From b9a474a19fe931d8bc57b353454bc0a890088301 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 21:50:56 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2008/0xxx/CVE-2008-0439.json | 150 +++++++-------- 2008/0xxx/CVE-2008-0605.json | 150 +++++++-------- 2008/0xxx/CVE-2008-0673.json | 180 +++++++++--------- 2008/0xxx/CVE-2008-0952.json | 210 ++++++++++----------- 2008/0xxx/CVE-2008-0973.json | 180 +++++++++--------- 2008/1xxx/CVE-2008-1042.json | 150 +++++++-------- 2008/1xxx/CVE-2008-1545.json | 170 ++++++++--------- 2008/1xxx/CVE-2008-1751.json | 160 ++++++++-------- 2008/1xxx/CVE-2008-1840.json | 170 ++++++++--------- 2008/1xxx/CVE-2008-1864.json | 150 +++++++-------- 2008/4xxx/CVE-2008-4071.json | 140 +++++++------- 2008/4xxx/CVE-2008-4181.json | 170 ++++++++--------- 2008/4xxx/CVE-2008-4212.json | 190 +++++++++---------- 2008/4xxx/CVE-2008-4360.json | 330 ++++++++++++++++----------------- 2013/2xxx/CVE-2013-2715.json | 180 +++++++++--------- 2013/3xxx/CVE-2013-3092.json | 130 ++++++------- 2013/3xxx/CVE-2013-3275.json | 120 ++++++------ 2013/3xxx/CVE-2013-3434.json | 150 +++++++-------- 2013/3xxx/CVE-2013-3965.json | 34 ++-- 2013/4xxx/CVE-2013-4096.json | 130 ++++++------- 2013/4xxx/CVE-2013-4363.json | 160 ++++++++-------- 2013/4xxx/CVE-2013-4934.json | 270 +++++++++++++-------------- 2013/6xxx/CVE-2013-6117.json | 160 ++++++++-------- 2013/6xxx/CVE-2013-6673.json | 320 ++++++++++++++++---------------- 2013/6xxx/CVE-2013-6900.json | 150 +++++++-------- 2013/7xxx/CVE-2013-7010.json | 180 +++++++++--------- 2017/10xxx/CVE-2017-10112.json | 180 +++++++++--------- 2017/10xxx/CVE-2017-10229.json | 142 +++++++------- 2017/10xxx/CVE-2017-10297.json | 34 ++-- 2017/10xxx/CVE-2017-10657.json | 34 ++-- 2017/10xxx/CVE-2017-10973.json | 130 ++++++------- 2017/12xxx/CVE-2017-12647.json | 130 ++++++------- 2017/13xxx/CVE-2017-13464.json | 34 ++-- 2017/13xxx/CVE-2017-13552.json | 34 ++-- 2017/13xxx/CVE-2017-13589.json | 34 ++-- 2017/13xxx/CVE-2017-13903.json | 160 ++++++++-------- 2017/17xxx/CVE-2017-17481.json | 34 ++-- 2017/17xxx/CVE-2017-17526.json | 120 ++++++------ 2017/17xxx/CVE-2017-17799.json | 120 ++++++------ 2017/17xxx/CVE-2017-17800.json | 120 ++++++------ 2017/9xxx/CVE-2017-9280.json | 194 +++++++++---------- 2018/0xxx/CVE-2018-0129.json | 130 ++++++------- 2018/0xxx/CVE-2018-0432.json | 164 ++++++++-------- 2018/0xxx/CVE-2018-0817.json | 142 +++++++------- 2018/18xxx/CVE-2018-18205.json | 130 ++++++------- 2018/18xxx/CVE-2018-18660.json | 140 +++++++------- 2018/19xxx/CVE-2018-19042.json | 120 ++++++------ 2018/19xxx/CVE-2018-19053.json | 120 ++++++------ 2018/19xxx/CVE-2018-19140.json | 34 ++-- 2018/19xxx/CVE-2018-19467.json | 34 ++-- 2018/19xxx/CVE-2018-19821.json | 130 ++++++------- 2018/19xxx/CVE-2018-19866.json | 34 ++-- 2018/1xxx/CVE-2018-1115.json | 196 ++++++++++---------- 2018/1xxx/CVE-2018-1183.json | 132 ++++++------- 2018/1xxx/CVE-2018-1765.json | 34 ++-- 2018/1xxx/CVE-2018-1812.json | 172 ++++++++--------- 2018/1xxx/CVE-2018-1831.json | 34 ++-- 57 files changed, 3865 insertions(+), 3865 deletions(-) diff --git a/2008/0xxx/CVE-2008-0439.json b/2008/0xxx/CVE-2008-0439.json index e13afa17c52..b0e1395f4c3 100644 --- a/2008/0xxx/CVE-2008-0439.json +++ b/2008/0xxx/CVE-2008-0439.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in templates/default/admincp/attachments_header.php in DeluxeBB 1.1 allows remote attackers to inject arbitrary web script or HTML via the lang_listofmatches parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080122 DeluxeBB 1.1 XSS Vulnerabilitie", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/486804/100/0/threaded" - }, - { - "name" : "27401", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27401" - }, - { - "name" : "3564", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3564" - }, - { - "name" : "deluxbb-attachmentsheader-xss(39829)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39829" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in templates/default/admincp/attachments_header.php in DeluxeBB 1.1 allows remote attackers to inject arbitrary web script or HTML via the lang_listofmatches parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27401", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27401" + }, + { + "name": "20080122 DeluxeBB 1.1 XSS Vulnerabilitie", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/486804/100/0/threaded" + }, + { + "name": "3564", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3564" + }, + { + "name": "deluxbb-attachmentsheader-xss(39829)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39829" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0605.json b/2008/0xxx/CVE-2008-0605.json index 7201f2a4dd0..b4317d5990c 100644 --- a/2008/0xxx/CVE-2008-0605.json +++ b/2008/0xxx/CVE-2008-0605.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in AstroSoft HelpDesk before 1.95.228 allow remote attackers to inject arbitrary web script or HTML via the (1) txtSearch parameter to operator/article/article_search_results.asp and the (2) Attach_Id parameter to operator/article/article_attachment.asp. NOTE: for vector 2, the XSS occurs in a forced SQL error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080204 [DSECRG-08-011] Astrosoft HelpDesk Multiple XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487487/100/0/threaded" - }, - { - "name" : "20080214 [DSECRG-08-011 | FIX INFORMATION] Astrosoft HelpDesk Multiple XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488107/100/0/threaded" - }, - { - "name" : "27610", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27610" - }, - { - "name" : "3612", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3612" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in AstroSoft HelpDesk before 1.95.228 allow remote attackers to inject arbitrary web script or HTML via the (1) txtSearch parameter to operator/article/article_search_results.asp and the (2) Attach_Id parameter to operator/article/article_attachment.asp. NOTE: for vector 2, the XSS occurs in a forced SQL error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3612", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3612" + }, + { + "name": "27610", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27610" + }, + { + "name": "20080214 [DSECRG-08-011 | FIX INFORMATION] Astrosoft HelpDesk Multiple XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488107/100/0/threaded" + }, + { + "name": "20080204 [DSECRG-08-011] Astrosoft HelpDesk Multiple XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487487/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0673.json b/2008/0xxx/CVE-2008-0673.json index 6c133dfbf51..c8eda4ac944 100644 --- a/2008/0xxx/CVE-2008-0673.json +++ b/2008/0xxx/CVE-2008-0673.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an inbound file-transfer request, before the user has an opportunity to decline the request, which allows remote attackers to truncate arbitrary files in the top level of a home directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080206 Chat vulnerabilities in TinTin++ 1.97.9", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487687/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/rintintin-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/rintintin-adv.txt" - }, - { - "name" : "GLSA-201111-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201111-07.xml" - }, - { - "name" : "27660", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27660" - }, - { - "name" : "ADV-2008-0449", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0449" - }, - { - "name" : "28833", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28833" - }, - { - "name" : "3632", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an inbound file-transfer request, before the user has an opportunity to decline the request, which allows remote attackers to truncate arbitrary files in the top level of a home directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201111-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201111-07.xml" + }, + { + "name": "3632", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3632" + }, + { + "name": "28833", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28833" + }, + { + "name": "27660", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27660" + }, + { + "name": "20080206 Chat vulnerabilities in TinTin++ 1.97.9", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487687/100/0/threaded" + }, + { + "name": "http://aluigi.altervista.org/adv/rintintin-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/rintintin-adv.txt" + }, + { + "name": "ADV-2008-0449", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0449" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0952.json b/2008/0xxx/CVE-2008-0952.json index a57644ef4e6..deb64d872a7 100644 --- a/2008/0xxx/CVE-2008-0952.json +++ b/2008/0xxx/CVE-2008-0952.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0952", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and the content in the second argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2008-0952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.csis.dk/dk/forside/CSIS-RI-0003.pdf", - "refsource" : "MISC", - "url" : "http://www.csis.dk/dk/forside/CSIS-RI-0003.pdf" - }, - { - "name" : "HPSBMA02326", - "refsource" : "HP", - "url" : "http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264" - }, - { - "name" : "SSRT071490", - "refsource" : "HP", - "url" : "http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264" - }, - { - "name" : "VU#190939", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/190939" - }, - { - "name" : "29526", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29526" - }, - { - "name" : "29535", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29535" - }, - { - "name" : "ADV-2008-1740", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1740/references" - }, - { - "name" : "1020165", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020165" - }, - { - "name" : "30516", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30516" - }, - { - "name" : "hp-instantsupport-append-file-overwrite(42834)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42834" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and the content in the second argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30516", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30516" + }, + { + "name": "HPSBMA02326", + "refsource": "HP", + "url": "http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264" + }, + { + "name": "VU#190939", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/190939" + }, + { + "name": "29526", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29526" + }, + { + "name": "ADV-2008-1740", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1740/references" + }, + { + "name": "http://www.csis.dk/dk/forside/CSIS-RI-0003.pdf", + "refsource": "MISC", + "url": "http://www.csis.dk/dk/forside/CSIS-RI-0003.pdf" + }, + { + "name": "hp-instantsupport-append-file-overwrite(42834)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42834" + }, + { + "name": "1020165", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020165" + }, + { + "name": "SSRT071490", + "refsource": "HP", + "url": "http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264" + }, + { + "name": "29535", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29535" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0973.json b/2008/0xxx/CVE-2008-0973.json index 5aac675ca43..86fe6838c9e 100644 --- a/2008/0xxx/CVE-2008-0973.json +++ b/2008/0xxx/CVE-2008-0973.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Double-Take (aka HP StorageWorks Storage Mirroring) 4.5.0.1629, and other 4.5.0.x versions, allows remote attackers to have an unknown impact via a packet with a long string in the username field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080222 Multiple vulnerabilities in Double-Take 5.0.0.2865", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488632/100/0/threaded" - }, - { - "name" : "http://aluigi.org/poc/doubletakedown.zip", - "refsource" : "MISC", - "url" : "http://aluigi.org/poc/doubletakedown.zip" - }, - { - "name" : "http://aluigi.altervista.org/adv/doubletakedown-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/doubletakedown-adv.txt" - }, - { - "name" : "27951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27951" - }, - { - "name" : "ADV-2008-0666", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0666" - }, - { - "name" : "29075", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29075" - }, - { - "name" : "3698", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Double-Take (aka HP StorageWorks Storage Mirroring) 4.5.0.1629, and other 4.5.0.x versions, allows remote attackers to have an unknown impact via a packet with a long string in the username field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0666", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0666" + }, + { + "name": "http://aluigi.altervista.org/adv/doubletakedown-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/doubletakedown-adv.txt" + }, + { + "name": "3698", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3698" + }, + { + "name": "27951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27951" + }, + { + "name": "http://aluigi.org/poc/doubletakedown.zip", + "refsource": "MISC", + "url": "http://aluigi.org/poc/doubletakedown.zip" + }, + { + "name": "29075", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29075" + }, + { + "name": "20080222 Multiple vulnerabilities in Double-Take 5.0.0.2865", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488632/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1042.json b/2008/1xxx/CVE-2008-1042.json index c03249d5a0d..152d7625469 100644 --- a/2008/1xxx/CVE-2008-1042.json +++ b/2008/1xxx/CVE-2008-1042.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in include/body.inc.php in Linux Web Shop (LWS) php Download Manager 1.0 and 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5183", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5183" - }, - { - "name" : "27961", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27961" - }, - { - "name" : "29089", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29089" - }, - { - "name" : "phpdownloadmanager-body-file-include(40795)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40795" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in include/body.inc.php in Linux Web Shop (LWS) php Download Manager 1.0 and 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29089", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29089" + }, + { + "name": "5183", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5183" + }, + { + "name": "27961", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27961" + }, + { + "name": "phpdownloadmanager-body-file-include(40795)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40795" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1545.json b/2008/1xxx/CVE-2008-1545.json index a12f2c5bd75..0076812386c 100644 --- a/2008/1xxx/CVE-2008-1545.json +++ b/2008/1xxx/CVE-2008-1545.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a \"Transfer-Encoding: chunked\" header and a request body with an incorrect chunk size." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080321 [MSA01240108] IE7 Transfer-Encoding: chunked allows Request Splitting/Smuggling.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489960/100/0/threaded" - }, - { - "name" : "http://www.mindedsecurity.com/MSA01240108.html", - "refsource" : "MISC", - "url" : "http://www.mindedsecurity.com/MSA01240108.html" - }, - { - "name" : "ADV-2008-0980", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0980" - }, - { - "name" : "29453", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29453" - }, - { - "name" : "3786", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3786" - }, - { - "name" : "ie-setrequestheader-chunk-security-bypass(42804)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a \"Transfer-Encoding: chunked\" header and a request body with an incorrect chunk size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29453", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29453" + }, + { + "name": "3786", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3786" + }, + { + "name": "http://www.mindedsecurity.com/MSA01240108.html", + "refsource": "MISC", + "url": "http://www.mindedsecurity.com/MSA01240108.html" + }, + { + "name": "ADV-2008-0980", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0980" + }, + { + "name": "20080321 [MSA01240108] IE7 Transfer-Encoding: chunked allows Request Splitting/Smuggling.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489960/100/0/threaded" + }, + { + "name": "ie-setrequestheader-chunk-security-bypass(42804)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42804" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1751.json b/2008/1xxx/CVE-2008-1751.json index 461ca4a3f3c..d5b2c6a296f 100644 --- a/2008/1xxx/CVE-2008-1751.json +++ b/2008/1xxx/CVE-2008-1751.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1751", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in index.php in Ksemail allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) language and (2) lang parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5423", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5423" - }, - { - "name" : "28724", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28724" - }, - { - "name" : "44362", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/44362" - }, - { - "name" : "29776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29776" - }, - { - "name" : "ksemail-index-file-include(41749)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in index.php in Ksemail allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) language and (2) lang parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44362", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/44362" + }, + { + "name": "ksemail-index-file-include(41749)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41749" + }, + { + "name": "29776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29776" + }, + { + "name": "5423", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5423" + }, + { + "name": "28724", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28724" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1840.json b/2008/1xxx/CVE-2008-1840.json index 0d20f904e40..a706f8199f8 100644 --- a/2008/1xxx/CVE-2008-1840.json +++ b/2008/1xxx/CVE-2008-1840.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1840", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forum.coppermine-gallery.net/index.php/topic,51787,0.html", - "refsource" : "CONFIRM", - "url" : "http://forum.coppermine-gallery.net/index.php/topic,51787,0.html" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=89658&release_id=592069", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=89658&release_id=592069" - }, - { - "name" : "28766", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28766" - }, - { - "name" : "44345", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/44345" - }, - { - "name" : "29795", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29795" - }, - { - "name" : "coppermine-upload-sql-injection(41784)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41784" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "coppermine-upload-sql-injection(41784)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41784" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=89658&release_id=592069", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=89658&release_id=592069" + }, + { + "name": "28766", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28766" + }, + { + "name": "29795", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29795" + }, + { + "name": "44345", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/44345" + }, + { + "name": "http://forum.coppermine-gallery.net/index.php/topic,51787,0.html", + "refsource": "CONFIRM", + "url": "http://forum.coppermine-gallery.net/index.php/topic,51787,0.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1864.json b/2008/1xxx/CVE-2008-1864.json index 00906a2b910..0b7b906d17b 100644 --- a/2008/1xxx/CVE-2008-1864.json +++ b/2008/1xxx/CVE-2008-1864.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in project.php in Prozilla Freelancers allows remote attackers to execute arbitrary SQL commands via the project parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5390", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5390" - }, - { - "name" : "28653", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28653" - }, - { - "name" : "29723", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29723" - }, - { - "name" : "prozillafreelancers-project-sql-injection(41705)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41705" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in project.php in Prozilla Freelancers allows remote attackers to execute arbitrary SQL commands via the project parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "prozillafreelancers-project-sql-injection(41705)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41705" + }, + { + "name": "28653", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28653" + }, + { + "name": "29723", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29723" + }, + { + "name": "5390", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5390" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4071.json b/2008/4xxx/CVE-2008-4071.json index 352e9bba4b4..208fcb69455 100644 --- a/2008/4xxx/CVE-2008-4071.json +++ b/2008/4xxx/CVE-2008-4071.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6424", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6424" - }, - { - "name" : "4257", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4257" - }, - { - "name" : "adobe-acrobat-activex-dos(45195)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45195" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6424", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6424" + }, + { + "name": "4257", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4257" + }, + { + "name": "adobe-acrobat-activex-dos(45195)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45195" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4181.json b/2008/4xxx/CVE-2008-4181.json index 186cc9b9cea..015297a37a9 100644 --- a/2008/4xxx/CVE-2008-4181.json +++ b/2008/4xxx/CVE-2008-4181.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) or absolute pathname in the fantasticopath parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6461", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6461" - }, - { - "name" : "http://www.netenberg.com/forum/index.php?topic=6768.0", - "refsource" : "CONFIRM", - "url" : "http://www.netenberg.com/forum/index.php?topic=6768.0" - }, - { - "name" : "31196", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31196" - }, - { - "name" : "31863", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31863" - }, - { - "name" : "4301", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4301" - }, - { - "name" : "fantastico-xml-file-include(45147)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) or absolute pathname in the fantasticopath parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "fantastico-xml-file-include(45147)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45147" + }, + { + "name": "31196", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31196" + }, + { + "name": "4301", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4301" + }, + { + "name": "6461", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6461" + }, + { + "name": "http://www.netenberg.com/forum/index.php?topic=6768.0", + "refsource": "CONFIRM", + "url": "http://www.netenberg.com/forum/index.php?topic=6768.0" + }, + { + "name": "31863", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31863" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4212.json b/2008/4xxx/CVE-2008-4212.json index 8d5693d8178..adbe997b1b3 100644 --- a/2008/4xxx/CVE-2008-4212.json +++ b/2008/4xxx/CVE-2008-4212.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3216", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3216" - }, - { - "name" : "APPLE-SA-2008-10-09", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" - }, - { - "name" : "31681", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31681" - }, - { - "name" : "31708", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31708" - }, - { - "name" : "ADV-2008-2780", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2780" - }, - { - "name" : "1021028", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021028" - }, - { - "name" : "32222", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32222" - }, - { - "name" : "macosx-rlogin-weak-security(45785)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45785" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31681", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31681" + }, + { + "name": "31708", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31708" + }, + { + "name": "1021028", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021028" + }, + { + "name": "32222", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32222" + }, + { + "name": "ADV-2008-2780", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2780" + }, + { + "name": "macosx-rlogin-weak-security(45785)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45785" + }, + { + "name": "APPLE-SA-2008-10-09", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT3216", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3216" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4360.json b/2008/4xxx/CVE-2008-4360.json index 4d958ce24b9..2b52504af24 100644 --- a/2008/4xxx/CVE-2008-4360.json +++ b/2008/4xxx/CVE-2008-4360.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081030 rPSA-2008-0309-1 lighttpd", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497932/100/0/threaded" - }, - { - "name" : "[oss-security] 20080930 Re: CVE request: lighttpd issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2008/09/30/1" - }, - { - "name" : "[oss-security] 20080930 Re: CVE request: lighttpd issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2008/09/30/2" - }, - { - "name" : "[oss-security] 20080930 Re: Re: CVE request: lighttpd issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2008/09/30/3" - }, - { - "name" : "http://trac.lighttpd.net/trac/changeset/2283", - "refsource" : "CONFIRM", - "url" : "http://trac.lighttpd.net/trac/changeset/2283" - }, - { - "name" : "http://trac.lighttpd.net/trac/changeset/2308", - "refsource" : "CONFIRM", - "url" : "http://trac.lighttpd.net/trac/changeset/2308" - }, - { - "name" : "http://trac.lighttpd.net/trac/ticket/1589", - "refsource" : "CONFIRM", - "url" : "http://trac.lighttpd.net/trac/ticket/1589" - }, - { - "name" : "http://www.lighttpd.net/security/lighttpd-1.4.x_userdir_lowercase.patch", - "refsource" : "CONFIRM", - "url" : "http://www.lighttpd.net/security/lighttpd-1.4.x_userdir_lowercase.patch" - }, - { - "name" : "http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt", - "refsource" : "CONFIRM", - "url" : "http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0309", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0309" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0309", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0309" - }, - { - "name" : "DSA-1645", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1645" - }, - { - "name" : "GLSA-200812-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200812-04.xml" - }, - { - "name" : "SUSE-SR:2008:026", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html" - }, - { - "name" : "31600", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31600" - }, - { - "name" : "ADV-2008-2741", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2741" - }, - { - "name" : "32132", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32132" - }, - { - "name" : "32069", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32069" - }, - { - "name" : "32834", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32834" - }, - { - "name" : "32972", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32972" - }, - { - "name" : "32480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32480" - }, - { - "name" : "lighttpd-moduserdir-info-disclosure(45689)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32069", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32069" + }, + { + "name": "http://www.lighttpd.net/security/lighttpd-1.4.x_userdir_lowercase.patch", + "refsource": "CONFIRM", + "url": "http://www.lighttpd.net/security/lighttpd-1.4.x_userdir_lowercase.patch" + }, + { + "name": "32972", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32972" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0309", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0309" + }, + { + "name": "31600", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31600" + }, + { + "name": "32834", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32834" + }, + { + "name": "http://trac.lighttpd.net/trac/changeset/2283", + "refsource": "CONFIRM", + "url": "http://trac.lighttpd.net/trac/changeset/2283" + }, + { + "name": "lighttpd-moduserdir-info-disclosure(45689)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45689" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0309", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0309" + }, + { + "name": "32132", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32132" + }, + { + "name": "http://trac.lighttpd.net/trac/changeset/2308", + "refsource": "CONFIRM", + "url": "http://trac.lighttpd.net/trac/changeset/2308" + }, + { + "name": "[oss-security] 20080930 Re: CVE request: lighttpd issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2008/09/30/1" + }, + { + "name": "20081030 rPSA-2008-0309-1 lighttpd", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497932/100/0/threaded" + }, + { + "name": "ADV-2008-2741", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2741" + }, + { + "name": "DSA-1645", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1645" + }, + { + "name": "[oss-security] 20080930 Re: Re: CVE request: lighttpd issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2008/09/30/3" + }, + { + "name": "[oss-security] 20080930 Re: CVE request: lighttpd issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2008/09/30/2" + }, + { + "name": "32480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32480" + }, + { + "name": "SUSE-SR:2008:026", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html" + }, + { + "name": "http://trac.lighttpd.net/trac/ticket/1589", + "refsource": "CONFIRM", + "url": "http://trac.lighttpd.net/trac/ticket/1589" + }, + { + "name": "GLSA-200812-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200812-04.xml" + }, + { + "name": "http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt", + "refsource": "CONFIRM", + "url": "http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2715.json b/2013/2xxx/CVE-2013-2715.json index 3a84bec22ba..d50ed64f409 100644 --- a/2013/2xxx/CVE-2013-2715.json +++ b/2013/2xxx/CVE-2013-2715.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the admin view in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130114 Re: CVE request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/01/15/3" - }, - { - "name" : "https://drupal.org/node/1884332", - "refsource" : "MISC", - "url" : "https://drupal.org/node/1884332" - }, - { - "name" : "http://drupalcode.org/project/search_api.git/commitdiff/d22cf53", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/search_api.git/commitdiff/d22cf53" - }, - { - "name" : "https://drupal.org/node/1884076", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/1884076" - }, - { - "name" : "89116", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/89116" - }, - { - "name" : "51806", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51806" - }, - { - "name" : "drupal-searchapi-fieldnames-xss(81154)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the admin view in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "89116", + "refsource": "OSVDB", + "url": "http://osvdb.org/89116" + }, + { + "name": "51806", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51806" + }, + { + "name": "[oss-security] 20130114 Re: CVE request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/01/15/3" + }, + { + "name": "http://drupalcode.org/project/search_api.git/commitdiff/d22cf53", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/search_api.git/commitdiff/d22cf53" + }, + { + "name": "https://drupal.org/node/1884076", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/1884076" + }, + { + "name": "drupal-searchapi-fieldnames-xss(81154)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81154" + }, + { + "name": "https://drupal.org/node/1884332", + "refsource": "MISC", + "url": "https://drupal.org/node/1884332" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3092.json b/2013/3xxx/CVE-2013-3092.json index ee86476f5ff..6d9214f7fda 100644 --- a/2013/3xxx/CVE-2013-3092.json +++ b/2013/3xxx/CVE-2013-3092.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf", - "refsource" : "MISC", - "url" : "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf" - }, - { - "name" : "http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php", - "refsource" : "MISC", - "url" : "http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf", + "refsource": "MISC", + "url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf" + }, + { + "name": "http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php", + "refsource": "MISC", + "url": "http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3275.json b/2013/3xxx/CVE-2013-3275.json index e8d4691efca..3ea899cc845 100644 --- a/2013/3xxx/CVE-2013-3275.json +++ b/2013/3xxx/CVE-2013-3275.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to \"cross frame scripting vulnerabilities.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2013-3275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130717 ESA-2013-055: EMC Avamar Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-07/0114.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to \"cross frame scripting vulnerabilities.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130717 ESA-2013-055: EMC Avamar Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0114.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3434.json b/2013/3xxx/CVE-2013-3434.json index 8343a614d8c..8a73137a26c 100644 --- a/2013/3xxx/CVE-2013-3434.json +++ b/2013/3xxx/CVE-2013-3434.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-3434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm" - }, - { - "name" : "61296", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61296" - }, - { - "name" : "95403", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95403" - }, - { - "name" : "54249", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61296", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61296" + }, + { + "name": "54249", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54249" + }, + { + "name": "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm" + }, + { + "name": "95403", + "refsource": "OSVDB", + "url": "http://osvdb.org/95403" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3965.json b/2013/3xxx/CVE-2013-3965.json index 86083e5375b..936490394cf 100644 --- a/2013/3xxx/CVE-2013-3965.json +++ b/2013/3xxx/CVE-2013-3965.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3965", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3965", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4096.json b/2013/4xxx/CVE-2013-4096.json index beb94e88315..96100a03ff6 100644 --- a/2013/4xxx/CVE-2013-4096.json +++ b/2013/4xxx/CVE-2013-4096.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ServerAdmin/TestTelnetConnection.jsp in DS3 Authentication Server allows remote authenticated users to execute arbitrary commands via shell metacharacters in the HOST_NAME field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/121862/DS3-Authentication-Server-Command-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/121862/DS3-Authentication-Server-Command-Execution.html" - }, - { - "name" : "http://www.digitalsec.net/stuff/explt+advs/DS3.AuthServer.txt", - "refsource" : "MISC", - "url" : "http://www.digitalsec.net/stuff/explt+advs/DS3.AuthServer.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ServerAdmin/TestTelnetConnection.jsp in DS3 Authentication Server allows remote authenticated users to execute arbitrary commands via shell metacharacters in the HOST_NAME field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.digitalsec.net/stuff/explt+advs/DS3.AuthServer.txt", + "refsource": "MISC", + "url": "http://www.digitalsec.net/stuff/explt+advs/DS3.AuthServer.txt" + }, + { + "name": "http://packetstormsecurity.com/files/121862/DS3-Authentication-Server-Command-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/121862/DS3-Authentication-Server-Command-Execution.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4363.json b/2013/4xxx/CVE-2013-4363.json index f702b0ab641..3b9b2e407a8 100644 --- a/2013/4xxx/CVE-2013-4363.json +++ b/2013/4xxx/CVE-2013-4363.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130915 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/09/14/3" - }, - { - "name" : "[oss-security] 20130918 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/09/18/8" - }, - { - "name" : "[oss-security] 20130920 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/09/20/1" - }, - { - "name" : "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html", - "refsource" : "CONFIRM", - "url" : "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html" - }, - { - "name" : "https://puppet.com/security/cve/cve-2013-4363", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/cve-2013-4363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://puppet.com/security/cve/cve-2013-4363", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/cve-2013-4363" + }, + { + "name": "[oss-security] 20130918 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/09/18/8" + }, + { + "name": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html", + "refsource": "CONFIRM", + "url": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html" + }, + { + "name": "[oss-security] 20130915 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/09/14/3" + }, + { + "name": "[oss-security] 20130920 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/09/20/1" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4934.json b/2013/4xxx/CVE-2013-4934.json index 978056717dd..890a4747063 100644 --- a/2013/4xxx/CVE-2013-4934.json +++ b/2013/4xxx/CVE-2013-4934.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize certain structure members, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk/wiretap/netmon.c?r1=49697&r2=49696&pathrev=49697", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk/wiretap/netmon.c?r1=49697&r2=49696&pathrev=49697" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=49697", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=49697" - }, - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html" - }, - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8742", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8742" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2013-51.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2013-51.html" - }, - { - "name" : "DSA-2734", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2734" - }, - { - "name" : "GLSA-201308-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" - }, - { - "name" : "RHSA-2014:0341", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0341.html" - }, - { - "name" : "openSUSE-SU-2013:1295", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-08/msg00004.html" - }, - { - "name" : "openSUSE-SU-2013:1300", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-08/msg00009.html" - }, - { - "name" : "oval:org.mitre.oval:def:17584", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17584" - }, - { - "name" : "54178", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54178" - }, - { - "name" : "54371", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54371" - }, - { - "name" : "54296", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54296" - }, - { - "name" : "54425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize certain structure members, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk/wiretap/netmon.c?r1=49697&r2=49696&pathrev=49697", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk/wiretap/netmon.c?r1=49697&r2=49696&pathrev=49697" + }, + { + "name": "54371", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54371" + }, + { + "name": "openSUSE-SU-2013:1300", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00009.html" + }, + { + "name": "54178", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54178" + }, + { + "name": "oval:org.mitre.oval:def:17584", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17584" + }, + { + "name": "RHSA-2014:0341", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0341.html" + }, + { + "name": "54425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54425" + }, + { + "name": "DSA-2734", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2734" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2013-51.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2013-51.html" + }, + { + "name": "GLSA-201308-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=49697", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=49697" + }, + { + "name": "openSUSE-SU-2013:1295", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00004.html" + }, + { + "name": "54296", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54296" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8742", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8742" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6117.json b/2013/6xxx/CVE-2013-6117.json index 30d30746d14..d17389f6dc1 100644 --- a/2013/6xxx/CVE-2013-6117.json +++ b/2013/6xxx/CVE-2013-6117.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131113 Dahua DVR Authentication Bypass - CVE-2013-6117", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2013/Nov/62" - }, - { - "name" : "29673", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/29673" - }, - { - "name" : "http://blog.depthsecurity.com/2013/11/dahua-dvr-authentication-bypass-cve.html", - "refsource" : "MISC", - "url" : "http://blog.depthsecurity.com/2013/11/dahua-dvr-authentication-bypass-cve.html" - }, - { - "name" : "http://packetstormsecurity.com/files/124022/Dahua-DVR-Authentication-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/124022/Dahua-DVR-Authentication-Bypass.html" - }, - { - "name" : "99783", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/99783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131113 Dahua DVR Authentication Bypass - CVE-2013-6117", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2013/Nov/62" + }, + { + "name": "99783", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/99783" + }, + { + "name": "http://packetstormsecurity.com/files/124022/Dahua-DVR-Authentication-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/124022/Dahua-DVR-Authentication-Bypass.html" + }, + { + "name": "29673", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/29673" + }, + { + "name": "http://blog.depthsecurity.com/2013/11/dahua-dvr-authentication-bypass-cve.html", + "refsource": "MISC", + "url": "http://blog.depthsecurity.com/2013/11/dahua-dvr-authentication-bypass-cve.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6673.json b/2013/6xxx/CVE-2013-6673.json index fba736e862c..60b5fa0cce8 100644 --- a/2013/6xxx/CVE-2013-6673.json +++ b/2013/6xxx/CVE-2013-6673.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-6673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-113.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-113.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=917380", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=917380" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "FEDORA-2013-23127", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html" - }, - { - "name" : "FEDORA-2013-23291", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html" - }, - { - "name" : "FEDORA-2013-23295", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html" - }, - { - "name" : "FEDORA-2013-23519", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "openSUSE-SU-2013:1957", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html" - }, - { - "name" : "openSUSE-SU-2013:1958", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html" - }, - { - "name" : "openSUSE-SU-2013:1959", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html" - }, - { - "name" : "openSUSE-SU-2014:0008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html" - }, - { - "name" : "SUSE-SU-2013:1919", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html" - }, - { - "name" : "openSUSE-SU-2013:1916", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html" - }, - { - "name" : "openSUSE-SU-2013:1917", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html" - }, - { - "name" : "openSUSE-SU-2013:1918", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html" - }, - { - "name" : "USN-2052-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2052-1" - }, - { - "name" : "USN-2053-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2053-1" - }, - { - "name" : "64213", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64213" - }, - { - "name" : "1029470", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029470" - }, - { - "name" : "1029476", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029476" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64213", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64213" + }, + { + "name": "openSUSE-SU-2013:1958", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html" + }, + { + "name": "SUSE-SU-2013:1919", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html" + }, + { + "name": "openSUSE-SU-2013:1957", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html" + }, + { + "name": "FEDORA-2013-23127", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html" + }, + { + "name": "FEDORA-2013-23519", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html" + }, + { + "name": "1029470", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029470" + }, + { + "name": "openSUSE-SU-2013:1917", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html" + }, + { + "name": "openSUSE-SU-2013:1959", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "openSUSE-SU-2013:1916", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html" + }, + { + "name": "openSUSE-SU-2014:0008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html" + }, + { + "name": "1029476", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029476" + }, + { + "name": "openSUSE-SU-2013:1918", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html" + }, + { + "name": "FEDORA-2013-23291", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html" + }, + { + "name": "USN-2052-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2052-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=917380", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=917380" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-113.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-113.html" + }, + { + "name": "USN-2053-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2053-1" + }, + { + "name": "FEDORA-2013-23295", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6900.json b/2013/6xxx/CVE-2013-6900.json index f89a433c9b8..0f5640c11d3 100644 --- a/2013/6xxx/CVE-2013-6900.json +++ b/2013/6xxx/CVE-2013-6900.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-6900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cs.cybozu.co.jp/information/20131202up01.php", - "refsource" : "MISC", - "url" : "http://cs.cybozu.co.jp/information/20131202up01.php" - }, - { - "name" : "https://support.cybozu.com/ja-jp/article/6153", - "refsource" : "CONFIRM", - "url" : "https://support.cybozu.com/ja-jp/article/6153" - }, - { - "name" : "JVN#23981867", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN23981867/index.html" - }, - { - "name" : "JVNDB-2013-000113", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cs.cybozu.co.jp/information/20131202up01.php", + "refsource": "MISC", + "url": "http://cs.cybozu.co.jp/information/20131202up01.php" + }, + { + "name": "JVNDB-2013-000113", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113" + }, + { + "name": "JVN#23981867", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN23981867/index.html" + }, + { + "name": "https://support.cybozu.com/ja-jp/article/6153", + "refsource": "CONFIRM", + "url": "https://support.cybozu.com/ja-jp/article/6153" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7010.json b/2013/7xxx/CVE-2013-7010.json index 9920302099e..100add84a86 100644 --- a/2013/7xxx/CVE-2013-7010.json +++ b/2013/7xxx/CVE-2013-7010.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/11/26/7" - }, - { - "name" : "[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/12/08/3" - }, - { - "name" : "http://ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/security.html" - }, - { - "name" : "https://github.com/FFmpeg/FFmpeg/commit/454a11a1c9c686c78aa97954306fb63453299760", - "refsource" : "CONFIRM", - "url" : "https://github.com/FFmpeg/FFmpeg/commit/454a11a1c9c686c78aa97954306fb63453299760" - }, - { - "name" : "http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v9.11", - "refsource" : "CONFIRM", - "url" : "http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v9.11" - }, - { - "name" : "DSA-2855", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2855" - }, - { - "name" : "GLSA-201603-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-06" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2855", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2855" + }, + { + "name": "GLSA-201603-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-06" + }, + { + "name": "http://ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/security.html" + }, + { + "name": "[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/12/08/3" + }, + { + "name": "https://github.com/FFmpeg/FFmpeg/commit/454a11a1c9c686c78aa97954306fb63453299760", + "refsource": "CONFIRM", + "url": "https://github.com/FFmpeg/FFmpeg/commit/454a11a1c9c686c78aa97954306fb63453299760" + }, + { + "name": "http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v9.11", + "refsource": "CONFIRM", + "url": "http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v9.11" + }, + { + "name": "[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/11/26/7" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10112.json b/2017/10xxx/CVE-2017-10112.json index 04fd1030716..996ff1ab398 100644 --- a/2017/10xxx/CVE-2017-10112.json +++ b/2017/10xxx/CVE-2017-10112.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "iStore", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.1" - }, - { - "version_affected" : "=", - "version_value" : "12.1.2" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User Registration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iStore", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.1" + }, + { + "version_affected": "=", + "version_value": "12.1.2" + }, + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99663", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99663" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User Registration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99663", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99663" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10229.json b/2017/10xxx/CVE-2017-10229.json index f8a6c73592c..251c092025a 100644 --- a/2017/10xxx/CVE-2017-10229.json +++ b/2017/10xxx/CVE-2017-10229.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10229", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Cruise Materials Management", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "7.30.562" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Cruise Materials Management component of Oracle Hospitality Applications (subcomponent: Event Viewer). The supported version that is affected is 7.30.562. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Materials Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Materials Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Materials Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Materials Management accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10229", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Cruise Materials Management", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.30.562" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99691", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99691" - }, - { - "name" : "1038941", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Cruise Materials Management component of Oracle Hospitality Applications (subcomponent: Event Viewer). The supported version that is affected is 7.30.562. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Materials Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Materials Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Materials Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Materials Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99691", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99691" + }, + { + "name": "1038941", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038941" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10297.json b/2017/10xxx/CVE-2017-10297.json index 4c4238ec8ba..442429aaa98 100644 --- a/2017/10xxx/CVE-2017-10297.json +++ b/2017/10xxx/CVE-2017-10297.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10297", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10297", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10657.json b/2017/10xxx/CVE-2017-10657.json index 35bc4268851..18e3e7f0d9a 100644 --- a/2017/10xxx/CVE-2017-10657.json +++ b/2017/10xxx/CVE-2017-10657.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10657", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-10657", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10973.json b/2017/10xxx/CVE-2017-10973.json index 38c3b1915d3..cdc16fee771 100644 --- a/2017/10xxx/CVE-2017-10973.json +++ b/2017/10xxx/CVE-2017-10973.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/andrzuk/FineCMS/pull/10", - "refsource" : "CONFIRM", - "url" : "https://github.com/andrzuk/FineCMS/pull/10" - }, - { - "name" : "https://github.com/andrzuk/FineCMS/pull/11", - "refsource" : "CONFIRM", - "url" : "https://github.com/andrzuk/FineCMS/pull/11" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/andrzuk/FineCMS/pull/11", + "refsource": "CONFIRM", + "url": "https://github.com/andrzuk/FineCMS/pull/11" + }, + { + "name": "https://github.com/andrzuk/FineCMS/pull/10", + "refsource": "CONFIRM", + "url": "https://github.com/andrzuk/FineCMS/pull/10" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12647.json b/2017/12xxx/CVE-2017-12647.json index 19eddae182f..25168e3ea72 100644 --- a/2017/12xxx/CVE-2017-12647.json +++ b/2017/12xxx/CVE-2017-12647.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities", - "refsource" : "CONFIRM", - "url" : "https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities" - }, - { - "name" : "https://github.com/brianchandotcom/liferay-portal/pull/48901", - "refsource" : "CONFIRM", - "url" : "https://github.com/brianchandotcom/liferay-portal/pull/48901" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/brianchandotcom/liferay-portal/pull/48901", + "refsource": "CONFIRM", + "url": "https://github.com/brianchandotcom/liferay-portal/pull/48901" + }, + { + "name": "https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities", + "refsource": "CONFIRM", + "url": "https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13464.json b/2017/13xxx/CVE-2017-13464.json index a6521dd6235..1712d85f507 100644 --- a/2017/13xxx/CVE-2017-13464.json +++ b/2017/13xxx/CVE-2017-13464.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13464", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13464", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13552.json b/2017/13xxx/CVE-2017-13552.json index 6b5c9baa661..f2b082cef61 100644 --- a/2017/13xxx/CVE-2017-13552.json +++ b/2017/13xxx/CVE-2017-13552.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13552", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13552", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13589.json b/2017/13xxx/CVE-2017-13589.json index 084997f010d..b8d1f032d0e 100644 --- a/2017/13xxx/CVE-2017-13589.json +++ b/2017/13xxx/CVE-2017-13589.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13589", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13589", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13903.json b/2017/13xxx/CVE-2017-13903.json index 94ef89baeeb..8adbfe751e9 100644 --- a/2017/13xxx/CVE-2017-13903.json +++ b/2017/13xxx/CVE-2017-13903.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-13903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the \"HomeKit\" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by use of an Apple Watch to obtain an encryption key and unlock a door." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-13903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.engadget.com/2017/12/21/apple-ignored-a-major-homekit-security-flaw-for-six-weeks/", - "refsource" : "MISC", - "url" : "https://www.engadget.com/2017/12/21/apple-ignored-a-major-homekit-security-flaw-for-six-weeks/" - }, - { - "name" : "https://support.apple.com/HT208357", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208357" - }, - { - "name" : "https://support.apple.com/HT208359", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208359" - }, - { - "name" : "102182", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102182" - }, - { - "name" : "1040008", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the \"HomeKit\" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by use of an Apple Watch to obtain an encryption key and unlock a door." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208359", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208359" + }, + { + "name": "https://www.engadget.com/2017/12/21/apple-ignored-a-major-homekit-security-flaw-for-six-weeks/", + "refsource": "MISC", + "url": "https://www.engadget.com/2017/12/21/apple-ignored-a-major-homekit-security-flaw-for-six-weeks/" + }, + { + "name": "1040008", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040008" + }, + { + "name": "102182", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102182" + }, + { + "name": "https://support.apple.com/HT208357", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208357" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17481.json b/2017/17xxx/CVE-2017-17481.json index f640022c483..c311f11c625 100644 --- a/2017/17xxx/CVE-2017-17481.json +++ b/2017/17xxx/CVE-2017-17481.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17481", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17481", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17526.json b/2017/17xxx/CVE-2017-17526.json index a326b0b8465..da8254da24d 100644 --- a/2017/17xxx/CVE-2017-17526.json +++ b/2017/17xxx/CVE-2017-17526.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security-tracker.debian.org/tracker/CVE-2017-17526", - "refsource" : "MISC", - "url" : "https://security-tracker.debian.org/tracker/CVE-2017-17526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security-tracker.debian.org/tracker/CVE-2017-17526", + "refsource": "MISC", + "url": "https://security-tracker.debian.org/tracker/CVE-2017-17526" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17799.json b/2017/17xxx/CVE-2017-17799.json index 8137f626064..8e5af98ff5f 100644 --- a/2017/17xxx/CVE-2017-17799.json +++ b/2017/17xxx/CVE-2017-17799.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x82730068." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/8.5.65/0x82730068", - "refsource" : "MISC", - "url" : "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/8.5.65/0x82730068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x82730068." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/8.5.65/0x82730068", + "refsource": "MISC", + "url": "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/8.5.65/0x82730068" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17800.json b/2017/17xxx/CVE-2017-17800.json index b74d9401bcb..7ca90671111 100644 --- a/2017/17xxx/CVE-2017-17800.json +++ b/2017/17xxx/CVE-2017-17800.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273A0A0, a different vulnerability than CVE-2017-17798." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/8.5.65/0x8273A0A0", - "refsource" : "MISC", - "url" : "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/8.5.65/0x8273A0A0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273A0A0, a different vulnerability than CVE-2017-17798." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/8.5.65/0x8273A0A0", + "refsource": "MISC", + "url": "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/8.5.65/0x8273A0A0" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9280.json b/2017/9xxx/CVE-2017-9280.json index db7c98d2181..5850b02e418 100644 --- a/2017/9xxx/CVE-2017-9280.json +++ b/2017/9xxx/CVE-2017-9280.json @@ -1,100 +1,100 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@suse.com", - "DATE_PUBLIC" : "2017-09-11T00:00:00.000Z", - "ID" : "CVE-2017-9280", - "STATE" : "PUBLIC", - "TITLE" : "Novell Identity Manager User Application get request url contains the session token." - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2017-09-11T00:00:00.000Z", + "ID": "CVE-2017-9280", + "STATE": "PUBLIC", + "TITLE": "Novell Identity Manager User Application get request url contains the session token." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Identity Manager Applications", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "4.5.6.1" + } + ] + } + } + ] + }, + "vendor_name": "NetIQ" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Identity Manager Applications", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "4.5.6.1" - } - ] - } - } - ] - }, - "vendor_name" : "NetIQ" + "lang": "eng", + "value": "Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 4.3, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "NONE", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "information exposure due to unencrypted credentials in GET Urls" - } - ] - }, - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-598" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1049143", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1049143" - }, - { - "name" : "https://download.novell.com/Download?buildid=K7lbPAGJyIk~", - "refsource" : "CONFIRM", - "url" : "https://download.novell.com/Download?buildid=K7lbPAGJyIk~" - } - ] - }, - "source" : { - "defect" : [ - "1049143" - ], - "discovery" : "EXTERNAL" - } -} + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information exposure due to unencrypted credentials in GET Urls" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-598" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://download.novell.com/Download?buildid=K7lbPAGJyIk~", + "refsource": "CONFIRM", + "url": "https://download.novell.com/Download?buildid=K7lbPAGJyIk~" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1049143", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1049143" + } + ] + }, + "source": { + "defect": [ + "1049143" + ], + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0129.json b/2018/0xxx/CVE-2018-0129.json index cd0f5fc03ad..6c3fc8ad288 100644 --- a/2018/0xxx/CVE-2018-0129.json +++ b/2018/0xxx/CVE-2018-0129.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Data Center Analytics Framework", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Data Center Analytics Framework" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvh02088." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Data Center Analytics Framework", + "version": { + "version_data": [ + { + "version_value": "Cisco Data Center Analytics Framework" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-dcaf1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-dcaf1" - }, - { - "name" : "102959", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102959" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvh02088." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-dcaf1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-dcaf1" + }, + { + "name": "102959", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102959" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0432.json b/2018/0xxx/CVE-2018-0432.json index 9f108efb621..a6bf3bd63bc 100644 --- a/2018/0xxx/CVE-2018-0432.json +++ b/2018/0xxx/CVE-2018-0432.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-09-05T16:00:00-0500", - "ID" : "CVE-2018-0432", - "STATE" : "PUBLIC", - "TITLE" : "Cisco SD-WAN Solution Privilege Escalation Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco SD-WAN Solution ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the error reporting application configuration. An attacker could exploit this vulnerability by sending a crafted command to the error reporting feature. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "8.8", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-264" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-09-05T16:00:00-0500", + "ID": "CVE-2018-0432", + "STATE": "PUBLIC", + "TITLE": "Cisco SD-WAN Solution Privilege Escalation Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco SD-WAN Solution ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180905 Cisco SD-WAN Solution Privilege Escalation Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-escalation" - }, - { - "name" : "105296", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105296" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20180905-sd-wan-escalation", - "defect" : [ - [ - "CSCvi69801" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the error reporting application configuration. An attacker could exploit this vulnerability by sending a crafted command to the error reporting feature. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.8", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105296", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105296" + }, + { + "name": "20180905 Cisco SD-WAN Solution Privilege Escalation Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-escalation" + } + ] + }, + "source": { + "advisory": "cisco-sa-20180905-sd-wan-escalation", + "defect": [ + [ + "CSCvi69801" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0817.json b/2018/0xxx/CVE-2018-0817.json index 14caabcba48..2f48dc61691 100644 --- a/2018/0xxx/CVE-2018-0817.json +++ b/2018/0xxx/CVE-2018-0817.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-03-14T00:00:00", - "ID" : "CVE-2018-0817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka \"Windows GDI Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0815 and CVE-2018-0816." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-03-14T00:00:00", + "ID": "CVE-2018-0817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0817", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0817" - }, - { - "name" : "103249", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103249" - }, - { - "name" : "1040515", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040515" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka \"Windows GDI Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0815 and CVE-2018-0816." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0817", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0817" + }, + { + "name": "1040515", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040515" + }, + { + "name": "103249", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103249" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18205.json b/2018/18xxx/CVE-2018-18205.json index 1d4de38aa7a..defcc011235 100644 --- a/2018/18xxx/CVE-2018-18205.json +++ b/2018/18xxx/CVE-2018-18205.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Topvision CC8800 CMTS C-E devices allow remote attackers to obtain sensitive information via a direct request for /WebContent/startup.tar.gz with userName=admin in a cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cnvd.org.cn/flaw/show/1420913", - "refsource" : "MISC", - "url" : "http://www.cnvd.org.cn/flaw/show/1420913" - }, - { - "name" : "https://github.com/pudding2/CC8800-CMTS", - "refsource" : "MISC", - "url" : "https://github.com/pudding2/CC8800-CMTS" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Topvision CC8800 CMTS C-E devices allow remote attackers to obtain sensitive information via a direct request for /WebContent/startup.tar.gz with userName=admin in a cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cnvd.org.cn/flaw/show/1420913", + "refsource": "MISC", + "url": "http://www.cnvd.org.cn/flaw/show/1420913" + }, + { + "name": "https://github.com/pudding2/CC8800-CMTS", + "refsource": "MISC", + "url": "https://github.com/pudding2/CC8800-CMTS" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18660.json b/2018/18xxx/CVE-2018-18660.json index cb5bb9205a6..e2b0ddeeb6c 100644 --- a/2018/18xxx/CVE-2018-18660.json +++ b/2018/18xxx/CVE-2018-18660.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18660", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18660", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.arcserve.com/s/article/360001392563?language=en_US", - "refsource" : "MISC", - "url" : "https://support.arcserve.com/s/article/360001392563?language=en_US" - }, - { - "name" : "https://support.arcserve.com/s/article/Security-vulnerabilities-with-Arcserve-UDP-and-fixes-for-them?language=en_US", - "refsource" : "MISC", - "url" : "https://support.arcserve.com/s/article/Security-vulnerabilities-with-Arcserve-UDP-and-fixes-for-them?language=en_US" - }, - { - "name" : "https://www.digitaldefense.com/blog/zero-day-alerts/arcserve-disclosure/", - "refsource" : "MISC", - "url" : "https://www.digitaldefense.com/blog/zero-day-alerts/arcserve-disclosure/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.arcserve.com/s/article/360001392563?language=en_US", + "refsource": "MISC", + "url": "https://support.arcserve.com/s/article/360001392563?language=en_US" + }, + { + "name": "https://www.digitaldefense.com/blog/zero-day-alerts/arcserve-disclosure/", + "refsource": "MISC", + "url": "https://www.digitaldefense.com/blog/zero-day-alerts/arcserve-disclosure/" + }, + { + "name": "https://support.arcserve.com/s/article/Security-vulnerabilities-with-Arcserve-UDP-and-fixes-for-them?language=en_US", + "refsource": "MISC", + "url": "https://support.arcserve.com/s/article/Security-vulnerabilities-with-Arcserve-UDP-and-fixes-for-them?language=en_US" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19042.json b/2018/19xxx/CVE-2018-19042.json index abfab63df07..85b168f5974 100644 --- a/2018/19xxx/CVE-2018-19042.json +++ b/2018/19xxx/CVE-2018-19042.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dir_from and dir_to parameters of an mrelocator_move action to the wp-admin/admin-ajax.php URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45809", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45809/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dir_from and dir_to parameters of an mrelocator_move action to the wp-admin/admin-ajax.php URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45809", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45809/" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19053.json b/2018/19xxx/CVE-2018-19053.json index f3fd5a122be..b8703eceb48 100644 --- a/2018/19xxx/CVE-2018-19053.json +++ b/2018/19xxx/CVE-2018-19053.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a \"SET GLOBAL general_log_file\" statement, followed by a SELECT statement containing this PHP code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Pbootcms/Pbootcms/issues/2", - "refsource" : "MISC", - "url" : "https://github.com/Pbootcms/Pbootcms/issues/2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a \"SET GLOBAL general_log_file\" statement, followed by a SELECT statement containing this PHP code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Pbootcms/Pbootcms/issues/2", + "refsource": "MISC", + "url": "https://github.com/Pbootcms/Pbootcms/issues/2" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19140.json b/2018/19xxx/CVE-2018-19140.json index 41307480a77..4a5add510fb 100644 --- a/2018/19xxx/CVE-2018-19140.json +++ b/2018/19xxx/CVE-2018-19140.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19140", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19140", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19467.json b/2018/19xxx/CVE-2018-19467.json index e7c1948618e..6beabf93d8b 100644 --- a/2018/19xxx/CVE-2018-19467.json +++ b/2018/19xxx/CVE-2018-19467.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19467", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19467", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19821.json b/2018/19xxx/CVE-2018-19821.json index 105e91653f0..1e35773fc8a 100644 --- a/2018/19xxx/CVE-2018-19821.json +++ b/2018/19xxx/CVE-2018-19821.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page \"/VPortal/mgtconsole/SecurityPolicies.jsp\" has reflected XSS via the ConnPoolName parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Dec/20" - }, - { - "name" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page \"/VPortal/mgtconsole/SecurityPolicies.jsp\" has reflected XSS via the ConnPoolName parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html" + }, + { + "name": "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Dec/20" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19866.json b/2018/19xxx/CVE-2018-19866.json index cb23fa7211e..e24e0c29358 100644 --- a/2018/19xxx/CVE-2018-19866.json +++ b/2018/19xxx/CVE-2018-19866.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19866", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19866", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1115.json b/2018/1xxx/CVE-2018-1115.json index 4e8a26867e8..330030d65ce 100644 --- a/2018/1xxx/CVE-2018-1115.json +++ b/2018/1xxx/CVE-2018-1115.json @@ -1,100 +1,100 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-1115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "postgresql", - "version" : { - "version_data" : [ - { - "version_value" : "postegresql 10.4" - }, - { - "version_value" : " postegresql 9.6.9" - } - ] - } - } - ] - }, - "vendor_name" : "" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-284" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-1115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "postgresql", + "version": { + "version_data": [ + { + "version_value": "postegresql 10.4" + }, + { + "version_value": " postegresql 9.6.9" + } + ] + } + } + ] + }, + "vendor_name": "" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1115", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1115" - }, - { - "name" : "https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=7b34740", - "refsource" : "CONFIRM", - "url" : "https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=7b34740" - }, - { - "name" : "GLSA-201810-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201810-08" - }, - { - "name" : "RHSA-2018:2565", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2565" - }, - { - "name" : "RHSA-2018:2566", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2566" - }, - { - "name" : "104285", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201810-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201810-08" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1115", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1115" + }, + { + "name": "RHSA-2018:2566", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2566" + }, + { + "name": "RHSA-2018:2565", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2565" + }, + { + "name": "104285", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104285" + }, + { + "name": "https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=7b34740", + "refsource": "CONFIRM", + "url": "https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=7b34740" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1183.json b/2018/1xxx/CVE-2018-1183.json index 79f4acddfd6..0afa893490f 100644 --- a/2018/1xxx/CVE-2018-1183.json +++ b/2018/1xxx/CVE-2018-1183.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "DATE_PUBLIC" : "2018-04-25T00:00:00", - "ID" : "CVE-2018-1183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Dell EMC Unisphere for VMAX Virtual Appliance, Dell EMC Solutions Enabler Virtual Appliance, Dell EMC VASA Provider Virtual Appliance, Dell EMC SMIS, Dell EMC VMAX Embedded Management (eManagement), Dell EMC VNX2 Operating Environment (OE) for File, Dell EMC VNX2 Operating Environment (OE) for Block, Dell EMC VNX1 Operating Environment (OE) for File, Dell EMC VNX1 Operating Environment (OE) for Block, Dell EMC VNXe3200 Operating Environment (OE), Dell EMC VNXe1600 Operating Environment (OE), Dell EMC VNXe 3100/3150/3300 Operating Environment (OE), Dell EMC ViPR SRM, Dell EMC ViPR SRM, Dell EMC XtremIO, Dell EMC VMAX eNAS, Dell EMC Unity Operating Environment (OE)", - "version" : { - "version_data" : [ - { - "version_value" : "Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.231, Dell EMC VNX1 Operating Environment (OE) for File versions prior to 7.1.82.0, Dell EMC VNX1 Operating Environment (OE) for Block versions prior to 05.32.000.5.225, Dell EMC VNXe3200 Operating Environment (OE) all versions, Dell EMC VNXe1600 Operating Environment (OE) versions prior to 3.1.9.9570228, Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions, Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 (only if using Dell EMC Host Interface for Windows), Dell EMC ViPR SRM versions 4.0, 4.0.1, 4.0.2, 4.0.3 (only if using Dell EMC Host Interface for Windows), Dell EMC XtremIO versions 4.x, Dell EMC VMAX eNAS version 8.x, Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968" - } - ] - } - } - ] - }, - "vendor_name" : "Dell EMC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.231, Dell EMC VNX1 Operating Environment (OE) for File versions prior to 7.1.82.0, Dell EMC VNX1 Operating Environment (OE) for Block versions prior to 05.32.000.5.225, Dell EMC VNXe3200 Operating Environment (OE) all versions, Dell EMC VNXe1600 Operating Environment (OE) versions prior to 3.1.9.9570228, Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions, Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 (only if using Dell EMC Host Interface for Windows), Dell EMC ViPR SRM versions 4.0, 4.0.1, 4.0.2, 4.0.3 (only if using Dell EMC Host Interface for Windows), Dell EMC XtremIO versions 4.x, Dell EMC VMAX eNAS version 8.x, Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968, ECOM is affected by a XXE injection vulnerability due to the configuration of the XML parser shipped with the product. XXE Injection attack may occur when XML input containing a reference to an external entity (defined by the attacker) is processed by an affected XML parser. XXE Injection may allow attackers to gain unauthorized access to files containing sensitive information or may be used to cause denial-of-service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XXE injection vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-04-25T00:00:00", + "ID": "CVE-2018-1183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dell EMC Unisphere for VMAX Virtual Appliance, Dell EMC Solutions Enabler Virtual Appliance, Dell EMC VASA Provider Virtual Appliance, Dell EMC SMIS, Dell EMC VMAX Embedded Management (eManagement), Dell EMC VNX2 Operating Environment (OE) for File, Dell EMC VNX2 Operating Environment (OE) for Block, Dell EMC VNX1 Operating Environment (OE) for File, Dell EMC VNX1 Operating Environment (OE) for Block, Dell EMC VNXe3200 Operating Environment (OE), Dell EMC VNXe1600 Operating Environment (OE), Dell EMC VNXe 3100/3150/3300 Operating Environment (OE), Dell EMC ViPR SRM, Dell EMC ViPR SRM, Dell EMC XtremIO, Dell EMC VMAX eNAS, Dell EMC Unity Operating Environment (OE)", + "version": { + "version_data": [ + { + "version_value": "Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.231, Dell EMC VNX1 Operating Environment (OE) for File versions prior to 7.1.82.0, Dell EMC VNX1 Operating Environment (OE) for Block versions prior to 05.32.000.5.225, Dell EMC VNXe3200 Operating Environment (OE) all versions, Dell EMC VNXe1600 Operating Environment (OE) versions prior to 3.1.9.9570228, Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions, Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 (only if using Dell EMC Host Interface for Windows), Dell EMC ViPR SRM versions 4.0, 4.0.1, 4.0.2, 4.0.3 (only if using Dell EMC Host Interface for Windows), Dell EMC XtremIO versions 4.x, Dell EMC VMAX eNAS version 8.x, Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968" + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180425 DSA-2018-013: Dell EMC ECOM XML External Entity Injection Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Apr/61" - }, - { - "name" : "104024", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.231, Dell EMC VNX1 Operating Environment (OE) for File versions prior to 7.1.82.0, Dell EMC VNX1 Operating Environment (OE) for Block versions prior to 05.32.000.5.225, Dell EMC VNXe3200 Operating Environment (OE) all versions, Dell EMC VNXe1600 Operating Environment (OE) versions prior to 3.1.9.9570228, Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions, Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 (only if using Dell EMC Host Interface for Windows), Dell EMC ViPR SRM versions 4.0, 4.0.1, 4.0.2, 4.0.3 (only if using Dell EMC Host Interface for Windows), Dell EMC XtremIO versions 4.x, Dell EMC VMAX eNAS version 8.x, Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968, ECOM is affected by a XXE injection vulnerability due to the configuration of the XML parser shipped with the product. XXE Injection attack may occur when XML input containing a reference to an external entity (defined by the attacker) is processed by an affected XML parser. XXE Injection may allow attackers to gain unauthorized access to files containing sensitive information or may be used to cause denial-of-service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XXE injection vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180425 DSA-2018-013: Dell EMC ECOM XML External Entity Injection Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Apr/61" + }, + { + "name": "104024", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104024" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1765.json b/2018/1xxx/CVE-2018-1765.json index 17c1a0eb99b..7493a1b0c4b 100644 --- a/2018/1xxx/CVE-2018-1765.json +++ b/2018/1xxx/CVE-2018-1765.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1765", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1765", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1812.json b/2018/1xxx/CVE-2018-1812.json index 85db4925a96..2437068773d 100644 --- a/2018/1xxx/CVE-2018-1812.json +++ b/2018/1xxx/CVE-2018-1812.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-10-02T00:00:00", - "ID" : "CVE-2018-1812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Robotic Process Automation with Automation Anywhere", - "version" : { - "version_data" : [ - { - "version_value" : "10" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to persistent cross-site scripting, caused by missing escaping of a database field. An attacker that has access to the Control Room database could exploit this vulnerability to execute script in a victim's web browser within the security context of the hosting Web site, once victim opens a certain page in Control Room. IBM X-Force ID: 149883." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-10-02T00:00:00", + "ID": "CVE-2018-1812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Robotic Process Automation with Automation Anywhere", + "version": { + "version_data": [ + { + "version_value": "10" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10731925", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10731925" - }, - { - "name" : "ibm-robotic-cve20181812-xss(149883)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149883" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to persistent cross-site scripting, caused by missing escaping of a database field. An attacker that has access to the Control Room database could exploit this vulnerability to execute script in a victim's web browser within the security context of the hosting Web site, once victim opens a certain page in Control Room. IBM X-Force ID: 149883." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10731925", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10731925" + }, + { + "name": "ibm-robotic-cve20181812-xss(149883)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149883" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1831.json b/2018/1xxx/CVE-2018-1831.json index d3838db9937..f76e4390946 100644 --- a/2018/1xxx/CVE-2018-1831.json +++ b/2018/1xxx/CVE-2018-1831.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1831", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1831", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file