From b1e9113cf1640870b55b0a223a914cfec9e865a3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:50:08 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/0xxx/CVE-2004-0443.json | 34 +-- 2004/1xxx/CVE-2004-1020.json | 190 ++++++------- 2004/1xxx/CVE-2004-1573.json | 160 +++++------ 2004/1xxx/CVE-2004-1907.json | 170 ++++++------ 2004/1xxx/CVE-2004-1996.json | 140 +++++----- 2008/0xxx/CVE-2008-0094.json | 180 ++++++------- 2008/3xxx/CVE-2008-3079.json | 150 +++++------ 2008/3xxx/CVE-2008-3496.json | 180 ++++++------- 2008/4xxx/CVE-2008-4210.json | 420 ++++++++++++++--------------- 2008/4xxx/CVE-2008-4439.json | 150 +++++------ 2008/4xxx/CVE-2008-4534.json | 170 ++++++------ 2008/4xxx/CVE-2008-4796.json | 240 ++++++++--------- 2008/6xxx/CVE-2008-6042.json | 150 +++++------ 2008/6xxx/CVE-2008-6083.json | 150 +++++------ 2008/7xxx/CVE-2008-7309.json | 130 ++++----- 2013/2xxx/CVE-2013-2590.json | 34 +-- 2013/2xxx/CVE-2013-2628.json | 140 +++++----- 2013/2xxx/CVE-2013-2790.json | 120 ++++----- 2013/2xxx/CVE-2013-2931.json | 360 ++++++++++++------------- 2013/6xxx/CVE-2013-6082.json | 34 +-- 2013/6xxx/CVE-2013-6138.json | 34 +-- 2013/6xxx/CVE-2013-6973.json | 170 ++++++------ 2017/10xxx/CVE-2017-10047.json | 142 +++++----- 2017/10xxx/CVE-2017-10328.json | 182 ++++++------- 2017/11xxx/CVE-2017-11658.json | 140 +++++----- 2017/14xxx/CVE-2017-14178.json | 148 +++++----- 2017/14xxx/CVE-2017-14340.json | 190 ++++++------- 2017/14xxx/CVE-2017-14600.json | 120 ++++----- 2017/14xxx/CVE-2017-14770.json | 130 ++++----- 2017/14xxx/CVE-2017-14805.json | 34 +-- 2017/15xxx/CVE-2017-15096.json | 122 ++++----- 2017/15xxx/CVE-2017-15285.json | 120 ++++----- 2017/15xxx/CVE-2017-15340.json | 120 ++++----- 2017/15xxx/CVE-2017-15584.json | 34 +-- 2017/15xxx/CVE-2017-15683.json | 34 +-- 2017/15xxx/CVE-2017-15685.json | 34 +-- 2017/9xxx/CVE-2017-9033.json | 160 +++++------ 2017/9xxx/CVE-2017-9145.json | 120 ++++----- 2017/9xxx/CVE-2017-9197.json | 120 ++++----- 2017/9xxx/CVE-2017-9608.json | 180 ++++++------- 2018/0xxx/CVE-2018-0136.json | 140 +++++----- 2018/0xxx/CVE-2018-0318.json | 140 +++++----- 2018/0xxx/CVE-2018-0332.json | 140 +++++----- 2018/0xxx/CVE-2018-0501.json | 150 +++++------ 2018/0xxx/CVE-2018-0642.json | 130 ++++----- 2018/0xxx/CVE-2018-0865.json | 34 +-- 2018/1000xxx/CVE-2018-1000033.json | 134 ++++----- 2018/12xxx/CVE-2018-12547.json | 162 +++++------ 2018/16xxx/CVE-2018-16493.json | 120 ++++----- 2018/16xxx/CVE-2018-16808.json | 120 ++++----- 2018/19xxx/CVE-2018-19511.json | 53 +++- 2018/4xxx/CVE-2018-4394.json | 34 +-- 52 files changed, 3521 insertions(+), 3472 deletions(-) diff --git a/2004/0xxx/CVE-2004-0443.json b/2004/0xxx/CVE-2004-0443.json index 47251924ba8..69df0f51e4f 100644 --- a/2004/0xxx/CVE-2004-0443.json +++ b/2004/0xxx/CVE-2004-0443.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0443", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0443", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1020.json b/2004/1xxx/CVE-2004-1020.json index 10ea05f3ecd..63e87c6075b 100644 --- a/2004/1xxx/CVE-2004-1020.json +++ b/2004/1xxx/CVE-2004-1020.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are otherwise protected by the magic_quotes_gpc mechanism. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041216 PHP Input Validation Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/384663" - }, - { - "name" : "http://www.php.net/release_4_3_10.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/release_4_3_10.php" - }, - { - "name" : "CLA-2005:915", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000915" - }, - { - "name" : "GLSA-200412-14", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200412-14.xml" - }, - { - "name" : "HPSBMA01212", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/advisories/9028" - }, - { - "name" : "MDKSA-2004:151", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:151" - }, - { - "name" : "11981", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11981" - }, - { - "name" : "php-addslashes-view-files(18516)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18516" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are otherwise protected by the magic_quotes_gpc mechanism. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "php-addslashes-view-files(18516)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18516" + }, + { + "name": "http://www.php.net/release_4_3_10.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/release_4_3_10.php" + }, + { + "name": "MDKSA-2004:151", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:151" + }, + { + "name": "11981", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11981" + }, + { + "name": "20041216 PHP Input Validation Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/384663" + }, + { + "name": "CLA-2005:915", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000915" + }, + { + "name": "GLSA-200412-14", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-14.xml" + }, + { + "name": "HPSBMA01212", + "refsource": "HP", + "url": "http://www.securityfocus.com/advisories/9028" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1573.json b/2004/1xxx/CVE-2004-1573.json index 67c5d9c5107..02dd5b0d58a 100644 --- a/2004/1xxx/CVE-2004-1573.json +++ b/2004/1xxx/CVE-2004-1573.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The documentation for AJ-Fork 167 implies that users should set permissions for users.db.php to 777, which allows local users to execute arbitrary PHP code and gain privileges as the administrator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041001 Multiple Vulnerabilities in AJ-Fork", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109664986210763&w=2" - }, - { - "name" : "http://echo.or.id/adv/adv07-y3dips-2004.txt", - "refsource" : "MISC", - "url" : "http://echo.or.id/adv/adv07-y3dips-2004.txt" - }, - { - "name" : "11301", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11301" - }, - { - "name" : "1011484", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011484" - }, - { - "name" : "aj-fork-usersdbphp-write-access(17571)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The documentation for AJ-Fork 167 implies that users should set permissions for users.db.php to 777, which allows local users to execute arbitrary PHP code and gain privileges as the administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11301", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11301" + }, + { + "name": "1011484", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011484" + }, + { + "name": "http://echo.or.id/adv/adv07-y3dips-2004.txt", + "refsource": "MISC", + "url": "http://echo.or.id/adv/adv07-y3dips-2004.txt" + }, + { + "name": "20041001 Multiple Vulnerabilities in AJ-Fork", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109664986210763&w=2" + }, + { + "name": "aj-fork-usersdbphp-write-access(17571)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17571" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1907.json b/2004/1xxx/CVE-2004-1907.json index e9e0a2f198f..09aedee89ee 100644 --- a/2004/1xxx/CVE-2004-1907.json +++ b/2004/1xxx/CVE-2004-1907.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Web Filtering functionality in Kerio Personal Firewall (KPF) 4.0.13 allows remote attackers to cause a denial of service (crash) by sending hex-encoded URLs containing \"%13%12%13\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040406 Kerio Personal Firewall 4 and IE 6 \"Bug\"", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-04/0061.html" - }, - { - "name" : "20040407 Kerio Personal Firewall 4.0.13 - Remote DoS (Crash)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108137421524251&w=2" - }, - { - "name" : "http://www.cipher.org.uk/index.php?p=advisories/HEX-Kerio_Personal_Firewall_Remote_DOS_7-04-2004.advisory", - "refsource" : "MISC", - "url" : "http://www.cipher.org.uk/index.php?p=advisories/HEX-Kerio_Personal_Firewall_Remote_DOS_7-04-2004.advisory" - }, - { - "name" : "10075", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10075" - }, - { - "name" : "11331", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11331" - }, - { - "name" : "kerio-pf-webfilter-dos(15821)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15821" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web Filtering functionality in Kerio Personal Firewall (KPF) 4.0.13 allows remote attackers to cause a denial of service (crash) by sending hex-encoded URLs containing \"%13%12%13\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040406 Kerio Personal Firewall 4 and IE 6 \"Bug\"", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-04/0061.html" + }, + { + "name": "20040407 Kerio Personal Firewall 4.0.13 - Remote DoS (Crash)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108137421524251&w=2" + }, + { + "name": "10075", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10075" + }, + { + "name": "11331", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11331" + }, + { + "name": "kerio-pf-webfilter-dos(15821)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15821" + }, + { + "name": "http://www.cipher.org.uk/index.php?p=advisories/HEX-Kerio_Personal_Firewall_Remote_DOS_7-04-2004.advisory", + "refsource": "MISC", + "url": "http://www.cipher.org.uk/index.php?p=advisories/HEX-Kerio_Personal_Firewall_Remote_DOS_7-04-2004.advisory" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1996.json b/2004/1xxx/CVE-2004-1996.json index 2368910a3e2..6c17cb56441 100644 --- a/2004/1xxx/CVE-2004-1996.json +++ b/2004/1xxx/CVE-2004-1996.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script via the size tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040505 SMF SIZE Tag Script Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108377364615934&w=2" - }, - { - "name" : "10281", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10281" - }, - { - "name" : "smf-size-html-injection(16067)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16067" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script via the size tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040505 SMF SIZE Tag Script Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108377364615934&w=2" + }, + { + "name": "10281", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10281" + }, + { + "name": "smf-size-html-injection(16067)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16067" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0094.json b/2008/0xxx/CVE-2008-0094.json index f673f180b18..3081b7fb24f 100644 --- a/2008/0xxx/CVE-2008-0094.json +++ b/2008/0xxx/CVE-2008-0094.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the as_language parameter to assets/snippets/AjaxSearch/AjaxSearch.php, reached through index-ajax.php; and (2) read arbitrary local files via a .. (dot dot) in the file parameter to assets/js/htcmime.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080102 MODx CMS Source code disclosure, local file inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485707/100/0/threaded" - }, - { - "name" : "http://modxcms.com/forums/index.php/topic,21290.0.html", - "refsource" : "CONFIRM", - "url" : "http://modxcms.com/forums/index.php/topic,21290.0.html" - }, - { - "name" : "27096", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27096" - }, - { - "name" : "27097", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27097" - }, - { - "name" : "28220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28220" - }, - { - "name" : "3522", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3522" - }, - { - "name" : "modx-ajaxsearch-file-include(39352)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39352" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the as_language parameter to assets/snippets/AjaxSearch/AjaxSearch.php, reached through index-ajax.php; and (2) read arbitrary local files via a .. (dot dot) in the file parameter to assets/js/htcmime.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3522", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3522" + }, + { + "name": "28220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28220" + }, + { + "name": "http://modxcms.com/forums/index.php/topic,21290.0.html", + "refsource": "CONFIRM", + "url": "http://modxcms.com/forums/index.php/topic,21290.0.html" + }, + { + "name": "modx-ajaxsearch-file-include(39352)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39352" + }, + { + "name": "27097", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27097" + }, + { + "name": "20080102 MODx CMS Source code disclosure, local file inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485707/100/0/threaded" + }, + { + "name": "27096", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27096" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3079.json b/2008/3xxx/CVE-2008-3079.json index 6299ee99eae..05c9ba79219 100644 --- a/2008/3xxx/CVE-2008-3079.json +++ b/2008/3xxx/CVE-2008-3079.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/windows/951/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/951/" - }, - { - "name" : "ADV-2008-1998", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1998/references" - }, - { - "name" : "30937", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30937" - }, - { - "name" : "opera-unspec-code-execution(43576)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43576" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/windows/951/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/951/" + }, + { + "name": "30937", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30937" + }, + { + "name": "ADV-2008-1998", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1998/references" + }, + { + "name": "opera-unspec-code-execution(43576)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43576" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3496.json b/2008/3xxx/CVE-2008-3496.json index c25e09fd6a4..8ef2e7cb256 100644 --- a/2008/3xxx/CVE-2008-3496.json +++ b/2008/3xxx/CVE-2008-3496.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20080730 [patch 40/62] V4L: uvcvideo: Fix a buffer overflow in format descriptor parsing", - "refsource" : "MLIST", - "url" : "http://lkml.org/lkml/2008/7/30/655" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.1" - }, - { - "name" : "MDVSA-2008:223", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:223" - }, - { - "name" : "SUSE-SR:2008:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html" - }, - { - "name" : "30514", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30514" - }, - { - "name" : "31982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31982" - }, - { - "name" : "linux-kernel-uvcparseformat-bo(44184)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31982" + }, + { + "name": "30514", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30514" + }, + { + "name": "MDVSA-2008:223", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:223" + }, + { + "name": "SUSE-SR:2008:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html" + }, + { + "name": "[linux-kernel] 20080730 [patch 40/62] V4L: uvcvideo: Fix a buffer overflow in format descriptor parsing", + "refsource": "MLIST", + "url": "http://lkml.org/lkml/2008/7/30/655" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.1" + }, + { + "name": "linux-kernel-uvcparseformat-bo(44184)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44184" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4210.json b/2008/4xxx/CVE-2008-4210.json index 874f9cc7046..d5d9a04ad09 100644 --- a/2008/4xxx/CVE-2008-4210.json +++ b/2008/4xxx/CVE-2008-4210.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080924 CVE request: kernel: open() call allows setgid bit when user is not in new file's group", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/24/5" - }, - { - "name" : "[oss-security] 20080924 Re: CVE request: kernel: open() call allows setgid bit when user is not in new file's group", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/24/8" - }, - { - "name" : "http://bugzilla.kernel.org/show_bug.cgi?id=8420", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.kernel.org/show_bug.cgi?id=8420" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=7b82dc0e64e93f430182f36b46b79fcee87d3532", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=7b82dc0e64e93f430182f36b46b79fcee87d3532" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=463661", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=463661" - }, - { - "name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22" - }, - { - "name" : "DSA-1653", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1653" - }, - { - "name" : "MDVSA-2008:220", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:220" - }, - { - "name" : "RHSA-2008:0957", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0957.html" - }, - { - "name" : "RHSA-2008:0972", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-0972.html" - }, - { - "name" : "RHSA-2008:0973", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0973.html" - }, - { - "name" : "RHSA-2008:0787", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0787.html" - }, - { - "name" : "SUSE-SR:2008:025", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html" - }, - { - "name" : "SUSE-SA:2008:057", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html" - }, - { - "name" : "SUSE-SA:2008:056", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.html" - }, - { - "name" : "SUSE-SA:2008:051", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html" - }, - { - "name" : "USN-679-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-679-1" - }, - { - "name" : "31368", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31368" - }, - { - "name" : "oval:org.mitre.oval:def:6386", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6386" - }, - { - "name" : "oval:org.mitre.oval:def:9511", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9511" - }, - { - "name" : "32485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32485" - }, - { - "name" : "32799", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32799" - }, - { - "name" : "32918", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32918" - }, - { - "name" : "32759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32759" - }, - { - "name" : "33201", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33201" - }, - { - "name" : "33280", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33280" - }, - { - "name" : "32237", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32237" - }, - { - "name" : "32344", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32344" - }, - { - "name" : "32356", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32356" - }, - { - "name" : "linux-kernel-open-privilege-escalation(45539)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22" + }, + { + "name": "32485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32485" + }, + { + "name": "31368", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31368" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=7b82dc0e64e93f430182f36b46b79fcee87d3532", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=7b82dc0e64e93f430182f36b46b79fcee87d3532" + }, + { + "name": "32237", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32237" + }, + { + "name": "RHSA-2008:0957", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0957.html" + }, + { + "name": "RHSA-2008:0972", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-0972.html" + }, + { + "name": "[oss-security] 20080924 Re: CVE request: kernel: open() call allows setgid bit when user is not in new file's group", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/24/8" + }, + { + "name": "SUSE-SA:2008:056", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.html" + }, + { + "name": "oval:org.mitre.oval:def:6386", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6386" + }, + { + "name": "33280", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33280" + }, + { + "name": "DSA-1653", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1653" + }, + { + "name": "[oss-security] 20080924 CVE request: kernel: open() call allows setgid bit when user is not in new file's group", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/24/5" + }, + { + "name": "32356", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32356" + }, + { + "name": "32918", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32918" + }, + { + "name": "USN-679-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-679-1" + }, + { + "name": "oval:org.mitre.oval:def:9511", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9511" + }, + { + "name": "32759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32759" + }, + { + "name": "MDVSA-2008:220", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:220" + }, + { + "name": "32344", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32344" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=463661", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463661" + }, + { + "name": "http://bugzilla.kernel.org/show_bug.cgi?id=8420", + "refsource": "CONFIRM", + "url": "http://bugzilla.kernel.org/show_bug.cgi?id=8420" + }, + { + "name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22", + "refsource": "CONFIRM", + "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22" + }, + { + "name": "RHSA-2008:0973", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0973.html" + }, + { + "name": "RHSA-2008:0787", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0787.html" + }, + { + "name": "SUSE-SA:2008:051", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html" + }, + { + "name": "32799", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32799" + }, + { + "name": "linux-kernel-open-privilege-escalation(45539)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45539" + }, + { + "name": "SUSE-SA:2008:057", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html" + }, + { + "name": "SUSE-SR:2008:025", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html" + }, + { + "name": "33201", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33201" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4439.json b/2008/4xxx/CVE-2008-4439.json index dcc21cd664b..2372f1b905f 100644 --- a/2008/4xxx/CVE-2008-4439.json +++ b/2008/4xxx/CVE-2008-4439.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in admin/bin/patch.php in MartinWood Datafeed Studio before 1.6.3 allows remote attackers to execute arbitrary PHP code via a URL in the INSTALL_FOLDER parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.datafeedstudio.com/datafeed-studio-v163-released", - "refsource" : "CONFIRM", - "url" : "http://blog.datafeedstudio.com/datafeed-studio-v163-released" - }, - { - "name" : "http://www.securityfocus.com/bid/30659/exploit", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/bid/30659/exploit" - }, - { - "name" : "30659", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30659" - }, - { - "name" : "datafeedstudio-patch-file-include(44420)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in admin/bin/patch.php in MartinWood Datafeed Studio before 1.6.3 allows remote attackers to execute arbitrary PHP code via a URL in the INSTALL_FOLDER parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securityfocus.com/bid/30659/exploit", + "refsource": "MISC", + "url": "http://www.securityfocus.com/bid/30659/exploit" + }, + { + "name": "http://blog.datafeedstudio.com/datafeed-studio-v163-released", + "refsource": "CONFIRM", + "url": "http://blog.datafeedstudio.com/datafeed-studio-v163-released" + }, + { + "name": "datafeedstudio-patch-file-include(44420)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44420" + }, + { + "name": "30659", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30659" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4534.json b/2008/4xxx/CVE-2008-4534.json index 61d8775f3c2..649ff9d8947 100644 --- a/2008/4xxx/CVE-2008-4534.json +++ b/2008/4xxx/CVE-2008-4534.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in EC-CUBE Ver2 2.1.2a and earlier, and Ver2 RC 2.3.0-rc1 and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ec-cube.net/info/080829", - "refsource" : "CONFIRM", - "url" : "http://www.ec-cube.net/info/080829" - }, - { - "name" : "JVN#81111541", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN81111541/index.html" - }, - { - "name" : "JVNDB-2008-000065", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000065.html" - }, - { - "name" : "31509", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31509" - }, - { - "name" : "32065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32065" - }, - { - "name" : "eccube-unspecified-sql-injection(45593)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in EC-CUBE Ver2 2.1.2a and earlier, and Ver2 RC 2.3.0-rc1 and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31509", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31509" + }, + { + "name": "JVN#81111541", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN81111541/index.html" + }, + { + "name": "eccube-unspecified-sql-injection(45593)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45593" + }, + { + "name": "JVNDB-2008-000065", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000065.html" + }, + { + "name": "32065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32065" + }, + { + "name": "http://www.ec-cube.net/info/080829", + "refsource": "CONFIRM", + "url": "http://www.ec-cube.net/info/080829" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4796.json b/2008/4xxx/CVE-2008-4796.json index 8280f1f94dd..86d67faa301 100644 --- a/2008/4xxx/CVE-2008-4796.json +++ b/2008/4xxx/CVE-2008-4796.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080907 xoops-1.3.10 shell command execute vulnerability ( causing snoopy class )", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496068/100/0/threaded" - }, - { - "name" : "[oss-security] 20081101 CVE-2008-4796: snoopy triage", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/11/01/1" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=879959", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=879959" - }, - { - "name" : "https://www.nagios.org/projects/nagios-core/history/4x/", - "refsource" : "CONFIRM", - "url" : "https://www.nagios.org/projects/nagios-core/history/4x/" - }, - { - "name" : "DSA-1691", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1691" - }, - { - "name" : "DSA-1871", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1871" - }, - { - "name" : "GLSA-201702-26", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-26" - }, - { - "name" : "JVN#20502807", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN20502807/index.html" - }, - { - "name" : "JVNDB-2008-000074", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.html" - }, - { - "name" : "31887", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31887" - }, - { - "name" : "ADV-2008-2901", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2901" - }, - { - "name" : "32361", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32361" - }, - { - "name" : "snoopy-snoopyclass-command-execution(46068)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "snoopy-snoopyclass-command-execution(46068)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46068" + }, + { + "name": "[oss-security] 20081101 CVE-2008-4796: snoopy triage", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/11/01/1" + }, + { + "name": "ADV-2008-2901", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2901" + }, + { + "name": "20080907 xoops-1.3.10 shell command execute vulnerability ( causing snoopy class )", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496068/100/0/threaded" + }, + { + "name": "31887", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31887" + }, + { + "name": "DSA-1871", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1871" + }, + { + "name": "JVN#20502807", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN20502807/index.html" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=879959", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=879959" + }, + { + "name": "https://www.nagios.org/projects/nagios-core/history/4x/", + "refsource": "CONFIRM", + "url": "https://www.nagios.org/projects/nagios-core/history/4x/" + }, + { + "name": "GLSA-201702-26", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-26" + }, + { + "name": "DSA-1691", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1691" + }, + { + "name": "JVNDB-2008-000074", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.html" + }, + { + "name": "32361", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32361" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6042.json b/2008/6xxx/CVE-2008-6042.json index f7c2ccfc129..2709b8b12b1 100644 --- a/2008/6xxx/CVE-2008-6042.json +++ b/2008/6xxx/CVE-2008-6042.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the re_search module in NetArtMedia Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the ad parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6518", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6518" - }, - { - "name" : "31280", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31280" - }, - { - "name" : "31940", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31940" - }, - { - "name" : "netart-realestate-index-sql-injection(45271)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45271" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the re_search module in NetArtMedia Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the ad parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "netart-realestate-index-sql-injection(45271)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45271" + }, + { + "name": "31940", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31940" + }, + { + "name": "6518", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6518" + }, + { + "name": "31280", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31280" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6083.json b/2008/6xxx/CVE-2008-6083.json index 9cd7909ed6a..a9112065cac 100644 --- a/2008/6xxx/CVE-2008-6083.json +++ b/2008/6xxx/CVE-2008-6083.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in header.php in TXTshop beta 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081023 txtshop - beta 1.0 / Local File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497752/100/0/threaded" - }, - { - "name" : "6816", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6816" - }, - { - "name" : "31885", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31885" - }, - { - "name" : "txtshop-header-file-include(46063)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46063" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in header.php in TXTshop beta 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20081023 txtshop - beta 1.0 / Local File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497752/100/0/threaded" + }, + { + "name": "txtshop-header-file-include(46063)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46063" + }, + { + "name": "6816", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6816" + }, + { + "name": "31885", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31885" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7309.json b/2008/7xxx/CVE-2008-7309.json index 6932e0b581b..34344bd364b 100644 --- a/2008/7xxx/CVE-2008-7309.json +++ b/2008/7xxx/CVE-2008-7309.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the ForumPost user_id value via a modified URL, related to a \"mass assignment\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://railspikes.com/2008/9/22/is-your-rails-application-safe-from-mass-assignment", - "refsource" : "MISC", - "url" : "http://railspikes.com/2008/9/22/is-your-rails-application-safe-from-mass-assignment" - }, - { - "name" : "http://blog.mhartl.com/2008/09/21/finding-and-fixing-mass-assignment-problems-in-rails-applications/", - "refsource" : "CONFIRM", - "url" : "http://blog.mhartl.com/2008/09/21/finding-and-fixing-mass-assignment-problems-in-rails-applications/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the ForumPost user_id value via a modified URL, related to a \"mass assignment\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://railspikes.com/2008/9/22/is-your-rails-application-safe-from-mass-assignment", + "refsource": "MISC", + "url": "http://railspikes.com/2008/9/22/is-your-rails-application-safe-from-mass-assignment" + }, + { + "name": "http://blog.mhartl.com/2008/09/21/finding-and-fixing-mass-assignment-problems-in-rails-applications/", + "refsource": "CONFIRM", + "url": "http://blog.mhartl.com/2008/09/21/finding-and-fixing-mass-assignment-problems-in-rails-applications/" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2590.json b/2013/2xxx/CVE-2013-2590.json index e47aef2f4f5..9d556c55afb 100644 --- a/2013/2xxx/CVE-2013-2590.json +++ b/2013/2xxx/CVE-2013-2590.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2590", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2590", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2628.json b/2013/2xxx/CVE-2013-2628.json index 2fde3a8e274..3e63414e425 100644 --- a/2013/2xxx/CVE-2013-2628.json +++ b/2013/2xxx/CVE-2013-2628.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2013/Dec/107" - }, - { - "name" : "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt", - "refsource" : "MISC", - "url" : "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt" - }, - { - "name" : "101154", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2013/Dec/107" + }, + { + "name": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt", + "refsource": "MISC", + "url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt" + }, + { + "name": "101154", + "refsource": "OSVDB", + "url": "http://osvdb.org/101154" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2790.json b/2013/2xxx/CVE-2013-2790.json index c7699a9fde4..f0da11a37ea 100644 --- a/2013/2xxx/CVE-2013-2790.json +++ b/2013/2xxx/CVE-2013-2790.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The master-station DNP3 driver before driver19.exe, and Beta2041.exe, in IOServer allows remote attackers to cause a denial of service (infinite loop) via crafted DNP3 packets to TCP port 20000." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2013-2790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-213-03", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-213-03" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The master-station DNP3 driver before driver19.exe, and Beta2041.exe, in IOServer allows remote attackers to cause a denial of service (infinite loop) via crafted DNP3 packets to TCP port 20000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-213-03", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-213-03" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2931.json b/2013/2xxx/CVE-2013-2931.json index 662e9caed5a..b5b1e5fc046 100644 --- a/2013/2xxx/CVE-2013-2931.json +++ b/2013/2xxx/CVE-2013-2931.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.48 allow attackers to execute arbitrary code or possibly have other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=258723", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=258723" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=263255", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=263255" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=264574", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=264574" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=271235", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=271235" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=282738", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=282738" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=285578", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=285578" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=286368", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=286368" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=296276", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=296276" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=296804", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=296804" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=297556", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=297556" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=299835", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=299835" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=299993", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=299993" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=302810", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=302810" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=303232", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=303232" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=304226", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=304226" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=306255", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=306255" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=314225", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=314225" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=315823", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=315823" - }, - { - "name" : "DSA-2799", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2799" - }, - { - "name" : "openSUSE-SU-2013:1776", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html" - }, - { - "name" : "openSUSE-SU-2013:1777", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html" - }, - { - "name" : "openSUSE-SU-2013:1861", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html" - }, - { - "name" : "openSUSE-SU-2014:0065", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" - }, - { - "name" : "oval:org.mitre.oval:def:19183", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.48 allow attackers to execute arbitrary code or possibly have other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=271235", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=271235" + }, + { + "name": "oval:org.mitre.oval:def:19183", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19183" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=263255", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=263255" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=285578", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=285578" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=297556", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=297556" + }, + { + "name": "openSUSE-SU-2014:0065", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=282738", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=282738" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=296276", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=296276" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=303232", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=303232" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=299993", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=299993" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=302810", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=302810" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=315823", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=315823" + }, + { + "name": "openSUSE-SU-2013:1776", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=304226", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=304226" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=264574", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=264574" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=296804", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=296804" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=258723", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=258723" + }, + { + "name": "DSA-2799", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2799" + }, + { + "name": "openSUSE-SU-2013:1861", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html" + }, + { + "name": "openSUSE-SU-2013:1777", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=299835", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=299835" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=306255", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=306255" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=286368", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=286368" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=314225", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=314225" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6082.json b/2013/6xxx/CVE-2013-6082.json index a8f9f749823..cf95b9e0404 100644 --- a/2013/6xxx/CVE-2013-6082.json +++ b/2013/6xxx/CVE-2013-6082.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6082", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6082", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6138.json b/2013/6xxx/CVE-2013-6138.json index d68c68551a0..fa596bf3b46 100644 --- a/2013/6xxx/CVE-2013-6138.json +++ b/2013/6xxx/CVE-2013-6138.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6138", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6138", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6973.json b/2013/6xxx/CVE-2013-6973.json index 2b5a4c622de..cc00b089f8a 100644 --- a/2013/6xxx/CVE-2013-6973.json +++ b/2013/6xxx/CVE-2013-6973.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco WebEx Training Center allows remote attackers to discover registration IDs via a crafted URL, aka Bug ID CSCul57121." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-6973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32144", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32144" - }, - { - "name" : "20131212 Cisco WebEx Training Center Registration ID Exposure Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6973" - }, - { - "name" : "64286", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64286" - }, - { - "name" : "100915", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/100915" - }, - { - "name" : "1029492", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029492" - }, - { - "name" : "cisco-webex-cve20136973-info-disc(89651)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco WebEx Training Center allows remote attackers to discover registration IDs via a crafted URL, aka Bug ID CSCul57121." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131212 Cisco WebEx Training Center Registration ID Exposure Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6973" + }, + { + "name": "64286", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64286" + }, + { + "name": "1029492", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029492" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32144", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32144" + }, + { + "name": "100915", + "refsource": "OSVDB", + "url": "http://osvdb.org/100915" + }, + { + "name": "cisco-webex-cve20136973-info-disc(89651)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89651" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10047.json b/2017/10xxx/CVE-2017-10047.json index 3bba7a62a62..6f7121af9ae 100644 --- a/2017/10xxx/CVE-2017-10047.json +++ b/2017/10xxx/CVE-2017-10047.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10047", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MICROS BellaVita", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "2.7.x" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MICROS BellaVita component of Oracle Hospitality Applications (subcomponent: Interface). The supported version that is affected is 2.7.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS BellaVita. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS BellaVita accessible data as well as unauthorized read access to a subset of MICROS BellaVita accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS BellaVita. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS BellaVita accessible data as well as unauthorized read access to a subset of MICROS BellaVita accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MICROS BellaVita", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.7.x" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99661", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99661" - }, - { - "name" : "1038941", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MICROS BellaVita component of Oracle Hospitality Applications (subcomponent: Interface). The supported version that is affected is 2.7.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS BellaVita. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS BellaVita accessible data as well as unauthorized read access to a subset of MICROS BellaVita accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS BellaVita. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS BellaVita accessible data as well as unauthorized read access to a subset of MICROS BellaVita accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038941", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038941" + }, + { + "name": "99661", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99661" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10328.json b/2017/10xxx/CVE-2017-10328.json index 0ca75d94e1a..f7136e9ddac 100644 --- a/2017/10xxx/CVE-2017-10328.json +++ b/2017/10xxx/CVE-2017-10328.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Application Object Library", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - }, - { - "version_affected" : "=", - "version_value" : "12.2.7" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Object Library", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + }, + { + "version_affected": "=", + "version_value": "12.2.7" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101372", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101372" - }, - { - "name" : "1039592", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101372", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101372" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "1039592", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039592" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11658.json b/2017/11xxx/CVE-2017-11658.json index 08eff554d3f..b7f5aa4654a 100644 --- a/2017/11xxx/CVE-2017-11658.json +++ b/2017/11xxx/CVE-2017-11658.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11658", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/Shinkurt/157dbb3767c9489f3d754f79b183a890", - "refsource" : "MISC", - "url" : "https://gist.github.com/Shinkurt/157dbb3767c9489f3d754f79b183a890" - }, - { - "name" : "https://wp-rocket.me/changelog", - "refsource" : "MISC", - "url" : "https://wp-rocket.me/changelog" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8872", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8872" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/Shinkurt/157dbb3767c9489f3d754f79b183a890", + "refsource": "MISC", + "url": "https://gist.github.com/Shinkurt/157dbb3767c9489f3d754f79b183a890" + }, + { + "name": "https://wp-rocket.me/changelog", + "refsource": "MISC", + "url": "https://wp-rocket.me/changelog" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8872", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8872" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14178.json b/2017/14xxx/CVE-2017-14178.json index 13ba4646783..9b2bf5cbcc7 100644 --- a/2017/14xxx/CVE-2017-14178.json +++ b/2017/14xxx/CVE-2017-14178.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@ubuntu.com", - "DATE_PUBLIC" : "2017-11-09T00:00:00.000Z", - "ID" : "CVE-2017-14178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "snapd", - "version" : { - "version_data" : [ - { - "version_value" : "2.27 through 2.29.2" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "credit" : [ - "Robert Ancell" - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information leak" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "DATE_PUBLIC": "2017-11-09T00:00:00.000Z", + "ID": "CVE-2017-14178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "snapd", + "version": { + "version_data": [ + { + "version_value": "2.27 through 2.29.2" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/snapcore/snapd/pull/4194", - "refsource" : "CONFIRM", - "url" : "https://github.com/snapcore/snapd/pull/4194" - }, - { - "name" : "https://launchpad.net/bugs/1730255", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/bugs/1730255" - }, - { - "name" : "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14178.html", - "refsource" : "CONFIRM", - "url" : "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14178.html" - } - ] - } -} + } + }, + "credit": [ + "Robert Ancell" + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14178.html", + "refsource": "CONFIRM", + "url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14178.html" + }, + { + "name": "https://launchpad.net/bugs/1730255", + "refsource": "CONFIRM", + "url": "https://launchpad.net/bugs/1730255" + }, + { + "name": "https://github.com/snapcore/snapd/pull/4194", + "refsource": "CONFIRM", + "url": "https://github.com/snapcore/snapd/pull/4194" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14340.json b/2017/14xxx/CVE-2017-14340.json index d7afe0725fd..1cbdd8f46e7 100644 --- a/2017/14xxx/CVE-2017-14340.json +++ b/2017/14xxx/CVE-2017-14340.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14340", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14340", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b31ff3cdf540110da4572e3e29bd172087af65cc", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b31ff3cdf540110da4572e3e29bd172087af65cc" - }, - { - "name" : "http://seclists.org/oss-sec/2017/q3/436", - "refsource" : "CONFIRM", - "url" : "http://seclists.org/oss-sec/2017/q3/436" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1491344", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1491344" - }, - { - "name" : "https://github.com/torvalds/linux/commit/b31ff3cdf540110da4572e3e29bd172087af65cc", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/b31ff3cdf540110da4572e3e29bd172087af65cc" - }, - { - "name" : "DSA-3981", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3981" - }, - { - "name" : "RHSA-2017:2918", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2918" - }, - { - "name" : "100851", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100851", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100851" + }, + { + "name": "RHSA-2017:2918", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2918" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1491344", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491344" + }, + { + "name": "https://github.com/torvalds/linux/commit/b31ff3cdf540110da4572e3e29bd172087af65cc", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/b31ff3cdf540110da4572e3e29bd172087af65cc" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b31ff3cdf540110da4572e3e29bd172087af65cc", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b31ff3cdf540110da4572e3e29bd172087af65cc" + }, + { + "name": "DSA-3981", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3981" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.2" + }, + { + "name": "http://seclists.org/oss-sec/2017/q3/436", + "refsource": "CONFIRM", + "url": "http://seclists.org/oss-sec/2017/q3/436" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14600.json b/2017/14xxx/CVE-2017-14600.json index 2895648ad9e..9f49463326f 100644 --- a/2017/14xxx/CVE-2017-14600.json +++ b/2017/14xxx/CVE-2017-14600.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/delta/pragyan/issues/228", - "refsource" : "MISC", - "url" : "https://github.com/delta/pragyan/issues/228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/delta/pragyan/issues/228", + "refsource": "MISC", + "url": "https://github.com/delta/pragyan/issues/228" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14770.json b/2017/14xxx/CVE-2017-14770.json index c2a5544bb33..f7c9ac5c830 100644 --- a/2017/14xxx/CVE-2017-14770.json +++ b/2017/14xxx/CVE-2017-14770.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes. A local authenticated attacker can access the password hashes in a debugger-pause state during the authentication process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://lp.skyboxsecurity.com/rs/440-MPQ-510/images/Skybox_Product_Security_Advisory_9_28_17.pdf", - "refsource" : "CONFIRM", - "url" : "https://lp.skyboxsecurity.com/rs/440-MPQ-510/images/Skybox_Product_Security_Advisory_9_28_17.pdf" - }, - { - "name" : "101069", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101069" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes. A local authenticated attacker can access the password hashes in a debugger-pause state during the authentication process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://lp.skyboxsecurity.com/rs/440-MPQ-510/images/Skybox_Product_Security_Advisory_9_28_17.pdf", + "refsource": "CONFIRM", + "url": "https://lp.skyboxsecurity.com/rs/440-MPQ-510/images/Skybox_Product_Security_Advisory_9_28_17.pdf" + }, + { + "name": "101069", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101069" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14805.json b/2017/14xxx/CVE-2017-14805.json index 4cb5dc51782..4c8218a91fc 100644 --- a/2017/14xxx/CVE-2017-14805.json +++ b/2017/14xxx/CVE-2017-14805.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14805", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14805", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15096.json b/2017/15xxx/CVE-2017-15096.json index 5742f294f4d..aa1b08d4e92 100644 --- a/2017/15xxx/CVE-2017-15096.json +++ b/2017/15xxx/CVE-2017-15096.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2017-10-19T00:00:00", - "ID" : "CVE-2017-15096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GlusterFS", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to 3.10" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Null pointer dereference" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2017-10-19T00:00:00", + "ID": "CVE-2017-15096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GlusterFS", + "version": { + "version_data": [ + { + "version_value": "Prior to 3.10" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1504255", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1504255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Null pointer dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1504255", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1504255" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15285.json b/2017/15xxx/CVE-2017-15285.json index 97e195e8182..7c713b3e5da 100644 --- a/2017/15xxx/CVE-2017-15285.json +++ b/2017/15xxx/CVE-2017-15285.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attack methodology is to upload an image file in the Attachments section of a product catalog, upload a .php file with an \"Add File Via URL\" action, and change the image's Description URL to reference the .php URL in the attachments/ directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sxcurity.github.io/PHP%20Code%20Injection%20in%20X-Cart.pdf", - "refsource" : "MISC", - "url" : "https://sxcurity.github.io/PHP%20Code%20Injection%20in%20X-Cart.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attack methodology is to upload an image file in the Attachments section of a product catalog, upload a .php file with an \"Add File Via URL\" action, and change the image's Description URL to reference the .php URL in the attachments/ directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sxcurity.github.io/PHP%20Code%20Injection%20in%20X-Cart.pdf", + "refsource": "MISC", + "url": "https://sxcurity.github.io/PHP%20Code%20Injection%20in%20X-Cart.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15340.json b/2017/15xxx/CVE-2017-15340.json index db57efd37c5..8c0c924b5ec 100644 --- a/2017/15xxx/CVE-2017-15340.json +++ b/2017/15xxx/CVE-2017-15340.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-15340", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TAG-AL00", - "version" : { - "version_data" : [ - { - "version_value" : "TAG-AL00C92B168" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei smartphones with software of TAG-AL00C92B168 have an information disclosure vulnerability. An attacker tricks the user to install a crafted application, this application simulate click action to back up data in a non-encrypted way using an Android assist function. Successful exploit could result in information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-15340", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TAG-AL00", + "version": { + "version_data": [ + { + "version_value": "TAG-AL00C92B168" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-05-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-05-smartphone-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei smartphones with software of TAG-AL00C92B168 have an information disclosure vulnerability. An attacker tricks the user to install a crafted application, this application simulate click action to back up data in a non-encrypted way using an Android assist function. Successful exploit could result in information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-05-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-05-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15584.json b/2017/15xxx/CVE-2017-15584.json index c91cec1087c..51a0fbb68ea 100644 --- a/2017/15xxx/CVE-2017-15584.json +++ b/2017/15xxx/CVE-2017-15584.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15584", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15584", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15683.json b/2017/15xxx/CVE-2017-15683.json index 0158aeb02d9..cc3e667da8e 100644 --- a/2017/15xxx/CVE-2017-15683.json +++ b/2017/15xxx/CVE-2017-15683.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15683", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15683", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15685.json b/2017/15xxx/CVE-2017-15685.json index 772a1f9952c..239fb874138 100644 --- a/2017/15xxx/CVE-2017-15685.json +++ b/2017/15xxx/CVE-2017-15685.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15685", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15685", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9033.json b/2017/9xxx/CVE-2017-9033.json index 0b2f3e1833b..388da2e78f4 100644 --- a/2017/9xxx/CVE-2017-9033.json +++ b/2017/9xxx/CVE-2017-9033.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to SProtectLinux/scanoption_set.cgi, related to the lack of anti-CSRF tokens." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170523 [CORE-2017-0002] - Trend Micro ServerProtect Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/May/91" - }, - { - "name" : "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html" - }, - { - "name" : "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities" - }, - { - "name" : "https://success.trendmicro.com/solution/1117411", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1117411" - }, - { - "name" : "1038548", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to SProtectLinux/scanoption_set.cgi, related to the lack of anti-CSRF tokens." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038548", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038548" + }, + { + "name": "https://success.trendmicro.com/solution/1117411", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1117411" + }, + { + "name": "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities" + }, + { + "name": "20170523 [CORE-2017-0002] - Trend Micro ServerProtect Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/May/91" + }, + { + "name": "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9145.json b/2017/9xxx/CVE-2017-9145.json index f7b54fc929c..dcdf4689416 100644 --- a/2017/9xxx/CVE-2017-9145.json +++ b/2017/9xxx/CVE-2017-9145.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceforge.net/p/tikiwiki/code/62386", - "refsource" : "MISC", - "url" : "https://sourceforge.net/p/tikiwiki/code/62386" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/tikiwiki/code/62386", + "refsource": "MISC", + "url": "https://sourceforge.net/p/tikiwiki/code/62386" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9197.json b/2017/9xxx/CVE-2017-9197.json index ec1059da488..bc88cb82452 100644 --- a/2017/9xxx/CVE-2017-9197.json +++ b/2017/9xxx/CVE-2017-9197.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libautotrace.a in AutoTrace 0.31.1 has a \"cannot be represented in type int\" issue in input-tga.c:498:55." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libautotrace.a in AutoTrace 0.31.1 has a \"cannot be represented in type int\" issue in input-tga.c:498:55." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9608.json b/2017/9xxx/CVE-2017-9608.json index c9a3a4c70bd..056139cef6e 100644 --- a/2017/9xxx/CVE-2017-9608.json +++ b/2017/9xxx/CVE-2017-9608.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9608", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170814 [CVE-2017-9608] null-point-exception happened when ffmpeg using dnxhd decoder to parsing a crafted mv file.", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/08/14/1" - }, - { - "name" : "[oss-security] 20170815 Re: [CVE-2017-9608] null-point-exception happened when ffmpeg using dnxhd decoder to parsing a crafted mv file.", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/08/15/8" - }, - { - "name" : "https://github.com/FFmpeg/FFmpeg/commit/0a709e2a10b8288a0cc383547924ecfe285cef89", - "refsource" : "CONFIRM", - "url" : "https://github.com/FFmpeg/FFmpeg/commit/0a709e2a10b8288a0cc383547924ecfe285cef89" - }, - { - "name" : "https://github.com/FFmpeg/FFmpeg/commit/31c1c0b46a7021802c3d1d18039fca30dba5a14e", - "refsource" : "CONFIRM", - "url" : "https://github.com/FFmpeg/FFmpeg/commit/31c1c0b46a7021802c3d1d18039fca30dba5a14e" - }, - { - "name" : "https://github.com/FFmpeg/FFmpeg/commit/611b35627488a8d0763e75c25ee0875c5b7987dd", - "refsource" : "CONFIRM", - "url" : "https://github.com/FFmpeg/FFmpeg/commit/611b35627488a8d0763e75c25ee0875c5b7987dd" - }, - { - "name" : "DSA-3957", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3957" - }, - { - "name" : "100348", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100348" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/FFmpeg/FFmpeg/commit/0a709e2a10b8288a0cc383547924ecfe285cef89", + "refsource": "CONFIRM", + "url": "https://github.com/FFmpeg/FFmpeg/commit/0a709e2a10b8288a0cc383547924ecfe285cef89" + }, + { + "name": "100348", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100348" + }, + { + "name": "DSA-3957", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3957" + }, + { + "name": "https://github.com/FFmpeg/FFmpeg/commit/611b35627488a8d0763e75c25ee0875c5b7987dd", + "refsource": "CONFIRM", + "url": "https://github.com/FFmpeg/FFmpeg/commit/611b35627488a8d0763e75c25ee0875c5b7987dd" + }, + { + "name": "[oss-security] 20170815 Re: [CVE-2017-9608] null-point-exception happened when ffmpeg using dnxhd decoder to parsing a crafted mv file.", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/08/15/8" + }, + { + "name": "https://github.com/FFmpeg/FFmpeg/commit/31c1c0b46a7021802c3d1d18039fca30dba5a14e", + "refsource": "CONFIRM", + "url": "https://github.com/FFmpeg/FFmpeg/commit/31c1c0b46a7021802c3d1d18039fca30dba5a14e" + }, + { + "name": "[oss-security] 20170814 [CVE-2017-9608] null-point-exception happened when ffmpeg using dnxhd decoder to parsing a crafted mv file.", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/08/14/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0136.json b/2018/0xxx/CVE-2018-0136.json index 5ccda9712df..16c9961f381 100644 --- a/2018/0xxx/CVE-2018-0136.json +++ b/2018/0xxx/CVE-2018-0136.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Aggregation Services Router 9000 Series", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Aggregation Services Router 9000 Series" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series could allow an unauthenticated, remote attacker to trigger a reload of one or more Trident-based line cards, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect handling of IPv6 packets with a fragment header extension. An attacker could exploit this vulnerability by sending IPv6 packets designed to trigger the issue either to or through the Trident-based line card. A successful exploit could allow the attacker to trigger a reload of Trident-based line cards, resulting in a DoS during the period of time the line card takes to restart. This vulnerability affects Cisco Aggregation Services Router (ASR) 9000 Series when the following conditions are met: The router is running Cisco IOS XR Software Release 5.3.4, and the router has installed Trident-based line cards that have IPv6 configured. A software maintenance upgrade (SMU) has been made available that addresses this vulnerability. The fix has also been incorporated into service pack 7 for Cisco IOS XR Software Release 5.3.4. Cisco Bug IDs: CSCvg46800." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Aggregation Services Router 9000 Series", + "version": { + "version_data": [ + { + "version_value": "Cisco Aggregation Services Router 9000 Series" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180131-ipv6", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180131-ipv6" - }, - { - "name" : "102905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102905" - }, - { - "name" : "1040315", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040315" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series could allow an unauthenticated, remote attacker to trigger a reload of one or more Trident-based line cards, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect handling of IPv6 packets with a fragment header extension. An attacker could exploit this vulnerability by sending IPv6 packets designed to trigger the issue either to or through the Trident-based line card. A successful exploit could allow the attacker to trigger a reload of Trident-based line cards, resulting in a DoS during the period of time the line card takes to restart. This vulnerability affects Cisco Aggregation Services Router (ASR) 9000 Series when the following conditions are met: The router is running Cisco IOS XR Software Release 5.3.4, and the router has installed Trident-based line cards that have IPv6 configured. A software maintenance upgrade (SMU) has been made available that addresses this vulnerability. The fix has also been incorporated into service pack 7 for Cisco IOS XR Software Release 5.3.4. Cisco Bug IDs: CSCvg46800." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102905" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180131-ipv6", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180131-ipv6" + }, + { + "name": "1040315", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040315" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0318.json b/2018/0xxx/CVE-2018-0318.json index 85912c55e8a..2a8318fc2c5 100644 --- a/2018/0xxx/CVE-2018-0318.json +++ b/2018/0xxx/CVE-2018-0318.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Prime Collaboration Provisioning unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Prime Collaboration Provisioning unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password reset request. An attacker could exploit this vulnerability by submitting a password reset request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges on the affected system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd07245." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-255" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Prime Collaboration Provisioning unknown", + "version": { + "version_data": [ + { + "version_value": "Cisco Prime Collaboration Provisioning unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-reset", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-reset" - }, - { - "name" : "104434", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104434" - }, - { - "name" : "1041082", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password reset request. An attacker could exploit this vulnerability by submitting a password reset request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges on the affected system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd07245." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-255" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041082", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041082" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-reset", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-reset" + }, + { + "name": "104434", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104434" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0332.json b/2018/0xxx/CVE-2018-0332.json index 683c5d0a7b0..2b653fa5e6a 100644 --- a/2018/0xxx/CVE-2018-0332.json +++ b/2018/0xxx/CVE-2018-0332.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0332", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Unified IP Phone Software unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Unified IP Phone Software unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the targeted device. Successful exploitation could allow the attacker to cause a disruption of services on the targeted IP phone. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0332", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Unified IP Phone Software unknown", + "version": { + "version_data": [ + { + "version_value": "Cisco Unified IP Phone Software unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ip-phone-dos", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ip-phone-dos" - }, - { - "name" : "104445", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104445" - }, - { - "name" : "1041074", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041074" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the targeted device. Successful exploitation could allow the attacker to cause a disruption of services on the targeted IP phone. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104445", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104445" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ip-phone-dos", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ip-phone-dos" + }, + { + "name": "1041074", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041074" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0501.json b/2018/0xxx/CVE-2018-0501.json index 742c460641d..2942a756aba 100644 --- a/2018/0xxx/CVE-2018-0501.json +++ b/2018/0xxx/CVE-2018-0501.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@debian.org", - "ID" : "CVE-2018-0501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3", - "version" : { - "version_data" : [ - { - "version_value" : "APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "lack of signature verification" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2018-0501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3", + "version": { + "version_data": [ + { + "version_value": "APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://mirror.fail", - "refsource" : "MISC", - "url" : "https://mirror.fail" - }, - { - "name" : "https://salsa.debian.org/apt-team/apt/commit/29658a3a74af49e2a24e17bdebb20e1612aac3ec", - "refsource" : "MISC", - "url" : "https://salsa.debian.org/apt-team/apt/commit/29658a3a74af49e2a24e17bdebb20e1612aac3ec" - }, - { - "name" : "https://salsa.debian.org/apt-team/apt/commit/aebd4278bacc728ab00ebe31556983e140f60e47", - "refsource" : "MISC", - "url" : "https://salsa.debian.org/apt-team/apt/commit/aebd4278bacc728ab00ebe31556983e140f60e47" - }, - { - "name" : "USN-3746-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3746-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "lack of signature verification" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://mirror.fail", + "refsource": "MISC", + "url": "https://mirror.fail" + }, + { + "name": "USN-3746-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3746-1/" + }, + { + "name": "https://salsa.debian.org/apt-team/apt/commit/aebd4278bacc728ab00ebe31556983e140f60e47", + "refsource": "MISC", + "url": "https://salsa.debian.org/apt-team/apt/commit/aebd4278bacc728ab00ebe31556983e140f60e47" + }, + { + "name": "https://salsa.debian.org/apt-team/apt/commit/29658a3a74af49e2a24e17bdebb20e1612aac3ec", + "refsource": "MISC", + "url": "https://salsa.debian.org/apt-team/apt/commit/29658a3a74af49e2a24e17bdebb20e1612aac3ec" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0642.json b/2018/0xxx/CVE-2018-0642.json index c3c8f04e961..8e364ad00ff 100644 --- a/2018/0xxx/CVE-2018-0642.json +++ b/2018/0xxx/CVE-2018-0642.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FV Flowplayer Video Player", - "version" : { - "version_data" : [ - { - "version_value" : "6.1.2 to 6.6.4" - } - ] - } - } - ] - }, - "vendor_name" : "Foliovision" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FV Flowplayer Video Player", + "version": { + "version_data": [ + { + "version_value": "6.1.2 to 6.6.4" + } + ] + } + } + ] + }, + "vendor_name": "Foliovision" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers" - }, - { - "name" : "JVN#70246549", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN70246549/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers" + }, + { + "name": "JVN#70246549", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN70246549/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0865.json b/2018/0xxx/CVE-2018-0865.json index 638caaf7dba..a3e5fd1e3ec 100644 --- a/2018/0xxx/CVE-2018-0865.json +++ b/2018/0xxx/CVE-2018-0865.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0865", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-0865", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000033.json b/2018/1000xxx/CVE-2018-1000033.json index 2e506e9567f..649b770af9f 100644 --- a/2018/1000xxx/CVE-2018-1000033.json +++ b/2018/1000xxx/CVE-2018-1000033.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2018-02-01 0:00:00", - "ID" : "CVE-2018-1000033", - "REQUESTER" : "research@sec-consult.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "UnZip", - "version" : { - "version_data" : [ - { - "version_value" : "6.10c22" - } - ] - } - } - ] - }, - "vendor_name" : "InfoZip" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-02-01 0:00:00", + "ID": "CVE-2018-1000033", + "REQUESTER": "research@sec-consult.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html", - "refsource" : "MISC", - "url" : "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html" - }, - { - "name" : "103031", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html", + "refsource": "MISC", + "url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html" + }, + { + "name": "103031", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103031" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12547.json b/2018/12xxx/CVE-2018-12547.json index 749d304b184..0c5004dd79a 100644 --- a/2018/12xxx/CVE-2018-12547.json +++ b/2018/12xxx/CVE-2018-12547.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "emo@eclipse.org", - "ID" : "CVE-2018-12547", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Eclipse OpenJ9", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "0.12.0" - } - ] - } - } - ] - }, - "vendor_name" : "The Eclipse Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20: Improper Input Validation" - } + "CVE_data_meta": { + "ASSIGNER": "security@eclipse.org", + "ID": "CVE-2018-12547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Eclipse OpenJ9", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "0.12.0" + } + ] + } + } + ] + }, + "vendor_name": "The Eclipse Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=543659", - "refsource" : "CONFIRM", - "url" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=543659" - }, - { - "name" : "RHSA-2019:0469", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0469" - }, - { - "name" : "RHSA-2019:0472", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0472" - }, - { - "name" : "RHSA-2019:0473", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0473" - }, - { - "name" : "RHSA-2019:0474", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2019:0474", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0474" + }, + { + "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=543659", + "refsource": "CONFIRM", + "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=543659" + }, + { + "name": "RHSA-2019:0469", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0469" + }, + { + "name": "RHSA-2019:0473", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0473" + }, + { + "name": "RHSA-2019:0472", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0472" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16493.json b/2018/16xxx/CVE-2018-16493.json index f949e3a737f..715c6be57b8 100644 --- a/2018/16xxx/CVE-2018-16493.json +++ b/2018/16xxx/CVE-2018-16493.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2018-16493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "static-resource-server", - "version" : { - "version_data" : [ - { - "version_value" : "1.7.2" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure Through Directory Listing (CWE-548)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2018-16493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "static-resource-server", + "version": { + "version_data": [ + { + "version_value": "1.7.2" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/432600", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/432600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure Through Directory Listing (CWE-548)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/432600", + "refsource": "MISC", + "url": "https://hackerone.com/reports/432600" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16808.json b/2018/16xxx/CVE-2018-16808.json index e4a85235218..d1c0272a337 100644 --- a/2018/16xxx/CVE-2018-16808.json +++ b/2018/16xxx/CVE-2018-16808.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Dolibarr/dolibarr/issues/9449", - "refsource" : "MISC", - "url" : "https://github.com/Dolibarr/dolibarr/issues/9449" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Dolibarr/dolibarr/issues/9449", + "refsource": "MISC", + "url": "https://github.com/Dolibarr/dolibarr/issues/9449" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19511.json b/2018/19xxx/CVE-2018-19511.json index ecd309cb539..027ffca1d64 100644 --- a/2018/19xxx/CVE-2018-19511.json +++ b/2018/19xxx/CVE-2018-19511.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19511", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151017/Webgalamb-Information-Disclosure-XSS-CSRF-SQL-Injection.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151017/Webgalamb-Information-Disclosure-XSS-CSRF-SQL-Injection.html" + }, + { + "url": "http://seclists.org/fulldisclosure/2019/Jan/15", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/Jan/15" } ] } diff --git a/2018/4xxx/CVE-2018-4394.json b/2018/4xxx/CVE-2018-4394.json index ccab7aa69b8..ae32cad29a7 100644 --- a/2018/4xxx/CVE-2018-4394.json +++ b/2018/4xxx/CVE-2018-4394.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4394", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4394", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file