execution Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-11771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Search", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11771", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11771" - }, - { - "name" : "101114", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101114" - }, - { - "name" : "1039538", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039538" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka \"Windows Search Remote Code Execution Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11771", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11771" + }, + { + "name": "101114", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101114" + }, + { + "name": "1039538", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039538" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11935.json b/2017/11xxx/CVE-2017-11935.json index ee3d79c1439..50c03c5600a 100644 --- a/2017/11xxx/CVE-2017-11935.json +++ b/2017/11xxx/CVE-2017-11935.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-12-12T00:00:00", - "ID" : "CVE-2017-11935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Office", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Office 2016 Click-to-Run (C2R)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-12-12T00:00:00", + "ID": "CVE-2017-11935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "Microsoft Office 2016 Click-to-Run (C2R)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11935", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11935" - }, - { - "name" : "102067", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102067" - }, - { - "name" : "1039989", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039989" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039989", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039989" + }, + { + "name": "102067", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102067" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11935", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11935" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14201.json b/2017/14xxx/CVE-2017-14201.json index 58ee5796e72..704f649ff32 100644 --- a/2017/14xxx/CVE-2017-14201.json +++ b/2017/14xxx/CVE-2017-14201.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14201", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14201", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14258.json b/2017/14xxx/CVE-2017-14258.json index 71101180cd8..c3ac9931edb 100644 --- a/2017/14xxx/CVE-2017-14258.json +++ b/2017/14xxx/CVE-2017-14258.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the SDK in Bento4 1.5.0-616, SetItemCount in Core/Ap4StscAtom.h file contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/axiomatic-systems/Bento4/issues/181", - "refsource" : "CONFIRM", - "url" : "https://github.com/axiomatic-systems/Bento4/issues/181" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the SDK in Bento4 1.5.0-616, SetItemCount in Core/Ap4StscAtom.h file contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/axiomatic-systems/Bento4/issues/181", + "refsource": "CONFIRM", + "url": "https://github.com/axiomatic-systems/Bento4/issues/181" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14792.json b/2017/14xxx/CVE-2017-14792.json index 81539d28c1e..37a4075b831 100644 --- a/2017/14xxx/CVE-2017-14792.json +++ b/2017/14xxx/CVE-2017-14792.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14792", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-14792", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14957.json b/2017/14xxx/CVE-2017-14957.json index 5b6a4be61e4..82c2e08362c 100644 --- a/2017/14xxx/CVE-2017-14957.json +++ b/2017/14xxx/CVE-2017-14957.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14957", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can (for example) change global settings or create/delete posts. It is also possible to execute JavaScript against unauthenticated users of the blog." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14957", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2017/10/01/1", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2017/10/01/1" - }, - { - "name" : "https://github.com/BlogoText/blogotext/issues/318", - "refsource" : "MISC", - "url" : "https://github.com/BlogoText/blogotext/issues/318" - }, - { - "name" : "https://github.com/BlogoText/blogotext/pull/320/commits/1a283cc8ad2cda37e0a6aff8f4558b98ecbfd9c2", - "refsource" : "MISC", - "url" : "https://github.com/BlogoText/blogotext/pull/320/commits/1a283cc8ad2cda37e0a6aff8f4558b98ecbfd9c2" - }, - { - "name" : "https://github.com/BlogoText/blogotext/releases/tag/3.7.6", - "refsource" : "MISC", - "url" : "https://github.com/BlogoText/blogotext/releases/tag/3.7.6" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can (for example) change global settings or create/delete posts. It is also possible to execute JavaScript against unauthenticated users of the blog." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlogoText/blogotext/issues/318", + "refsource": "MISC", + "url": "https://github.com/BlogoText/blogotext/issues/318" + }, + { + "name": "https://github.com/BlogoText/blogotext/pull/320/commits/1a283cc8ad2cda37e0a6aff8f4558b98ecbfd9c2", + "refsource": "MISC", + "url": "https://github.com/BlogoText/blogotext/pull/320/commits/1a283cc8ad2cda37e0a6aff8f4558b98ecbfd9c2" + }, + { + "name": "https://github.com/BlogoText/blogotext/releases/tag/3.7.6", + "refsource": "MISC", + "url": "https://github.com/BlogoText/blogotext/releases/tag/3.7.6" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/10/01/1", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2017/10/01/1" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15265.json b/2017/15xxx/CVE-2017-15265.json index ed731fd0459..e31f2976639 100644 --- a/2017/15xxx/CVE-2017-15265.json +++ b/2017/15xxx/CVE-2017-15265.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15265", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[alsa-devel] 20171011 [PATCH] ALSA: seq: Fix use-after-free at creating a port", - "refsource" : "MLIST", - "url" : "http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html" - }, - { - "name" : "[oss-security] 20171011 Linux kernel: alsa: use-after-free in /dev/snd/seq CVE-2017-15265", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/10/11/3" - }, - { - "name" : "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71105998845fb012937332fe2e806d443c09e026", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71105998845fb012937332fe2e806d443c09e026" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8" - }, - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1062520", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1062520" - }, - { - "name" : "https://github.com/torvalds/linux/commit/71105998845fb012937332fe2e806d443c09e026", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/71105998845fb012937332fe2e806d443c09e026" - }, - { - "name" : "https://source.android.com/security/bulletin/2018-02-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-02-01" - }, - { - "name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", - "refsource" : "CONFIRM", - "url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" - }, - { - "name" : "RHSA-2018:0676", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0676" - }, - { - "name" : "RHSA-2018:1062", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1062" - }, - { - "name" : "RHSA-2018:1130", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1130" - }, - { - "name" : "RHSA-2018:1170", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1170" - }, - { - "name" : "RHSA-2018:2390", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2390" - }, - { - "name" : "RHSA-2018:3822", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3822" - }, - { - "name" : "RHSA-2018:3823", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3823" - }, - { - "name" : "USN-3698-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3698-2/" - }, - { - "name" : "USN-3698-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3698-1/" - }, - { - "name" : "101288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101288" - }, - { - "name" : "1039561", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039561" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20171011 Linux kernel: alsa: use-after-free in /dev/snd/seq CVE-2017-15265", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/10/11/3" + }, + { + "name": "101288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101288" + }, + { + "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/71105998845fb012937332fe2e806d443c09e026", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/71105998845fb012937332fe2e806d443c09e026" + }, + { + "name": "RHSA-2018:2390", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2390" + }, + { + "name": "1039561", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039561" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71105998845fb012937332fe2e806d443c09e026", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71105998845fb012937332fe2e806d443c09e026" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8" + }, + { + "name": "RHSA-2018:1062", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1062" + }, + { + "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", + "refsource": "CONFIRM", + "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" + }, + { + "name": "RHSA-2018:3823", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3823" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1062520", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1062520" + }, + { + "name": "RHSA-2018:0676", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0676" + }, + { + "name": "https://source.android.com/security/bulletin/2018-02-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-02-01" + }, + { + "name": "[alsa-devel] 20171011 [PATCH] ALSA: seq: Fix use-after-free at creating a port", + "refsource": "MLIST", + "url": "http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html" + }, + { + "name": "RHSA-2018:1170", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1170" + }, + { + "name": "USN-3698-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3698-1/" + }, + { + "name": "RHSA-2018:1130", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1130" + }, + { + "name": "RHSA-2018:3822", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3822" + }, + { + "name": "USN-3698-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3698-2/" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15295.json b/2017/15xxx/CVE-2017-15295.json index 7c87196343d..975835338f9 100644 --- a/2017/15xxx/CVE-2017-15295.json +++ b/2017/15xxx/CVE-2017-15295.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.sap.com/2017/09/12/sap-security-patch-day-september-2017/", - "refsource" : "MISC", - "url" : "https://blogs.sap.com/2017/09/12/sap-security-patch-day-september-2017/" - }, - { - "name" : "https://erpscan.io/advisories/erpscan-17-033-sap-pos-missing-authentication-xpressserver/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-17-033-sap-pos-missing-authentication-xpressserver/" - }, - { - "name" : "https://erpscan.io/research/hacking-sap-pos/", - "refsource" : "MISC", - "url" : "https://erpscan.io/research/hacking-sap-pos/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://erpscan.io/research/hacking-sap-pos/", + "refsource": "MISC", + "url": "https://erpscan.io/research/hacking-sap-pos/" + }, + { + "name": "https://blogs.sap.com/2017/09/12/sap-security-patch-day-september-2017/", + "refsource": "MISC", + "url": "https://blogs.sap.com/2017/09/12/sap-security-patch-day-september-2017/" + }, + { + "name": "https://erpscan.io/advisories/erpscan-17-033-sap-pos-missing-authentication-xpressserver/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-17-033-sap-pos-missing-authentication-xpressserver/" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15832.json b/2017/15xxx/CVE-2017-15832.json index a5cbbd9acae..89f3d637f1d 100644 --- a/2017/15xxx/CVE-2017-15832.json +++ b/2017/15xxx/CVE-2017-15832.json @@ -1,19 +1,19 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2017-15832", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2017-15832", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15911.json b/2017/15xxx/CVE-2017-15911.json index a37aa5a9eb4..fad6ae5772b 100644 --- a/2017/15xxx/CVE-2017-15911.json +++ b/2017/15xxx/CVE-2017-15911.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://becomepentester.blogspot.ae/2017/10/Cross-Site-Scripting-Openfire-4.1.6-CVE-2017-15911.html", - "refsource" : "MISC", - "url" : "https://becomepentester.blogspot.ae/2017/10/Cross-Site-Scripting-Openfire-4.1.6-CVE-2017-15911.html" - }, - { - "name" : "https://issues.igniterealtime.org/browse/OF-1417", - "refsource" : "MISC", - "url" : "https://issues.igniterealtime.org/browse/OF-1417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://becomepentester.blogspot.ae/2017/10/Cross-Site-Scripting-Openfire-4.1.6-CVE-2017-15911.html", + "refsource": "MISC", + "url": "https://becomepentester.blogspot.ae/2017/10/Cross-Site-Scripting-Openfire-4.1.6-CVE-2017-15911.html" + }, + { + "name": "https://issues.igniterealtime.org/browse/OF-1417", + "refsource": "MISC", + "url": "https://issues.igniterealtime.org/browse/OF-1417" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15965.json b/2017/15xxx/CVE-2017-15965.json index db211ac751a..e33e1244214 100644 --- a/2017/15xxx/CVE-2017-15965.json +++ b/2017/15xxx/CVE-2017-15965.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15965", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15965", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43094", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43094/" - }, - { - "name" : "https://packetstormsecurity.com/files/144435/Joomla-NS-Download-Shop-2.2.6-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/144435/Joomla-NS-Download-Shop-2.2.6-SQL-Injection.html" - }, - { - "name" : "101624", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101624" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/144435/Joomla-NS-Download-Shop-2.2.6-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/144435/Joomla-NS-Download-Shop-2.2.6-SQL-Injection.html" + }, + { + "name": "101624", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101624" + }, + { + "name": "43094", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43094/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9216.json b/2017/9xxx/CVE-2017-9216.json index 31eb1c9c508..b606f724761 100644 --- a/2017/9xxx/CVE-2017-9216.json +++ b/2017/9xxx/CVE-2017-9216.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=697934", - "refsource" : "MISC", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=697934" - }, - { - "name" : "98680", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98680", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98680" + }, + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=697934", + "refsource": "MISC", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697934" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9290.json b/2017/9xxx/CVE-2017-9290.json index 04b70a3c2cb..acbbba01476 100644 --- a/2017/9xxx/CVE-2017-9290.json +++ b/2017/9xxx/CVE-2017-9290.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9290", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9290", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9476.json b/2017/9xxx/CVE-2017-9476.json index 131ee1c1261..78033f3253c 100644 --- a/2017/9xxx/CVE-2017-9476.json +++ b/2017/9xxx/CVE-2017-9476.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices makes it easy for remote attackers to determine the hidden SSID and passphrase for a Home Security Wi-Fi network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-18.home-security-wifi-network.txt", - "refsource" : "MISC", - "url" : "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-18.home-security-wifi-network.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices makes it easy for remote attackers to determine the hidden SSID and passphrase for a Home Security Wi-Fi network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-18.home-security-wifi-network.txt", + "refsource": "MISC", + "url": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-18.home-security-wifi-network.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0429.json b/2018/0xxx/CVE-2018-0429.json index a2732b31652..851e1fbfb11 100644 --- a/2018/0xxx/CVE-2018-0429.json +++ b/2018/0xxx/CVE-2018-0429.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the Cisco Thor decoder before commit 18de8f9f0762c3a542b1122589edb8af859d9813 allows local users to cause a denial of service (segmentation fault) and execute arbitrary code via a crafted non-conformant Thor bitstream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/cisco/thor/commit/18de8f9f0762c3a542b1122589edb8af859d9813", - "refsource" : "CONFIRM", - "url" : "https://github.com/cisco/thor/commit/18de8f9f0762c3a542b1122589edb8af859d9813" - }, - { - "name" : "105059", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105059" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the Cisco Thor decoder before commit 18de8f9f0762c3a542b1122589edb8af859d9813 allows local users to cause a denial of service (segmentation fault) and execute arbitrary code via a crafted non-conformant Thor bitstream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105059", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105059" + }, + { + "name": "https://github.com/cisco/thor/commit/18de8f9f0762c3a542b1122589edb8af859d9813", + "refsource": "CONFIRM", + "url": "https://github.com/cisco/thor/commit/18de8f9f0762c3a542b1122589edb8af859d9813" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0855.json b/2018/0xxx/CVE-2018-0855.json index 3216ba42685..0c675dc3d3c 100644 --- a/2018/0xxx/CVE-2018-0855.json +++ b/2018/0xxx/CVE-2018-0855.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-02-13T00:00:00", - "ID" : "CVE-2018-0855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Embedded OpenType (EOT) font engine", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 7 SP1 and Windows Server 2008 R2 SP1" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka \"Windows EOT Font Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0755, CVE-2018-0760, and CVE-2018-0761." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Important" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-02-13T00:00:00", + "ID": "CVE-2018-0855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Embedded OpenType (EOT) font engine", + "version": { + "version_data": [ + { + "version_value": "Windows 7 SP1 and Windows Server 2008 R2 SP1" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0855", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0855" - }, - { - "name" : "102936", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102936" - }, - { - "name" : "1040374", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040374" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka \"Windows EOT Font Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0755, CVE-2018-0760, and CVE-2018-0761." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Important" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102936", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102936" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0855", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0855" + }, + { + "name": "1040374", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040374" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000156.json b/2018/1000xxx/CVE-2018-1000156.json index 015e529dc51..5009517d7cd 100644 --- a/2018/1000xxx/CVE-2018-1000156.json +++ b/2018/1000xxx/CVE-2018-1000156.json @@ -1,139 +1,139 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "4/5/2018 18:20:32", - "ID" : "CVE-2018-1000156", - "REQUESTER" : "kurt@seifried.org", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Patch", - "version" : { - "version_data" : [ - { - "version_value" : "2.7.6" - } - ] - } - } - ] - }, - "vendor_name" : "GNU" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Other/Unknown" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "4/5/2018 18:20:32", + "ID": "CVE-2018-1000156", + "REQUESTER": "kurt@seifried.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180416 [SECURITY] [DLA 1348-1] patch security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00013.html" - }, - { - "name" : "http://rachelbythebay.com/w/2018/04/05/bangpatch/", - "refsource" : "MISC", - "url" : "http://rachelbythebay.com/w/2018/04/05/bangpatch/" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667#19", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667#19" - }, - { - "name" : "https://twitter.com/kurtseifried/status/982028968877436928", - "refsource" : "MISC", - "url" : "https://twitter.com/kurtseifried/status/982028968877436928" - }, - { - "name" : "https://savannah.gnu.org/bugs/index.php?53566", - "refsource" : "CONFIRM", - "url" : "https://savannah.gnu.org/bugs/index.php?53566" - }, - { - "name" : "RHSA-2018:1199", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1199" - }, - { - "name" : "RHSA-2018:1200", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1200" - }, - { - "name" : "RHSA-2018:2091", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2091" - }, - { - "name" : "RHSA-2018:2092", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2092" - }, - { - "name" : "RHSA-2018:2093", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2093" - }, - { - "name" : "RHSA-2018:2094", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2094" - }, - { - "name" : "RHSA-2018:2095", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2095" - }, - { - "name" : "RHSA-2018:2096", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2096" - }, - { - "name" : "RHSA-2018:2097", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2097" - }, - { - "name" : "USN-3624-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3624-1/" - }, - { - "name" : "USN-3624-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3624-2/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://savannah.gnu.org/bugs/index.php?53566", + "refsource": "CONFIRM", + "url": "https://savannah.gnu.org/bugs/index.php?53566" + }, + { + "name": "[debian-lts-announce] 20180416 [SECURITY] [DLA 1348-1] patch security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00013.html" + }, + { + "name": "USN-3624-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3624-2/" + }, + { + "name": "USN-3624-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3624-1/" + }, + { + "name": "https://twitter.com/kurtseifried/status/982028968877436928", + "refsource": "MISC", + "url": "https://twitter.com/kurtseifried/status/982028968877436928" + }, + { + "name": "http://rachelbythebay.com/w/2018/04/05/bangpatch/", + "refsource": "MISC", + "url": "http://rachelbythebay.com/w/2018/04/05/bangpatch/" + }, + { + "name": "RHSA-2018:2091", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2091" + }, + { + "name": "RHSA-2018:2094", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2094" + }, + { + "name": "RHSA-2018:2093", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2093" + }, + { + "name": "RHSA-2018:1200", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1200" + }, + { + "name": "RHSA-2018:2095", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2095" + }, + { + "name": "RHSA-2018:1199", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1199" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667#19", + "refsource": "MISC", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667#19" + }, + { + "name": "RHSA-2018:2092", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2092" + }, + { + "name": "RHSA-2018:2097", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2097" + }, + { + "name": "RHSA-2018:2096", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2096" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12341.json b/2018/12xxx/CVE-2018-12341.json index d86a247a994..6dec928a11a 100644 --- a/2018/12xxx/CVE-2018-12341.json +++ b/2018/12xxx/CVE-2018-12341.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12341", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12341", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12581.json b/2018/12xxx/CVE-2018-12581.json index 6008ad1d1e8..58d82040952 100644 --- a/2018/12xxx/CVE-2018-12581.json +++ b/2018/12xxx/CVE-2018-12581.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.phpmyadmin.net/security/PMASA-2018-3/", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyadmin.net/security/PMASA-2018-3/" - }, - { - "name" : "104530", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104530" - }, - { - "name" : "1041187", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041187" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104530", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104530" + }, + { + "name": "1041187", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041187" + }, + { + "name": "https://www.phpmyadmin.net/security/PMASA-2018-3/", + "refsource": "CONFIRM", + "url": "https://www.phpmyadmin.net/security/PMASA-2018-3/" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16652.json b/2018/16xxx/CVE-2018-16652.json index f2980ef9b27..f2f030705dd 100644 --- a/2018/16xxx/CVE-2018-16652.json +++ b/2018/16xxx/CVE-2018-16652.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16652", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16652", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16850.json b/2018/16xxx/CVE-2018-16850.json index ec739f12fe9..a8c662b2023 100644 --- a/2018/16xxx/CVE-2018-16850.json +++ b/2018/16xxx/CVE-2018-16850.json @@ -1,105 +1,105 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psampaio@redhat.com", - "ID" : "CVE-2018-16850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "postgresql", - "version" : { - "version_data" : [ - { - "version_value" : "11.1" - }, - { - "version_value" : "10.6" - } - ] - } - } - ] - }, - "vendor_name" : "The PostgreSQL Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "8/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-89" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-16850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "postgresql", + "version": { + "version_data": [ + { + "version_value": "11.1" + }, + { + "version_value": "10.6" + } + ] + } + } + ] + }, + "vendor_name": "The PostgreSQL Project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850" - }, - { - "name" : "https://www.postgresql.org/about/news/1905/", - "refsource" : "CONFIRM", - "url" : "https://www.postgresql.org/about/news/1905/" - }, - { - "name" : "GLSA-201811-24", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-24" - }, - { - "name" : "RHSA-2018:3757", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3757" - }, - { - "name" : "USN-3818-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3818-1/" - }, - { - "name" : "105923", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105923" - }, - { - "name" : "1042144", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "8/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3818-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3818-1/" + }, + { + "name": "RHSA-2018:3757", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3757" + }, + { + "name": "https://www.postgresql.org/about/news/1905/", + "refsource": "CONFIRM", + "url": "https://www.postgresql.org/about/news/1905/" + }, + { + "name": "1042144", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042144" + }, + { + "name": "GLSA-201811-24", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-24" + }, + { + "name": "105923", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105923" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17996.json b/2018/17xxx/CVE-2018-17996.json index 9f175930986..e7aff2279a1 100644 --- a/2018/17xxx/CVE-2018-17996.json +++ b/2018/17xxx/CVE-2018-17996.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17996", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151694/LayerBB-1.1.2-Cross-Site-Request-Forgery.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151694/LayerBB-1.1.2-Cross-Site-Request-Forgery.html" + }, + { + "refsource": "EXPLOIT-DB", + "name": "46379", + "url": "https://www.exploit-db.com/exploits/46379/" + }, + { + "url": "https://github.com/AndyRixon/LayerBB/commits/master", + "refsource": "MISC", + "name": "https://github.com/AndyRixon/LayerBB/commits/master" } ] } diff --git a/2018/4xxx/CVE-2018-4018.json b/2018/4xxx/CVE-2018-4018.json index f1af655e6b4..eb7c9dc802a 100644 --- a/2018/4xxx/CVE-2018-4018.json +++ b/2018/4xxx/CVE-2018-4018.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4018", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4018", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4068.json b/2018/4xxx/CVE-2018-4068.json index e210a3d04b6..a46743d0e8d 100644 --- a/2018/4xxx/CVE-2018-4068.json +++ b/2018/4xxx/CVE-2018-4068.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4068", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4068", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4514.json b/2018/4xxx/CVE-2018-4514.json index 4140d44a7f3..619ea69a364 100644 --- a/2018/4xxx/CVE-2018-4514.json +++ b/2018/4xxx/CVE-2018-4514.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4514", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4514", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4768.json b/2018/4xxx/CVE-2018-4768.json index 19ecee46f52..1e508146203 100644 --- a/2018/4xxx/CVE-2018-4768.json +++ b/2018/4xxx/CVE-2018-4768.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4768", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4768", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file