diff --git a/2004/0xxx/CVE-2004-0232.json b/2004/0xxx/CVE-2004-0232.json index 906c93bb6ed..90dd1e8775f 100644 --- a/2004/0xxx/CVE-2004-0232.json +++ b/2004/0xxx/CVE-2004-0232.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-497", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-497" - }, - { - "name" : "MDKSA-2004:039", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:039" - }, - { - "name" : "SuSE-SA:2004:012", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_12_mc.html" - }, - { - "name" : "RHSA-2004:172", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-172.html" - }, - { - "name" : "GLSA-200405-21", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200405-21.xml" - }, - { - "name" : "midnight-commander-format-string(16021)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16021" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SuSE-SA:2004:012", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_12_mc.html" + }, + { + "name": "GLSA-200405-21", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200405-21.xml" + }, + { + "name": "midnight-commander-format-string(16021)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16021" + }, + { + "name": "MDKSA-2004:039", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:039" + }, + { + "name": "DSA-497", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-497" + }, + { + "name": "RHSA-2004:172", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-172.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0301.json b/2004/0xxx/CVE-2004-0301.json index 7451b97fa39..97848525415 100644 --- a/2004/0xxx/CVE-2004-0301.json +++ b/2004/0xxx/CVE-2004-0301.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in more.php for Online Store Kit 3.0 allows remote attackers to inject arbitrary HTML via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.systemsecure.org/advisories/ssadvisory16022004.php", - "refsource" : "MISC", - "url" : "http://www.systemsecure.org/advisories/ssadvisory16022004.php" - }, - { - "name" : "9676", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9676" - }, - { - "name" : "1009079", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/alerts/2004/Feb/1009079.html" - }, - { - "name" : "10902", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10902/" - }, - { - "name" : "onlinestorekit-more-xss(15235)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in more.php for Online Store Kit 3.0 allows remote attackers to inject arbitrary HTML via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9676", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9676" + }, + { + "name": "10902", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10902/" + }, + { + "name": "http://www.systemsecure.org/advisories/ssadvisory16022004.php", + "refsource": "MISC", + "url": "http://www.systemsecure.org/advisories/ssadvisory16022004.php" + }, + { + "name": "onlinestorekit-more-xss(15235)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15235" + }, + { + "name": "1009079", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/alerts/2004/Feb/1009079.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1499.json b/2004/1xxx/CVE-2004-1499.json index ebdd016583b..3c8fa704dfe 100644 --- a/2004/1xxx/CVE-2004-1499.json +++ b/2004/1xxx/CVE-2004-1499.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary web script or HTML via the Subject field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041102 [Hat-Squad] SQL injection and XSS Vulnerabilities in HELM", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109943858026542&w=2" - }, - { - "name" : "http://www.hat-squad.com/en/000077.html", - "refsource" : "MISC", - "url" : "http://www.hat-squad.com/en/000077.html" - }, - { - "name" : "11586", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11586" - }, - { - "name" : "13079", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13079" - }, - { - "name" : "helm-subject-xss(17943)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17943" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary web script or HTML via the Subject field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13079", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13079" + }, + { + "name": "20041102 [Hat-Squad] SQL injection and XSS Vulnerabilities in HELM", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109943858026542&w=2" + }, + { + "name": "http://www.hat-squad.com/en/000077.html", + "refsource": "MISC", + "url": "http://www.hat-squad.com/en/000077.html" + }, + { + "name": "11586", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11586" + }, + { + "name": "helm-subject-xss(17943)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17943" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1689.json b/2004/1xxx/CVE-2004-1689.json index db5d118b4c2..68860512a22 100644 --- a/2004/1xxx/CVE-2004-1689.json +++ b/2004/1xxx/CVE-2004-1689.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040916 [sudo-announce] Sudo version 1.6.8p1 now available (fwd)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109537972929201&w=2" - }, - { - "name" : "http://packetstormsecurity.nl/0409-exploits/sudoedit.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.nl/0409-exploits/sudoedit.txt" - }, - { - "name" : "http://www.sudo.ws/sudo/alerts/sudoedit.html", - "refsource" : "CONFIRM", - "url" : "http://www.sudo.ws/sudo/alerts/sudoedit.html" - }, - { - "name" : "VU#424358", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/424358" - }, - { - "name" : "O-219", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-219.shtml" - }, - { - "name" : "11204", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11204" - }, - { - "name" : "10023", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10023" - }, - { - "name" : "12596", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12596" - }, - { - "name" : "sudo-sudoedit-view-files(17424)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17424" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12596", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12596" + }, + { + "name": "20040916 [sudo-announce] Sudo version 1.6.8p1 now available (fwd)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109537972929201&w=2" + }, + { + "name": "VU#424358", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/424358" + }, + { + "name": "10023", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10023" + }, + { + "name": "11204", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11204" + }, + { + "name": "O-219", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-219.shtml" + }, + { + "name": "sudo-sudoedit-view-files(17424)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17424" + }, + { + "name": "http://www.sudo.ws/sudo/alerts/sudoedit.html", + "refsource": "CONFIRM", + "url": "http://www.sudo.ws/sudo/alerts/sudoedit.html" + }, + { + "name": "http://packetstormsecurity.nl/0409-exploits/sudoedit.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.nl/0409-exploits/sudoedit.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1746.json b/2004/1xxx/CVE-2004-1746.json index ba44368025d..fb059c4428b 100644 --- a/2004/1xxx/CVE-2004-1746.json +++ b/2004/1xxx/CVE-2004-1746.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in PHP Code Snippet Library allows remote attackers to inject arbitrary web script or HTML via the (1) cat_select or (2) show parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040824 PHP Code Snippet Library Multiple Cross-Site Scripting (XSS)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109340580218818&w=2" - }, - { - "name" : "http://nikyt0x.webcindario.com/0001.txt", - "refsource" : "MISC", - "url" : "http://nikyt0x.webcindario.com/0001.txt" - }, - { - "name" : "11038", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11038" - }, - { - "name" : "12370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12370" - }, - { - "name" : "snippet-index-xss(17108)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17108" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in PHP Code Snippet Library allows remote attackers to inject arbitrary web script or HTML via the (1) cat_select or (2) show parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11038", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11038" + }, + { + "name": "http://nikyt0x.webcindario.com/0001.txt", + "refsource": "MISC", + "url": "http://nikyt0x.webcindario.com/0001.txt" + }, + { + "name": "12370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12370" + }, + { + "name": "snippet-index-xss(17108)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17108" + }, + { + "name": "20040824 PHP Code Snippet Library Multiple Cross-Site Scripting (XSS)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109340580218818&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1824.json b/2004/1xxx/CVE-2004-1824.json index 14b177bb90f..7f07e2ec8ab 100644 --- a/2004/1xxx/CVE-2004-1824.json +++ b/2004/1xxx/CVE-2004-1824.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1824", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040316 JelSoft vBulletin Multiple XSS Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107945556112453&w=2" - }, - { - "name" : "20021121 XSS bug in vBulletin", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-11/0276.html" - }, - { - "name" : "9887", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9887" - }, - { - "name" : "6226", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6226" - }, - { - "name" : "4312", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4312" - }, - { - "name" : "1009440", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009440" - }, - { - "name" : "11142", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11142" - }, - { - "name" : "vbulletin-showthread-xss(15495)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15495" - }, - { - "name" : "vbulletin-memberlist-xss(10679)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10679.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vbulletin-showthread-xss(15495)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15495" + }, + { + "name": "6226", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6226" + }, + { + "name": "1009440", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009440" + }, + { + "name": "9887", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9887" + }, + { + "name": "20040316 JelSoft vBulletin Multiple XSS Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107945556112453&w=2" + }, + { + "name": "vbulletin-memberlist-xss(10679)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10679.php" + }, + { + "name": "4312", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4312" + }, + { + "name": "20021121 XSS bug in vBulletin", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0276.html" + }, + { + "name": "11142", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11142" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0811.json b/2008/0xxx/CVE-2008-0811.json index 9caca10d2b0..f9f65b7b5d9 100644 --- a/2008/0xxx/CVE-2008-0811.json +++ b/2008/0xxx/CVE-2008-0811.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote attackers to execute arbitrary SQL commands via (1) the kid parameter to (a) mod/dl.php or (b) mod/links.php, and (2) the query parameter to search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5130", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5130" - }, - { - "name" : "27841", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27841" - }, - { - "name" : "1019430", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote attackers to execute arbitrary SQL commands via (1) the kid parameter to (a) mod/dl.php or (b) mod/links.php, and (2) the query parameter to search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5130", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5130" + }, + { + "name": "27841", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27841" + }, + { + "name": "1019430", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019430" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3237.json b/2008/3xxx/CVE-2008-3237.json index 93cf6670fbd..e4e178aefc3 100644 --- a/2008/3xxx/CVE-2008-3237.json +++ b/2008/3xxx/CVE-2008-3237.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ITechBids 7.0 Gold allows remote attackers to inject arbitrary web script or HTML via the productid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6069", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6069" - }, - { - "name" : "30215", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30215" - }, - { - "name" : "ADV-2008-2107", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2107/references" - }, - { - "name" : "31084", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31084" - }, - { - "name" : "4015", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4015" - }, - { - "name" : "itechbids-forwardtofriend-xss(43758)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43758" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ITechBids 7.0 Gold allows remote attackers to inject arbitrary web script or HTML via the productid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "itechbids-forwardtofriend-xss(43758)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43758" + }, + { + "name": "4015", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4015" + }, + { + "name": "31084", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31084" + }, + { + "name": "30215", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30215" + }, + { + "name": "ADV-2008-2107", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2107/references" + }, + { + "name": "6069", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6069" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3285.json b/2008/3xxx/CVE-2008-3285.json index c4416578424..6b0ee01523d 100644 --- a/2008/3xxx/CVE-2008-3285.json +++ b/2008/3xxx/CVE-2008-3285.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080718 [ISecAuditors Security Advisories] SmbClientParser Perl module allows remote command execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494536/100/0/threaded" - }, - { - "name" : "30290", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30290" - }, - { - "name" : "31175", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31175" - }, - { - "name" : "4027", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4027" - }, - { - "name" : "filesyssmb-directory-command-execution(43910)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31175", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31175" + }, + { + "name": "4027", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4027" + }, + { + "name": "filesyssmb-directory-command-execution(43910)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43910" + }, + { + "name": "30290", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30290" + }, + { + "name": "20080718 [ISecAuditors Security Advisories] SmbClientParser Perl module allows remote command execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494536/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4704.json b/2008/4xxx/CVE-2008-4704.json index 8e474e76c92..87a704fe0d7 100644 --- a/2008/4xxx/CVE-2008-4704.json +++ b/2008/4xxx/CVE-2008-4704.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in SezHoo 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6751", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6751" - }, - { - "name" : "31756", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31756" - }, - { - "name" : "4473", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4473" - }, - { - "name" : "sezhoo-sezhootabsandactions-file-include(45859)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45859" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in SezHoo 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31756", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31756" + }, + { + "name": "sezhoo-sezhootabsandactions-file-include(45859)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45859" + }, + { + "name": "6751", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6751" + }, + { + "name": "4473", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4473" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4898.json b/2008/4xxx/CVE-2008-4898.json index 9874627be16..7e9a88b80dc 100644 --- a/2008/4xxx/CVE-2008-4898.json +++ b/2008/4xxx/CVE-2008-4898.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in planetluc RateMe 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the rate parameter in a submit rate action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://holisticinfosec.org/content/view/85/45/", - "refsource" : "MISC", - "url" : "http://holisticinfosec.org/content/view/85/45/" - }, - { - "name" : "32069", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32069" - }, - { - "name" : "32511", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32511" - }, - { - "name" : "rateme-rate-xss(46202)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46202" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in planetluc RateMe 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the rate parameter in a submit rate action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32511", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32511" + }, + { + "name": "32069", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32069" + }, + { + "name": "rateme-rate-xss(46202)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46202" + }, + { + "name": "http://holisticinfosec.org/content/view/85/45/", + "refsource": "MISC", + "url": "http://holisticinfosec.org/content/view/85/45/" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4946.json b/2008/4xxx/CVE-2008-4946.json index ad20c854e07..c1b349a7bc5 100644 --- a/2008/4xxx/CVE-2008-4946.json +++ b/2008/4xxx/CVE-2008-4946.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "convirt 0.8.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/set_output temporary file, related to the (1) _template_/provision.sh, (2) Linux_CD_Install/provision.sh, (3) Fedora_PV_Install/provision.sh, (4) CentOS_PV_Install/provision.sh, (5) common/provision.sh, (6) example/provision.sh, and (7) Windows_CD_Install/provision.sh scripts in image_store/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2" - }, - { - "name" : "http://bugs.debian.org/496419", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/496419" - }, - { - "name" : "http://dev.gentoo.org/~rbu/security/debiantemp/convirt", - "refsource" : "CONFIRM", - "url" : "http://dev.gentoo.org/~rbu/security/debiantemp/convirt" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "convirt 0.8.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/set_output temporary file, related to the (1) _template_/provision.sh, (2) Linux_CD_Install/provision.sh, (3) Fedora_PV_Install/provision.sh, (4) CentOS_PV_Install/provision.sh, (5) common/provision.sh, (6) example/provision.sh, and (7) Windows_CD_Install/provision.sh scripts in image_store/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=235770", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770" + }, + { + "name": "http://dev.gentoo.org/~rbu/security/debiantemp/convirt", + "refsource": "CONFIRM", + "url": "http://dev.gentoo.org/~rbu/security/debiantemp/convirt" + }, + { + "name": "http://bugs.debian.org/496419", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/496419" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6242.json b/2008/6xxx/CVE-2008-6242.json index 825196759af..e194fb6ecd6 100644 --- a/2008/6xxx/CVE-2008-6242.json +++ b/2008/6xxx/CVE-2008-6242.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in SearchResults.php in Scripts For Sites (SFS) EZ e-store allows remote attackers to execute arbitrary SQL commands via the where parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6922", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6922" - }, - { - "name" : "32039", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32039" - }, - { - "name" : "32525", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32525" - }, - { - "name" : "ezestore-searchresults-sql-injection(46273)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in SearchResults.php in Scripts For Sites (SFS) EZ e-store allows remote attackers to execute arbitrary SQL commands via the where parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32039", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32039" + }, + { + "name": "32525", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32525" + }, + { + "name": "ezestore-searchresults-sql-injection(46273)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46273" + }, + { + "name": "6922", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6922" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6835.json b/2008/6xxx/CVE-2008-6835.json index 23bc8fbcff8..3d0f95f5312 100644 --- a/2008/6xxx/CVE-2008-6835.json +++ b/2008/6xxx/CVE-2008-6835.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/280592", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/280592" - }, - { - "name" : "http://drupal.org/node/280593", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/280593" - }, - { - "name" : "30165", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30165" - }, - { - "name" : "46938", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46938" - }, - { - "name" : "31027", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30165", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30165" + }, + { + "name": "46938", + "refsource": "OSVDB", + "url": "http://osvdb.org/46938" + }, + { + "name": "http://drupal.org/node/280592", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/280592" + }, + { + "name": "http://drupal.org/node/280593", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/280593" + }, + { + "name": "31027", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31027" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6929.json b/2008/6xxx/CVE-2008-6929.json index edc6e27f84a..0c3392756d4 100644 --- a/2008/6xxx/CVE-2008-6929.json +++ b/2008/6xxx/CVE-2008-6929.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in PHPStore Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in cars/cars_images/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7082", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7082" - }, - { - "name" : "50292", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50292" - }, - { - "name" : "32626", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32626" - }, - { - "name" : "ADV-2008-3098", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3098" - }, - { - "name" : "auto-carimages-file-upload(52445)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in PHPStore Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in cars/cars_images/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50292", + "refsource": "OSVDB", + "url": "http://osvdb.org/50292" + }, + { + "name": "32626", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32626" + }, + { + "name": "7082", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7082" + }, + { + "name": "ADV-2008-3098", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3098" + }, + { + "name": "auto-carimages-file-upload(52445)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52445" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7214.json b/2008/7xxx/CVE-2008-7214.json index fa05fba1527..7ebee2886e0 100644 --- a/2008/7xxx/CVE-2008-7214.json +++ b/2008/7xxx/CVE-2008-7214.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487128/100/200/threaded" - }, - { - "name" : "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html" - }, - { - "name" : "http://www.bugreport.ir/index_33.htm", - "refsource" : "MISC", - "url" : "http://www.bugreport.ir/index_33.htm" - }, - { - "name" : "http://forum.mambo-foundation.org/showthread.php?t=10158", - "refsource" : "CONFIRM", - "url" : "http://forum.mambo-foundation.org/showthread.php?t=10158" - }, - { - "name" : "42531", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42531" - }, - { - "name" : "28670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28670" - }, - { - "name" : "ADV-2008-0325", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0325" - }, - { - "name" : "mambo-connector-csrf(39985)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0325", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0325" + }, + { + "name": "mambo-connector-csrf(39985)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39985" + }, + { + "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html" + }, + { + "name": "42531", + "refsource": "OSVDB", + "url": "http://osvdb.org/42531" + }, + { + "name": "28670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28670" + }, + { + "name": "http://forum.mambo-foundation.org/showthread.php?t=10158", + "refsource": "CONFIRM", + "url": "http://forum.mambo-foundation.org/showthread.php?t=10158" + }, + { + "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded" + }, + { + "name": "http://www.bugreport.ir/index_33.htm", + "refsource": "MISC", + "url": "http://www.bugreport.ir/index_33.htm" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2219.json b/2013/2xxx/CVE-2013-2219.json index 4249e778b9a..a1f2da9ccd6 100644 --- a/2013/2xxx/CVE-2013-2219.json +++ b/2013/2xxx/CVE-2013-2219.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=979508", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=979508" - }, - { - "name" : "RHSA-2013:1116", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1116.html" - }, - { - "name" : "RHSA-2013:1119", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1119.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1119", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1119.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=979508", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=979508" + }, + { + "name": "RHSA-2013:1116", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1116.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2358.json b/2013/2xxx/CVE-2013-2358.json index c28a7d1a2b5..597397f452a 100644 --- a/2013/2xxx/CVE-2013-2358.json +++ b/2013/2xxx/CVE-2013-2358.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2359, and CVE-2013-2360." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-2358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02900", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" - }, - { - "name" : "SSRT100907", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2359, and CVE-2013-2360." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100907", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" + }, + { + "name": "HPSBMU02900", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2768.json b/2013/2xxx/CVE-2013-2768.json index eaaa921e02c..c3ef5a04ed5 100644 --- a/2013/2xxx/CVE-2013-2768.json +++ b/2013/2xxx/CVE-2013-2768.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2768", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2768", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6116.json b/2013/6xxx/CVE-2013-6116.json index cb2b63cf150..11e92726f2c 100644 --- a/2013/6xxx/CVE-2013-6116.json +++ b/2013/6xxx/CVE-2013-6116.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6116", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6116", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6476.json b/2013/6xxx/CVE-2013-6476.json index 494dc475a36..ea0ab50dae1 100644 --- a/2013/6xxx/CVE-2013-6476.json +++ b/2013/6xxx/CVE-2013-6476.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176", - "refsource" : "CONFIRM", - "url" : "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1027551", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1027551" - }, - { - "name" : "DSA-2875", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2875" - }, - { - "name" : "DSA-2876", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2876" - }, - { - "name" : "USN-2143-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2143-1" - }, - { - "name" : "USN-2144-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2144-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2144-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2144-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1027551", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027551" + }, + { + "name": "DSA-2876", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2876" + }, + { + "name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176", + "refsource": "CONFIRM", + "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176" + }, + { + "name": "USN-2143-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2143-1" + }, + { + "name": "DSA-2875", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2875" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6789.json b/2013/6xxx/CVE-2013-6789.json index cb46d059b26..5094e4af954 100644 --- a/2013/6xxx/CVE-2013-6789.json +++ b/2013/6xxx/CVE-2013-6789.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CVE-2013-2653." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130801 SilverStripe(R) Information Exposure Through Query Strings in GET Request (CWE-598)", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2013/Aug/12" - }, - { - "name" : "https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170", - "refsource" : "CONFIRM", - "url" : "https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CVE-2013-2653." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170", + "refsource": "CONFIRM", + "url": "https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170" + }, + { + "name": "20130801 SilverStripe(R) Information Exposure Through Query Strings in GET Request (CWE-598)", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2013/Aug/12" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6797.json b/2013/6xxx/CVE-2013-6797.json index 5ad9e83dc4e..0b36f223d09 100644 --- a/2013/6xxx/CVE-2013-6797.json +++ b/2013/6xxx/CVE-2013-6797.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bw_url parameter in the bw-videos page to wp-admin/admin.php, as demonstrated by embedding a URL to a JavaScript file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/", - "refsource" : "MISC", - "url" : "http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/" - }, - { - "name" : "http://wordpress.org/plugins/blue-wrench-videos-widget/changelog", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/plugins/blue-wrench-videos-widget/changelog" - }, - { - "name" : "98922", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/98922" - }, - { - "name" : "98923", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/98923" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bw_url parameter in the bw-videos page to wp-admin/admin.php, as demonstrated by embedding a URL to a JavaScript file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wordpress.org/plugins/blue-wrench-videos-widget/changelog", + "refsource": "CONFIRM", + "url": "http://wordpress.org/plugins/blue-wrench-videos-widget/changelog" + }, + { + "name": "98923", + "refsource": "OSVDB", + "url": "http://osvdb.org/98923" + }, + { + "name": "98922", + "refsource": "OSVDB", + "url": "http://osvdb.org/98922" + }, + { + "name": "http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/", + "refsource": "MISC", + "url": "http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10876.json b/2017/10xxx/CVE-2017-10876.json index 280df0e5adc..51d70e3bd5b 100644 --- a/2017/10xxx/CVE-2017-10876.json +++ b/2017/10xxx/CVE-2017-10876.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10876", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10876", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11337.json b/2017/11xxx/CVE-2017-11337.json index b363e15de03..9525729e5f0 100644 --- a/2017/11xxx/CVE-2017-11337.json +++ b/2017/11xxx/CVE-2017-11337.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1470737", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1470737" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1470737", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470737" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11642.json b/2017/11xxx/CVE-2017-11642.json index d0db6af95fb..c15b71e8019 100644 --- a/2017/11xxx/CVE-2017-11642.json +++ b/2017/11xxx/CVE-2017-11642.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html" - }, - { - "name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9", - "refsource" : "CONFIRM", - "url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9" - }, - { - "name" : "DSA-4321", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4321" - }, - { - "name" : "100395", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100395" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100395", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100395" + }, + { + "name": "DSA-4321", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4321" + }, + { + "name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html" + }, + { + "name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9", + "refsource": "CONFIRM", + "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14117.json b/2017/14xxx/CVE-2017-14117.json index 1436951a435..5a73dba2731 100644 --- a/2017/14xxx/CVE-2017-14117.json +++ b/2017/14xxx/CVE-2017-14117.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \\x2a\\xce\\x01 followed by other predictable values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/", - "refsource" : "MISC", - "url" : "https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/" - }, - { - "name" : "https://www.nomotion.net/blog/sharknatto/", - "refsource" : "MISC", - "url" : "https://www.nomotion.net/blog/sharknatto/" - }, - { - "name" : "100585", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \\x2a\\xce\\x01 followed by other predictable values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/", + "refsource": "MISC", + "url": "https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/" + }, + { + "name": "100585", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100585" + }, + { + "name": "https://www.nomotion.net/blog/sharknatto/", + "refsource": "MISC", + "url": "https://www.nomotion.net/blog/sharknatto/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14833.json b/2017/14xxx/CVE-2017-14833.json index 6acc5e6d62d..7932b0d8c79 100644 --- a/2017/14xxx/CVE-2017-14833.json +++ b/2017/14xxx/CVE-2017-14833.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-14833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "8.3.1.21155" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of Text Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5025." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416-Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-14833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "8.3.1.21155" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-877", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-877" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of Text Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5025." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416-Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-877", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-877" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14860.json b/2017/14xxx/CVE-2017-14860.json index e8db263980d..b8f173fcaf7 100644 --- a/2017/14xxx/CVE-2017-14860.json +++ b/2017/14xxx/CVE-2017-14860.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1494776", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1494776" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1494776", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494776" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15112.json b/2017/15xxx/CVE-2017-15112.json index 1f4ed8fe367..ffdcc72fb03 100644 --- a/2017/15xxx/CVE-2017-15112.json +++ b/2017/15xxx/CVE-2017-15112.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2018-01-05T00:00:00", - "ID" : "CVE-2017-15112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "keycloak-httpd-client-install", - "version" : { - "version_data" : [ - { - "version_value" : "before 0.8" - } - ] - } - } - ] - }, - "vendor_name" : "jdennis" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2018-01-05T00:00:00", + "ID": "CVE-2017-15112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "keycloak-httpd-client-install", + "version": { + "version_data": [ + { + "version_value": "before 0.8" + } + ] + } + } + ] + }, + "vendor_name": "jdennis" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/jdennis/keycloak-httpd-client-install/commit/c3121b271abaaa1a76de2b9ae89dacde0105cd75", - "refsource" : "CONFIRM", - "url" : "https://github.com/jdennis/keycloak-httpd-client-install/commit/c3121b271abaaa1a76de2b9ae89dacde0105cd75" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jdennis/keycloak-httpd-client-install/commit/c3121b271abaaa1a76de2b9ae89dacde0105cd75", + "refsource": "CONFIRM", + "url": "https://github.com/jdennis/keycloak-httpd-client-install/commit/c3121b271abaaa1a76de2b9ae89dacde0105cd75" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15119.json b/2017/15xxx/CVE-2017-15119.json index 5c18ea0d4c5..9f8d32796f0 100644 --- a/2017/15xxx/CVE-2017-15119.json +++ b/2017/15xxx/CVE-2017-15119.json @@ -1,113 +1,113 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2017-15119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "qemu", - "version" : { - "version_data" : [ - { - "version_value" : "2.11" - } - ] - } - } - ] - }, - "vendor_name" : "QEMU" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", - "version" : "3.0" - } - ], - [ - { - "vectorString" : "4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P", - "version" : "2.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-400" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-15119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "qemu", + "version": { + "version_data": [ + { + "version_value": "2.11" + } + ] + } + } + ] + }, + "vendor_name": "QEMU" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openwall.com/lists/oss-security/2017/11/28/9", - "refsource" : "MISC", - "url" : "http://www.openwall.com/lists/oss-security/2017/11/28/9" - }, - { - "name" : "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html", - "refsource" : "MISC", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119" - }, - { - "name" : "DSA-4213", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4213" - }, - { - "name" : "RHSA-2018:1104", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1104" - }, - { - "name" : "RHSA-2018:1113", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1113" - }, - { - "name" : "USN-3575-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3575-1/" - }, - { - "name" : "102011", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102011" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", + "version": "3.0" + } + ], + [ + { + "vectorString": "4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P", + "version": "2.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html", + "refsource": "MISC", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html" + }, + { + "name": "http://www.openwall.com/lists/oss-security/2017/11/28/9", + "refsource": "MISC", + "url": "http://www.openwall.com/lists/oss-security/2017/11/28/9" + }, + { + "name": "102011", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102011" + }, + { + "name": "DSA-4213", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4213" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119" + }, + { + "name": "RHSA-2018:1104", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1104" + }, + { + "name": "RHSA-2018:1113", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1113" + }, + { + "name": "USN-3575-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3575-1/" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15384.json b/2017/15xxx/CVE-2017-15384.json index cea38224a7b..cd68ebbdabc 100644 --- a/2017/15xxx/CVE-2017-15384.json +++ b/2017/15xxx/CVE-2017-15384.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cxsecurity.com/issue/WLB-2016110122", - "refsource" : "MISC", - "url" : "https://cxsecurity.com/issue/WLB-2016110122" - }, - { - "name" : "https://packetstormsecurity.com/files/139696/ratemephp-xss.txt", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/139696/ratemephp-xss.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cxsecurity.com/issue/WLB-2016110122", + "refsource": "MISC", + "url": "https://cxsecurity.com/issue/WLB-2016110122" + }, + { + "name": "https://packetstormsecurity.com/files/139696/ratemephp-xss.txt", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/139696/ratemephp-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15825.json b/2017/15xxx/CVE-2017-15825.json index 111e60f4ced..9ae72f7ce45 100644 --- a/2017/15xxx/CVE-2017-15825.json +++ b/2017/15xxx/CVE-2017-15825.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-15825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a gpt update, an out of bounds memory access may potentially occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out of bounds Access When Accessing Partition Entries in Update gpt" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-15825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-09-01#qualcomm-components", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-09-01#qualcomm-components" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=252e22c9adb9b59c36e59e00d8b43013facec4d6", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=252e22c9adb9b59c36e59e00d8b43013facec4d6" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a gpt update, an out of bounds memory access may potentially occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds Access When Accessing Partition Entries in Update gpt" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=252e22c9adb9b59c36e59e00d8b43013facec4d6", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=252e22c9adb9b59c36e59e00d8b43013facec4d6" + }, + { + "name": "https://source.android.com/security/bulletin/2018-09-01#qualcomm-components", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-09-01#qualcomm-components" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15834.json b/2017/15xxx/CVE-2017-15834.json index e77b7769d22..768bce4326e 100644 --- a/2017/15xxx/CVE-2017-15834.json +++ b/2017/15xxx/CVE-2017-15834.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-03-05T00:00:00", - "ID" : "CVE-2017-15834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, race condition in diag_dbgfs_read_dcistats(), while accessing diag_dbgfs_dci_data_index, causes potential heap overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-03-05T00:00:00", + "ID": "CVE-2017-15834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=2e1b54e38f1516e70d9f6581c4f1ee935effb903", - "refsource" : "MISC", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=2e1b54e38f1516e70d9f6581c4f1ee935effb903" - }, - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, race condition in diag_dbgfs_read_dcistats(), while accessing diag_dbgfs_dci_data_index, causes potential heap overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=2e1b54e38f1516e70d9f6581c4f1ee935effb903", + "refsource": "MISC", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=2e1b54e38f1516e70d9f6581c4f1ee935effb903" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9136.json b/2017/9xxx/CVE-2017-9136.json index d2746796b51..11f4e6b320b 100644 --- a/2017/9xxx/CVE-2017-9136.json +++ b/2017/9xxx/CVE-2017-9136.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be used to view unsalted, MD5-hashed administrator passwords, which can then be cracked, giving the attacker full admin access to the device's web interface. This vulnerability can also be used to view the plaintext pre-shared key (PSK) for encrypted wireless connections, or to view the device's serial number (which allows an attacker to factory reset the device)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.iancaling.com/post/160596244178", - "refsource" : "MISC", - "url" : "http://blog.iancaling.com/post/160596244178" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be used to view unsalted, MD5-hashed administrator passwords, which can then be cracked, giving the attacker full admin access to the device's web interface. This vulnerability can also be used to view the plaintext pre-shared key (PSK) for encrypted wireless connections, or to view the device's serial number (which allows an attacker to factory reset the device)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.iancaling.com/post/160596244178", + "refsource": "MISC", + "url": "http://blog.iancaling.com/post/160596244178" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9763.json b/2017/9xxx/CVE-2017-9763.json index 446cd8e89e3..d1b2978b5db 100644 --- a/2017/9xxx/CVE-2017-9763.json +++ b/2017/9xxx/CVE-2017-9763.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9763", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.savannah.gnu.org/cgit/grub.git/commit/grub-core/fs/ext2.c?id=ac8cac1dac50daaf1c390d701cca3b55e16ee768", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/grub.git/commit/grub-core/fs/ext2.c?id=ac8cac1dac50daaf1c390d701cca3b55e16ee768" - }, - { - "name" : "https://github.com/radare/radare2/commit/65000a7fd9eea62359e6d6714f17b94a99a82edd", - "refsource" : "CONFIRM", - "url" : "https://github.com/radare/radare2/commit/65000a7fd9eea62359e6d6714f17b94a99a82edd" - }, - { - "name" : "https://github.com/radare/radare2/issues/7723", - "refsource" : "CONFIRM", - "url" : "https://github.com/radare/radare2/issues/7723" - }, - { - "name" : "99141", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99141" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/radare/radare2/issues/7723", + "refsource": "CONFIRM", + "url": "https://github.com/radare/radare2/issues/7723" + }, + { + "name": "http://git.savannah.gnu.org/cgit/grub.git/commit/grub-core/fs/ext2.c?id=ac8cac1dac50daaf1c390d701cca3b55e16ee768", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/grub.git/commit/grub-core/fs/ext2.c?id=ac8cac1dac50daaf1c390d701cca3b55e16ee768" + }, + { + "name": "https://github.com/radare/radare2/commit/65000a7fd9eea62359e6d6714f17b94a99a82edd", + "refsource": "CONFIRM", + "url": "https://github.com/radare/radare2/commit/65000a7fd9eea62359e6d6714f17b94a99a82edd" + }, + { + "name": "99141", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99141" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9876.json b/2017/9xxx/CVE-2017-9876.json index 28091e6f9a9..8d6088f102e 100644 --- a/2017/9xxx/CVE-2017-9876.json +++ b/2017/9xxx/CVE-2017-9876.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to \"Data from Faulting Address controls Code Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000c995.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9876", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9876" - }, - { - "name" : "http://www.irfanview.com/plugins.htm", - "refsource" : "CONFIRM", - "url" : "http://www.irfanview.com/plugins.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to \"Data from Faulting Address controls Code Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000c995.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.irfanview.com/plugins.htm", + "refsource": "CONFIRM", + "url": "http://www.irfanview.com/plugins.htm" + }, + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9876", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9876" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0192.json b/2018/0xxx/CVE-2018-0192.json index f9d33e95766..16e175e87b3 100644 --- a/2018/0xxx/CVE-2018-0192.json +++ b/2018/0xxx/CVE-2018-0192.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0192", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-0192", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0199.json b/2018/0xxx/CVE-2018-0199.json index 7a818d6b77d..93b4e359ea1 100644 --- a/2018/0xxx/CVE-2018-0199.json +++ b/2018/0xxx/CVE-2018-0199.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Jabber Client Framework", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Jabber Client Framework" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco Jabber Client Framework (JCF) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of script in attributes in a web page. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. An exploit could allow the attacker to perform remote code execution. Cisco Bug IDs: CSCve53989." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Jabber Client Framework", + "version": { + "version_data": [ + { + "version_value": "Cisco Jabber Client Framework" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-jcf", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-jcf" - }, - { - "name" : "103143", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103143" - }, - { - "name" : "1040407", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco Jabber Client Framework (JCF) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of script in attributes in a web page. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. An exploit could allow the attacker to perform remote code execution. Cisco Bug IDs: CSCve53989." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-jcf", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-jcf" + }, + { + "name": "1040407", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040407" + }, + { + "name": "103143", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103143" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0740.json b/2018/0xxx/CVE-2018-0740.json index ad5f1c283d6..cb73bb0393f 100644 --- a/2018/0xxx/CVE-2018-0740.json +++ b/2018/0xxx/CVE-2018-0740.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0740", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-0740", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0837.json b/2018/0xxx/CVE-2018-0837.json index 249c04c1cfe..571433c94a2 100644 --- a/2018/0xxx/CVE-2018-0837.json +++ b/2018/0xxx/CVE-2018-0837.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-02-13T00:00:00", - "ID" : "CVE-2018-0837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge, ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Critical" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-02-13T00:00:00", + "ID": "CVE-2018-0837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge, ChakraCore", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44081", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44081/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0837", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0837" - }, - { - "name" : "102876", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102876" - }, - { - "name" : "1040372", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Critical" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44081", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44081/" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0837", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0837" + }, + { + "name": "102876", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102876" + }, + { + "name": "1040372", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040372" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000139.json b/2018/1000xxx/CVE-2018-1000139.json index 31153eda4b3..f6bbece8587 100644 --- a/2018/1000xxx/CVE-2018-1000139.json +++ b/2018/1000xxx/CVE-2018-1000139.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "3/15/2018 22:35:10", - "ID" : "CVE-2018-1000139", - "REQUESTER" : "3022235906@qq.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "I, Librarian ", - "version" : { - "version_data" : [ - { - "version_value" : "4.8 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "I, Librarian " - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "I, Librarian version 4.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in \"id\" parameter in stable.php that can result in an attacker using the XSS to send a malicious script to an unsuspecting user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "3/15/2018 22:35:10", + "ID": "CVE-2018-1000139", + "REQUESTER": "3022235906@qq.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/mkucej/i-librarian/blob/9535753a84bc615b210802d4c9542db73368d984/stable.php#L8", - "refsource" : "MISC", - "url" : "https://github.com/mkucej/i-librarian/blob/9535753a84bc615b210802d4c9542db73368d984/stable.php#L8" - }, - { - "name" : "https://github.com/mkucej/i-librarian/issues/119", - "refsource" : "MISC", - "url" : "https://github.com/mkucej/i-librarian/issues/119" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "I, Librarian version 4.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in \"id\" parameter in stable.php that can result in an attacker using the XSS to send a malicious script to an unsuspecting user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mkucej/i-librarian/blob/9535753a84bc615b210802d4c9542db73368d984/stable.php#L8", + "refsource": "MISC", + "url": "https://github.com/mkucej/i-librarian/blob/9535753a84bc615b210802d4c9542db73368d984/stable.php#L8" + }, + { + "name": "https://github.com/mkucej/i-librarian/issues/119", + "refsource": "MISC", + "url": "https://github.com/mkucej/i-librarian/issues/119" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000631.json b/2018/1000xxx/CVE-2018-1000631.json index a6e3734ba6d..1a701f185b0 100644 --- a/2018/1000xxx/CVE-2018-1000631.json +++ b/2018/1000xxx/CVE-2018-1000631.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-07-31T16:52:42.845027", - "DATE_REQUESTED" : "2018-07-27T00:00:00", - "ID" : "CVE-2018-1000631", - "REQUESTER" : "stmoore@us.ibm.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "V2I Hub", - "version" : { - "version_data" : [ - { - "version_value" : "3" - } - ] - } - } - ] - }, - "vendor_name" : "Battelle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::user_info() function, which could allow the attacker to view, add, modify or delete information in the back-end database." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-07-31T16:52:42.845027", + "DATE_REQUESTED": "2018-07-27T00:00:00", + "ID": "CVE-2018-1000631", + "REQUESTER": "stmoore@us.ibm.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147308", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::user_info() function, which could allow the attacker to view, add, modify or delete information in the back-end database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147308", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147308" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000848.json b/2018/1000xxx/CVE-2018-1000848.json index 362c680c91d..48e4fd4b412 100644 --- a/2018/1000xxx/CVE-2018-1000848.json +++ b/2018/1000xxx/CVE-2018-1000848.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-11-27T13:54:33.486534", - "DATE_REQUESTED" : "2018-11-18T12:33:39", - "ID" : "CVE-2018-1000848", - "REQUESTER" : "wampserver@otomatic.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Wampserver", - "version" : { - "version_data" : [ - { - "version_value" : "prior to version 3.1.5" - } - ] - } - } - ] - }, - "vendor_name" : "Wampserver" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Wampserver version prior to version 3.1.5 contains a Cross Site Scripting (XSS) vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-11-27T13:54:33.486534", + "DATE_REQUESTED": "2018-11-18T12:33:39", + "ID": "CVE-2018-1000848", + "REQUESTER": "wampserver@otomatic.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forum.wampserver.com/read.php?2,153491", - "refsource" : "MISC", - "url" : "http://forum.wampserver.com/read.php?2,153491" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Wampserver version prior to version 3.1.5 contains a Cross Site Scripting (XSS) vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://forum.wampserver.com/read.php?2,153491", + "refsource": "MISC", + "url": "http://forum.wampserver.com/read.php?2,153491" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12192.json b/2018/12xxx/CVE-2018-12192.json index d253b4cbcf5..7a02be379a6 100644 --- a/2018/12xxx/CVE-2018-12192.json +++ b/2018/12xxx/CVE-2018-12192.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2019-03-12T00:00:00", - "ID" : "CVE-2018-12192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel(R) CSME, Server Platform Services, Trusted Execution Engine and Intel(R) Active Management Technology", - "version" : { - "version_data" : [ - { - "version_value" : "Multiple versions." - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before version SPS_E5_04.00.04.393.0 may allow an unauthenticated user to potentially bypass MEBx authentication via physical access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2019-03-12T00:00:00", + "ID": "CVE-2018-12192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel(R) CSME, Server Platform Services, Trusted Execution Engine and Intel(R) Active Management Technology", + "version": { + "version_data": [ + { + "version_value": "Multiple versions." + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before version SPS_E5_04.00.04.393.0 may allow an unauthenticated user to potentially bypass MEBx authentication via physical access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12674.json b/2018/12xxx/CVE-2018-12674.json index 1b0b2e1e357..3192391bc44 100644 --- a/2018/12xxx/CVE-2018-12674.json +++ b/2018/12xxx/CVE-2018-12674.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) stores the username and password within the cookies of a session. If an attacker gained access to these session cookies, it would be possible to gain access to the username and password of the logged-in account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) stores the username and password within the cookies of a session. If an attacker gained access to these session cookies, it would be possible to gain access to the username and password of the logged-in account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12803.json b/2018/12xxx/CVE-2018-12803.json index 269042096d5..7a4045231d0 100644 --- a/2018/12xxx/CVE-2018-12803.json +++ b/2018/12xxx/CVE-2018-12803.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" - }, - { - "name" : "104699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104699" - }, - { - "name" : "1041250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" + }, + { + "name": "104699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104699" + }, + { + "name": "1041250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041250" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16027.json b/2018/16xxx/CVE-2018-16027.json index 8acfa595479..cce41488522 100644 --- a/2018/16xxx/CVE-2018-16027.json +++ b/2018/16xxx/CVE-2018-16027.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-16027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-16027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" - }, - { - "name" : "106164", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106164", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106164" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16183.json b/2018/16xxx/CVE-2018-16183.json index 7258797ecfc..9ccf63984dd 100644 --- a/2018/16xxx/CVE-2018-16183.json +++ b/2018/16xxx/CVE-2018-16183.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-16183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Some pre-installed applications on Panasonic PC", - "version" : { - "version_data" : [ - { - "version_value" : "run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009" - } - ] - } - } - ] - }, - "vendor_name" : "Panasonic Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Unquoted Search Path or Element" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Some pre-installed applications on Panasonic PC", + "version": { + "version_data": [ + { + "version_value": "run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009" + } + ] + } + } + ] + }, + "vendor_name": "Panasonic Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pc-dl.panasonic.co.jp/dl/docs/077770", - "refsource" : "MISC", - "url" : "https://pc-dl.panasonic.co.jp/dl/docs/077770" - }, - { - "name" : "JVN#36895151", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN36895151/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unquoted Search Path or Element" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#36895151", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN36895151/index.html" + }, + { + "name": "https://pc-dl.panasonic.co.jp/dl/docs/077770", + "refsource": "MISC", + "url": "https://pc-dl.panasonic.co.jp/dl/docs/077770" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16954.json b/2018/16xxx/CVE-2018-16954.json index 3725e253b03..192b286bdb4 100644 --- a/2018/16xxx/CVE-2018-16954.json +++ b/2018/16xxx/CVE-2018-16954.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The login function of the portal is vulnerable to insecure redirection (also called an open redirect). The in_hi_redirect parameter is not validated by the application after a successful login. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://seclists.org/fulldisclosure/2018/Sep/22", - "refsource" : "MISC", - "url" : "https://seclists.org/fulldisclosure/2018/Sep/22" - }, - { - "name" : "105350", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105350" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The login function of the portal is vulnerable to insecure redirection (also called an open redirect). The in_hi_redirect parameter is not validated by the application after a successful login. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://seclists.org/fulldisclosure/2018/Sep/22", + "refsource": "MISC", + "url": "https://seclists.org/fulldisclosure/2018/Sep/22" + }, + { + "name": "105350", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105350" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16970.json b/2018/16xxx/CVE-2018-16970.json index 2f791788298..d31df11e862 100644 --- a/2018/16xxx/CVE-2018-16970.json +++ b/2018/16xxx/CVE-2018-16970.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.ziaurrashid.com/wisetail-learning-ecosystem-multiple-idor-vunlerability/", - "refsource" : "MISC", - "url" : "https://blog.ziaurrashid.com/wisetail-learning-ecosystem-multiple-idor-vunlerability/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.ziaurrashid.com/wisetail-learning-ecosystem-multiple-idor-vunlerability/", + "refsource": "MISC", + "url": "https://blog.ziaurrashid.com/wisetail-learning-ecosystem-multiple-idor-vunlerability/" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4232.json b/2018/4xxx/CVE-2018-4232.json index 5a4fdfcd830..15f310e6ce7 100644 --- a/2018/4xxx/CVE-2018-4232.json +++ b/2018/4xxx/CVE-2018-4232.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to overwrite cookies via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208848", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208848" - }, - { - "name" : "https://support.apple.com/HT208850", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208850" - }, - { - "name" : "https://support.apple.com/HT208852", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208852" - }, - { - "name" : "https://support.apple.com/HT208853", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208853" - }, - { - "name" : "https://support.apple.com/HT208854", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208854" - }, - { - "name" : "GLSA-201808-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201808-04" - }, - { - "name" : "USN-3687-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3687-1/" - }, - { - "name" : "1041029", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to overwrite cookies via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208850", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208850" + }, + { + "name": "https://support.apple.com/HT208853", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208853" + }, + { + "name": "GLSA-201808-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201808-04" + }, + { + "name": "https://support.apple.com/HT208854", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208854" + }, + { + "name": "1041029", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041029" + }, + { + "name": "USN-3687-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3687-1/" + }, + { + "name": "https://support.apple.com/HT208848", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208848" + }, + { + "name": "https://support.apple.com/HT208852", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208852" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4270.json b/2018/4xxx/CVE-2018-4270.json index fcb9711813f..8eed868698a 100644 --- a/2018/4xxx/CVE-2018-4270.json +++ b/2018/4xxx/CVE-2018-4270.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4270", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4270", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4359.json b/2018/4xxx/CVE-2018-4359.json index 0e61c58823c..60befd33336 100644 --- a/2018/4xxx/CVE-2018-4359.json +++ b/2018/4xxx/CVE-2018-4359.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4359", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4359", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4423.json b/2018/4xxx/CVE-2018-4423.json index e5916fdd332..6d4cc2412a1 100644 --- a/2018/4xxx/CVE-2018-4423.json +++ b/2018/4xxx/CVE-2018-4423.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4423", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4423", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4688.json b/2018/4xxx/CVE-2018-4688.json index 7f1202a0a48..0b8748bc19e 100644 --- a/2018/4xxx/CVE-2018-4688.json +++ b/2018/4xxx/CVE-2018-4688.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4688", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4688", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4760.json b/2018/4xxx/CVE-2018-4760.json index acef11e44ff..f6928471edf 100644 --- a/2018/4xxx/CVE-2018-4760.json +++ b/2018/4xxx/CVE-2018-4760.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4760", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4760", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9854.json b/2019/9xxx/CVE-2019-9854.json new file mode 100644 index 00000000000..aea93d5105d --- /dev/null +++ b/2019/9xxx/CVE-2019-9854.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9854", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file