From d55cc3b8b1eb3b33349fd375451b23c6fadfcbfc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:48:45 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/0xxx/CVE-2004-0203.json | 150 ++++++------ 2004/0xxx/CVE-2004-0388.json | 250 +++++++++---------- 2004/1xxx/CVE-2004-1038.json | 320 ++++++++++++------------- 2004/1xxx/CVE-2004-1451.json | 140 +++++------ 2004/1xxx/CVE-2004-1462.json | 160 ++++++------- 2004/1xxx/CVE-2004-1523.json | 150 ++++++------ 2008/2xxx/CVE-2008-2658.json | 34 +-- 2008/3xxx/CVE-2008-3107.json | 370 ++++++++++++++--------------- 2008/3xxx/CVE-2008-3878.json | 180 +++++++------- 2008/3xxx/CVE-2008-3918.json | 130 +++++----- 2008/4xxx/CVE-2008-4170.json | 150 ++++++------ 2008/4xxx/CVE-2008-4231.json | 240 +++++++++---------- 2008/4xxx/CVE-2008-4656.json | 140 +++++------ 2008/4xxx/CVE-2008-4669.json | 140 +++++------ 2008/6xxx/CVE-2008-6002.json | 160 ++++++------- 2008/6xxx/CVE-2008-6071.json | 180 +++++++------- 2008/6xxx/CVE-2008-6478.json | 170 ++++++------- 2008/6xxx/CVE-2008-6651.json | 140 +++++------ 2008/6xxx/CVE-2008-6750.json | 150 ++++++------ 2008/6xxx/CVE-2008-6857.json | 160 ++++++------- 2013/2xxx/CVE-2013-2096.json | 170 ++++++------- 2013/2xxx/CVE-2013-2228.json | 34 +-- 2013/2xxx/CVE-2013-2709.json | 130 +++++----- 2013/2xxx/CVE-2013-2786.json | 120 +++++----- 2013/2xxx/CVE-2013-2920.json | 190 +++++++-------- 2013/2xxx/CVE-2013-2950.json | 140 +++++------ 2013/6xxx/CVE-2013-6325.json | 160 ++++++------- 2013/6xxx/CVE-2013-6332.json | 130 +++++----- 2017/11xxx/CVE-2017-11130.json | 120 +++++----- 2017/11xxx/CVE-2017-11296.json | 140 +++++------ 2017/14xxx/CVE-2017-14051.json | 170 ++++++------- 2017/14xxx/CVE-2017-14583.json | 122 +++++----- 2017/14xxx/CVE-2017-14725.json | 170 ++++++------- 2017/14xxx/CVE-2017-14788.json | 34 +-- 2017/14xxx/CVE-2017-14827.json | 130 +++++----- 2017/15xxx/CVE-2017-15255.json | 120 +++++----- 2017/15xxx/CVE-2017-15337.json | 120 +++++----- 2017/15xxx/CVE-2017-15437.json | 34 +-- 2017/15xxx/CVE-2017-15713.json | 134 +++++------ 2017/15xxx/CVE-2017-15715.json | 232 +++++++++--------- 2017/15xxx/CVE-2017-15910.json | 34 +-- 2017/9xxx/CVE-2017-9398.json | 34 +-- 2017/9xxx/CVE-2017-9585.json | 120 +++++----- 2017/9xxx/CVE-2017-9764.json | 120 +++++----- 2017/9xxx/CVE-2017-9901.json | 120 +++++----- 2018/0xxx/CVE-2018-0279.json | 130 +++++----- 2018/0xxx/CVE-2018-0341.json | 140 +++++------ 2018/0xxx/CVE-2018-0937.json | 142 +++++------ 2018/1000xxx/CVE-2018-1000036.json | 136 +++++------ 2018/1000xxx/CVE-2018-1000544.json | 146 ++++++------ 2018/12xxx/CVE-2018-12126.json | 34 +-- 2018/12xxx/CVE-2018-12406.json | 152 ++++++------ 2018/12xxx/CVE-2018-12499.json | 120 +++++----- 2018/12xxx/CVE-2018-12520.json | 150 ++++++------ 2018/12xxx/CVE-2018-12874.json | 140 +++++------ 2018/16xxx/CVE-2018-16303.json | 120 +++++----- 2018/16xxx/CVE-2018-16993.json | 34 +-- 2018/4xxx/CVE-2018-4317.json | 34 +-- 2018/4xxx/CVE-2018-4600.json | 34 +-- 2018/4xxx/CVE-2018-4934.json | 170 ++++++------- 60 files changed, 4112 insertions(+), 4112 deletions(-) diff --git a/2004/0xxx/CVE-2004-0203.json b/2004/0xxx/CVE-2004-0203.json index a41b2c317b3..0a41effc94d 100644 --- a/2004/0xxx/CVE-2004-0203.json +++ b/2004/0xxx/CVE-2004-0203.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS04-026", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-026" - }, - { - "name" : "VU#948750", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/948750" - }, - { - "name" : "oval:org.mitre.oval:def:2016", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2016" - }, - { - "name" : "exchange-owa-execute-code(16583)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS04-026", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-026" + }, + { + "name": "exchange-owa-execute-code(16583)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16583" + }, + { + "name": "VU#948750", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/948750" + }, + { + "name": "oval:org.mitre.oval:def:2016", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2016" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0388.json b/2004/0xxx/CVE-2004-0388.json index 7a018f412f1..59d48b589d6 100644 --- a/2004/0xxx/CVE-2004-0388.json +++ b/2004/0xxx/CVE-2004-0388.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dev.mysql.com/doc/mysql/en/news-4-1-2.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/mysql/en/news-4-1-2.html" - }, - { - "name" : "DSA-483", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-483" - }, - { - "name" : "GLSA-200405-20", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200405-20.xml" - }, - { - "name" : "MDKSA-2004:034", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:034" - }, - { - "name" : "RHSA-2004:569", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-569.html" - }, - { - "name" : "RHSA-2004:597", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-597.html" - }, - { - "name" : "20040414 [OpenPKG-SA-2004.014] OpenPKG Security Advisory (mysql)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108206802810402&w=2" - }, - { - "name" : "P-018", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-018.shtml" - }, - { - "name" : "10142", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10142" - }, - { - "name" : "6421", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6421" - }, - { - "name" : "oval:org.mitre.oval:def:10559", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10559" - }, - { - "name" : "1009784", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009784" - }, - { - "name" : "11223", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11223/" - }, - { - "name" : "mysql-mysqldmulti-symlink(15883)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15883" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1009784", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009784" + }, + { + "name": "11223", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11223/" + }, + { + "name": "http://dev.mysql.com/doc/mysql/en/news-4-1-2.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/mysql/en/news-4-1-2.html" + }, + { + "name": "mysql-mysqldmulti-symlink(15883)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15883" + }, + { + "name": "DSA-483", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-483" + }, + { + "name": "GLSA-200405-20", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200405-20.xml" + }, + { + "name": "MDKSA-2004:034", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:034" + }, + { + "name": "RHSA-2004:597", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-597.html" + }, + { + "name": "P-018", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-018.shtml" + }, + { + "name": "20040414 [OpenPKG-SA-2004.014] OpenPKG Security Advisory (mysql)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108206802810402&w=2" + }, + { + "name": "RHSA-2004:569", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-569.html" + }, + { + "name": "oval:org.mitre.oval:def:10559", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10559" + }, + { + "name": "6421", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6421" + }, + { + "name": "10142", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10142" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1038.json b/2004/1xxx/CVE-2004-1038.json index 3f8f93c612e..021d94b0c48 100644 --- a/2004/1xxx/CVE-2004-1038.json +++ b/2004/1xxx/CVE-2004-1038.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: this was reported in 2008 to affect Windows Vista, but some Linux-based operating systems have protection mechanisms against this attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041026 pacsec.jp advisory: Firewire/IEEE 1394 Considered Harmful to Physical Security", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109881362530790&w=2" - }, - { - "name" : "20080305 Firewire Attack on Windows Vista", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489163/100/0/threaded" - }, - { - "name" : "20080305 RE: Firewire Attack on Windows Vista", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489189/100/0/threaded" - }, - { - "name" : "20080305 Re: Firewire Attack on Windows Vista", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489175/100/0/threaded" - }, - { - "name" : "20080309 Re: [Full-disclosure] Firewire Attack on Windows Vista", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489322/100/0/threaded" - }, - { - "name" : "20080309 Re: Firewire Attack on Windows Vista", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489335/100/0/threaded" - }, - { - "name" : "20080310 RE: [Full-disclosure] Firewire Attack on Windows Vista", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489330/100/0/threaded" - }, - { - "name" : "20080310 Re: [Full-disclosure] Firewire Attack on Windows Vista", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489342/100/0/threaded" - }, - { - "name" : "20080306 RE: Firewire Attack on Windows Vista", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489257/100/0/threaded" - }, - { - "name" : "20080306 Re: Firewire Attack on Windows Vista", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489212/100/0/threaded" - }, - { - "name" : "20080307 Re: Firewire Attack on Windows Vista", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489269/100/0/threaded" - }, - { - "name" : "20080308 RE: [Full-disclosure] Firewire Attack on Windows Vista", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489296/100/0/threaded" - }, - { - "name" : "20080308 Re: [Full-disclosure] Firewire Attack on Windows Vista", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489295/100/0/threaded" - }, - { - "name" : "http://pacsec.jp/advisories.html", - "refsource" : "MISC", - "url" : "http://pacsec.jp/advisories.html" - }, - { - "name" : "http://it.slashdot.org/article.pl?sid=08/03/04/1258210", - "refsource" : "MISC", - "url" : "http://it.slashdot.org/article.pl?sid=08/03/04/1258210" - }, - { - "name" : "http://md.hudora.de/presentations/firewire/2005-firewire-cansecwest.pdf", - "refsource" : "MISC", - "url" : "http://md.hudora.de/presentations/firewire/2005-firewire-cansecwest.pdf" - }, - { - "name" : "http://storm.net.nz/projects/16", - "refsource" : "MISC", - "url" : "http://storm.net.nz/projects/16" - }, - { - "name" : "http://storm.net.nz/static/files/ab_firewire_rux2k6-final.pdf", - "refsource" : "MISC", - "url" : "http://storm.net.nz/static/files/ab_firewire_rux2k6-final.pdf" - }, - { - "name" : "http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks.pdf", - "refsource" : "MISC", - "url" : "http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks.pdf" - }, - { - "name" : "http://www.theage.com.au/news/security/hack-into-a-windows-pc-no-password-needed/2008/03/04/1204402423638.html", - "refsource" : "MISC", - "url" : "http://www.theage.com.au/news/security/hack-into-a-windows-pc-no-password-needed/2008/03/04/1204402423638.html" - }, - { - "name" : "firewire-ieee1394-interface-installed(18041)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: this was reported in 2008 to affect Windows Vista, but some Linux-based operating systems have protection mechanisms against this attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pacsec.jp/advisories.html", + "refsource": "MISC", + "url": "http://pacsec.jp/advisories.html" + }, + { + "name": "20080310 RE: [Full-disclosure] Firewire Attack on Windows Vista", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489330/100/0/threaded" + }, + { + "name": "20080305 RE: Firewire Attack on Windows Vista", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489189/100/0/threaded" + }, + { + "name": "20080305 Firewire Attack on Windows Vista", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489163/100/0/threaded" + }, + { + "name": "http://it.slashdot.org/article.pl?sid=08/03/04/1258210", + "refsource": "MISC", + "url": "http://it.slashdot.org/article.pl?sid=08/03/04/1258210" + }, + { + "name": "20041026 pacsec.jp advisory: Firewire/IEEE 1394 Considered Harmful to Physical Security", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109881362530790&w=2" + }, + { + "name": "20080308 Re: [Full-disclosure] Firewire Attack on Windows Vista", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489295/100/0/threaded" + }, + { + "name": "firewire-ieee1394-interface-installed(18041)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18041" + }, + { + "name": "http://md.hudora.de/presentations/firewire/2005-firewire-cansecwest.pdf", + "refsource": "MISC", + "url": "http://md.hudora.de/presentations/firewire/2005-firewire-cansecwest.pdf" + }, + { + "name": "20080308 RE: [Full-disclosure] Firewire Attack on Windows Vista", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489296/100/0/threaded" + }, + { + "name": "20080307 Re: Firewire Attack on Windows Vista", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489269/100/0/threaded" + }, + { + "name": "20080309 Re: [Full-disclosure] Firewire Attack on Windows Vista", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489322/100/0/threaded" + }, + { + "name": "http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks.pdf", + "refsource": "MISC", + "url": "http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks.pdf" + }, + { + "name": "20080306 Re: Firewire Attack on Windows Vista", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489212/100/0/threaded" + }, + { + "name": "20080305 Re: Firewire Attack on Windows Vista", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489175/100/0/threaded" + }, + { + "name": "20080306 RE: Firewire Attack on Windows Vista", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489257/100/0/threaded" + }, + { + "name": "20080310 Re: [Full-disclosure] Firewire Attack on Windows Vista", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489342/100/0/threaded" + }, + { + "name": "http://storm.net.nz/static/files/ab_firewire_rux2k6-final.pdf", + "refsource": "MISC", + "url": "http://storm.net.nz/static/files/ab_firewire_rux2k6-final.pdf" + }, + { + "name": "http://storm.net.nz/projects/16", + "refsource": "MISC", + "url": "http://storm.net.nz/projects/16" + }, + { + "name": "http://www.theage.com.au/news/security/hack-into-a-windows-pc-no-password-needed/2008/03/04/1204402423638.html", + "refsource": "MISC", + "url": "http://www.theage.com.au/news/security/hack-into-a-windows-pc-no-password-needed/2008/03/04/1204402423638.html" + }, + { + "name": "20080309 Re: Firewire Attack on Windows Vista", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489335/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1451.json b/2004/1xxx/CVE-2004-1451.json index 752caa5503a..ecb7ff1a142 100644 --- a/2004/1xxx/CVE-2004-1451.json +++ b/2004/1xxx/CVE-2004-1451.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=228176", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=228176" - }, - { - "name" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html" - }, - { - "name" : "10419", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10419/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html" + }, + { + "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=228176", + "refsource": "CONFIRM", + "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=228176" + }, + { + "name": "10419", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10419/" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1462.json b/2004/1xxx/CVE-2004-1462.json index 76c6e44f9fb..f7b89391085 100644 --- a/2004/1xxx/CVE-2004-1462.json +++ b/2004/1xxx/CVE-2004-1462.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote attackers to gain unauthorized access to administrator functions such as (1) revert and (2) delete." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceforge.net/project/shownotes.php?group_id=8482&release_id=254801", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/project/shownotes.php?group_id=8482&release_id=254801" - }, - { - "name" : "GLSA-200408-25", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200408-25.xml" - }, - { - "name" : "10805", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10805" - }, - { - "name" : "8194", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/displayvuln.php?osvdb_id=8194" - }, - { - "name" : "moinmoin-acl-gain-privileges(16833)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16833" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote attackers to gain unauthorized access to administrator functions such as (1) revert and (2) delete." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/project/shownotes.php?group_id=8482&release_id=254801", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/project/shownotes.php?group_id=8482&release_id=254801" + }, + { + "name": "moinmoin-acl-gain-privileges(16833)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16833" + }, + { + "name": "GLSA-200408-25", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-25.xml" + }, + { + "name": "10805", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10805" + }, + { + "name": "8194", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8194" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1523.json b/2004/1xxx/CVE-2004-1523.json index cff6fa68f8c..2586619441e 100644 --- a/2004/1xxx/CVE-2004-1523.json +++ b/2004/1xxx/CVE-2004-1523.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the game console in Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (application crash) via format string specifiers in a message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041115 Multiple vulnerabilities in Hired Team: Trial (Shine engine)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110054260919742&w=2" - }, - { - "name" : "11683", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11683" - }, - { - "name" : "13207", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13207" - }, - { - "name" : "hired-team-format-string(18083)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18083" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the game console in Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (application crash) via format string specifiers in a message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13207", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13207" + }, + { + "name": "20041115 Multiple vulnerabilities in Hired Team: Trial (Shine engine)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110054260919742&w=2" + }, + { + "name": "hired-team-format-string(18083)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18083" + }, + { + "name": "11683", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11683" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2658.json b/2008/2xxx/CVE-2008-2658.json index df807d111fe..c2fcdefa464 100644 --- a/2008/2xxx/CVE-2008-2658.json +++ b/2008/2xxx/CVE-2008-2658.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2658", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2658", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3107.json b/2008/3xxx/CVE-2008-3107.json index 020eb2df3f1..c516850b46a 100644 --- a/2008/3xxx/CVE-2008-3107.json +++ b/2008/3xxx/CVE-2008-3107.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3107", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=122331139823057&w=2" - }, - { - "name" : "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497041/100/0/threaded" - }, - { - "name" : "http://support.apple.com/kb/HT3178", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3178" - }, - { - "name" : "http://support.apple.com/kb/HT3179", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3179" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" - }, - { - "name" : "APPLE-SA-2008-09-24", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "RHSA-2008:0594", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0594.html" - }, - { - "name" : "RHSA-2008:0595", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0595.html" - }, - { - "name" : "238967", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238967-1" - }, - { - "name" : "SUSE-SA:2008:042", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" - }, - { - "name" : "TA08-193A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" - }, - { - "name" : "30141", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30141" - }, - { - "name" : "oval:org.mitre.oval:def:10219", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10219" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - }, - { - "name" : "ADV-2008-2056", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2056/references" - }, - { - "name" : "ADV-2008-2740", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2740" - }, - { - "name" : "1020455", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020455" - }, - { - "name" : "31010", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31010" - }, - { - "name" : "31055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31055" - }, - { - "name" : "31497", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31497" - }, - { - "name" : "31600", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31600" - }, - { - "name" : "32018", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32018" - }, - { - "name" : "32180", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32180" - }, - { - "name" : "32179", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32179" - }, - { - "name" : "sun-virtualmachine-unauth-access(43659)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43659" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "238967", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238967-1" + }, + { + "name": "sun-virtualmachine-unauth-access(43659)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43659" + }, + { + "name": "APPLE-SA-2008-09-24", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" + }, + { + "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=122331139823057&w=2" + }, + { + "name": "1020455", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020455" + }, + { + "name": "31600", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31600" + }, + { + "name": "SUSE-SA:2008:042", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" + }, + { + "name": "32018", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32018" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "32179", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32179" + }, + { + "name": "ADV-2008-2740", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2740" + }, + { + "name": "30141", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30141" + }, + { + "name": "ADV-2008-2056", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2056/references" + }, + { + "name": "31055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31055" + }, + { + "name": "32180", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32180" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" + }, + { + "name": "http://support.apple.com/kb/HT3178", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3178" + }, + { + "name": "RHSA-2008:0594", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" + }, + { + "name": "31497", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31497" + }, + { + "name": "oval:org.mitre.oval:def:10219", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10219" + }, + { + "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" + }, + { + "name": "TA08-193A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + }, + { + "name": "http://support.apple.com/kb/HT3179", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3179" + }, + { + "name": "RHSA-2008:0595", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" + }, + { + "name": "31010", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31010" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3878.json b/2008/3xxx/CVE-2008-3878.json index a5b1c378a67..2a1dbe1ff09 100644 --- a/2008/3xxx/CVE-2008-3878.json +++ b/2008/3xxx/CVE-2008-3878.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 in Ultra Shareware Ultra Office Control allows remote attackers to execute arbitrary code via long strUrl, strFile, and strPostData parameters to the HttpUpload method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6318", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6318" - }, - { - "name" : "http://www.shinnai.net/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1219826651.ff.php", - "refsource" : "MISC", - "url" : "http://www.shinnai.net/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1219826651.ff.php" - }, - { - "name" : "http://www.shinnai.net/xplits/TXT_RvfuIrwypWLMaiVn33Iy.html", - "refsource" : "MISC", - "url" : "http://www.shinnai.net/xplits/TXT_RvfuIrwypWLMaiVn33Iy.html" - }, - { - "name" : "30861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30861" - }, - { - "name" : "31632", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31632" - }, - { - "name" : "4200", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4200" - }, - { - "name" : "uoc-ultraofficecontrol-bo(44749)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 in Ultra Shareware Ultra Office Control allows remote attackers to execute arbitrary code via long strUrl, strFile, and strPostData parameters to the HttpUpload method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.shinnai.net/xplits/TXT_RvfuIrwypWLMaiVn33Iy.html", + "refsource": "MISC", + "url": "http://www.shinnai.net/xplits/TXT_RvfuIrwypWLMaiVn33Iy.html" + }, + { + "name": "6318", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6318" + }, + { + "name": "31632", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31632" + }, + { + "name": "4200", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4200" + }, + { + "name": "uoc-ultraofficecontrol-bo(44749)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44749" + }, + { + "name": "30861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30861" + }, + { + "name": "http://www.shinnai.net/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1219826651.ff.php", + "refsource": "MISC", + "url": "http://www.shinnai.net/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1219826651.ff.php" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3918.json b/2008/3xxx/CVE-2008-3918.json index f60e582ff9d..b0b22f4521a 100644 --- a/2008/3xxx/CVE-2008-3918.json +++ b/2008/3xxx/CVE-2008-3918.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the field parameter in a search action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "31425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31425" - }, - { - "name" : "ovidentia-field-sql-injection(45940)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45940" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the field parameter in a search action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ovidentia-field-sql-injection(45940)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45940" + }, + { + "name": "31425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31425" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4170.json b/2008/4xxx/CVE-2008-4170.json index 52be6f6ef67..93b1a4ad4c0 100644 --- a/2008/4xxx/CVE-2008-4170.json +++ b/2008/4xxx/CVE-2008-4170.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "create_account.php in osCommerce 2.2 RC 2a allows remote attackers to obtain sensitive information via an invalid dob parameter, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080916 [NOBYTES.COM: #12] osCommerce 2.2rc2a - Information Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496417/100/0/threaded" - }, - { - "name" : "31209", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31209" - }, - { - "name" : "4293", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4293" - }, - { - "name" : "oscommerce-createaccount-info-disclosure(45193)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "create_account.php in osCommerce 2.2 RC 2a allows remote attackers to obtain sensitive information via an invalid dob parameter, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oscommerce-createaccount-info-disclosure(45193)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45193" + }, + { + "name": "31209", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31209" + }, + { + "name": "20080916 [NOBYTES.COM: #12] osCommerce 2.2rc2a - Information Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496417/100/0/threaded" + }, + { + "name": "4293", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4293" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4231.json b/2008/4xxx/CVE-2008-4231.json index 2f40fc67f3f..dd3ce6c7909 100644 --- a/2008/4xxx/CVE-2008-4231.json +++ b/2008/4xxx/CVE-2008-4231.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090610 FortiGuard Advisory: Apple Safari Remote Memory Corruption Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504211/100/0/threaded" - }, - { - "name" : "http://www.fortiguardcenter.com/advisory/FGA-2009-23.html", - "refsource" : "MISC", - "url" : "http://www.fortiguardcenter.com/advisory/FGA-2009-23.html" - }, - { - "name" : "http://support.apple.com/kb/HT3318", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3318" - }, - { - "name" : "http://support.apple.com/kb/HT3613", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3613" - }, - { - "name" : "APPLE-SA-2008-11-20", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html" - }, - { - "name" : "APPLE-SA-2009-06-08-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" - }, - { - "name" : "32394", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32394" - }, - { - "name" : "35379", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35379" - }, - { - "name" : "ADV-2008-3232", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3232" - }, - { - "name" : "50028", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50028" - }, - { - "name" : "1021272", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021272" - }, - { - "name" : "32756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32756" - }, - { - "name" : "ADV-2009-1522", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.fortiguardcenter.com/advisory/FGA-2009-23.html", + "refsource": "MISC", + "url": "http://www.fortiguardcenter.com/advisory/FGA-2009-23.html" + }, + { + "name": "APPLE-SA-2009-06-08-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" + }, + { + "name": "APPLE-SA-2008-11-20", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html" + }, + { + "name": "ADV-2009-1522", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1522" + }, + { + "name": "ADV-2008-3232", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3232" + }, + { + "name": "35379", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35379" + }, + { + "name": "20090610 FortiGuard Advisory: Apple Safari Remote Memory Corruption Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504211/100/0/threaded" + }, + { + "name": "http://support.apple.com/kb/HT3318", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3318" + }, + { + "name": "1021272", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021272" + }, + { + "name": "50028", + "refsource": "OSVDB", + "url": "http://osvdb.org/50028" + }, + { + "name": "32394", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32394" + }, + { + "name": "http://support.apple.com/kb/HT3613", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3613" + }, + { + "name": "32756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32756" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4656.json b/2008/4xxx/CVE-2008-4656.json index 4c8a2fd6b0b..d376aff2583 100644 --- a/2008/4xxx/CVE-2008-4656.json +++ b/2008/4xxx/CVE-2008-4656.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4656", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Frontend Users View (feusersview) 0.1.6 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/" - }, - { - "name" : "31843", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31843" - }, - { - "name" : "ADV-2008-2870", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Frontend Users View (feusersview) 0.1.6 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-2870", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2870" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/" + }, + { + "name": "31843", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31843" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4669.json b/2008/4xxx/CVE-2008-4669.json index 072c9ded7d5..f042ec1f057 100644 --- a/2008/4xxx/CVE-2008-4669.json +++ b/2008/4xxx/CVE-2008-4669.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.php in Dan Fletcher Recipe Script allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/bid/31442/exploit", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/bid/31442/exploit" - }, - { - "name" : "31442", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31442" - }, - { - "name" : "recipescript-search-xss(45489)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45489" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.php in Dan Fletcher Recipe Script allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securityfocus.com/bid/31442/exploit", + "refsource": "MISC", + "url": "http://www.securityfocus.com/bid/31442/exploit" + }, + { + "name": "recipescript-search-xss(45489)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45489" + }, + { + "name": "31442", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31442" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6002.json b/2008/6xxx/CVE-2008-6002.json index 72e0ac8bf07..f386f1a991e 100644 --- a/2008/6xxx/CVE-2008-6002.json +++ b/2008/6xxx/CVE-2008-6002.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in sendfile.php in web-cp 0.5.7, when register_globals is enabled, allows remote attackers to read arbitrary files via a full pathname in the filelocation parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6556", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6556" - }, - { - "name" : "http://www.web-cp.net/mantis/changelog_page.php", - "refsource" : "CONFIRM", - "url" : "http://www.web-cp.net/mantis/changelog_page.php" - }, - { - "name" : "31371", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31371" - }, - { - "name" : "31979", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31979" - }, - { - "name" : "webcp-sendfile-information-disclosure(45408)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in sendfile.php in web-cp 0.5.7, when register_globals is enabled, allows remote attackers to read arbitrary files via a full pathname in the filelocation parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "webcp-sendfile-information-disclosure(45408)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45408" + }, + { + "name": "31979", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31979" + }, + { + "name": "http://www.web-cp.net/mantis/changelog_page.php", + "refsource": "CONFIRM", + "url": "http://www.web-cp.net/mantis/changelog_page.php" + }, + { + "name": "31371", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31371" + }, + { + "name": "6556", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6556" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6071.json b/2008/6xxx/CVE-2008-6071.json index a4b042ebc89..c27892dc6cc 100644 --- a/2008/6xxx/CVE-2008-6071.json +++ b/2008/6xxx/CVE-2008-6071.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/pict.c", - "refsource" : "CONFIRM", - "url" : "http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/pict.c" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=604785", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=604785" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=604837", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=604837" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485" - }, - { - "name" : "29583", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29583" - }, - { - "name" : "30549", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30549" - }, - { - "name" : "graphicsmagick-decodeimage-bo(42906)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42906" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=604837", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=604837" + }, + { + "name": "30549", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30549" + }, + { + "name": "29583", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29583" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485" + }, + { + "name": "http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/pict.c", + "refsource": "CONFIRM", + "url": "http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/pict.c" + }, + { + "name": "graphicsmagick-decodeimage-bo(42906)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42906" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=604785", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=604785" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6478.json b/2008/6xxx/CVE-2008-6478.json index bb172e7517c..2c199710530 100644 --- a/2008/6xxx/CVE-2008-6478.json +++ b/2008/6xxx/CVE-2008-6478.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the file manager in the VZPP web interface for Parallels Virtuozzo 365.6.swsoft (build 4.0.0-365.6.swsoft) and 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to create and delete arbitrary files as the administrator via a link or IMG tag to (1) create-file and (2) list-control in vz/cp/vzdir/infrman/envs/files/; or modify system configuration via the path parameter to vz/cp/vzdir/infrman/envs/files/index." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080402 Parallels virtuozzo's VZPP multiple csrf vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490409/100/0/threaded" - }, - { - "name" : "http://px.dynalias.org/files/virtuozzo_overwrite.html.txt", - "refsource" : "MISC", - "url" : "http://px.dynalias.org/files/virtuozzo_overwrite.html.txt" - }, - { - "name" : "28589", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28589" - }, - { - "name" : "44395", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/44395" - }, - { - "name" : "29675", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29675" - }, - { - "name" : "virtuozzo-file-manager-csrf(41640)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the file manager in the VZPP web interface for Parallels Virtuozzo 365.6.swsoft (build 4.0.0-365.6.swsoft) and 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to create and delete arbitrary files as the administrator via a link or IMG tag to (1) create-file and (2) list-control in vz/cp/vzdir/infrman/envs/files/; or modify system configuration via the path parameter to vz/cp/vzdir/infrman/envs/files/index." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44395", + "refsource": "OSVDB", + "url": "http://osvdb.org/44395" + }, + { + "name": "20080402 Parallels virtuozzo's VZPP multiple csrf vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490409/100/0/threaded" + }, + { + "name": "http://px.dynalias.org/files/virtuozzo_overwrite.html.txt", + "refsource": "MISC", + "url": "http://px.dynalias.org/files/virtuozzo_overwrite.html.txt" + }, + { + "name": "29675", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29675" + }, + { + "name": "virtuozzo-file-manager-csrf(41640)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41640" + }, + { + "name": "28589", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28589" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6651.json b/2008/6xxx/CVE-2008-6651.json index 8367d8e041d..6a214568d1a 100644 --- a/2008/6xxx/CVE-2008-6651.json +++ b/2008/6xxx/CVE-2008-6651.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP code into oxyhistory.php via the oxymsg parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5524", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5524" - }, - { - "name" : "28992", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28992" - }, - { - "name" : "oxyproject-edithistory-command-execution(42110)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP code into oxyhistory.php via the oxymsg parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5524", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5524" + }, + { + "name": "28992", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28992" + }, + { + "name": "oxyproject-edithistory-command-execution(42110)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42110" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6750.json b/2008/6xxx/CVE-2008-6750.json index 55abf6cb0bb..0be8b7fc4fb 100644 --- a/2008/6xxx/CVE-2008-6750.json +++ b/2008/6xxx/CVE-2008-6750.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6750", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in add.php in FlexPHPDirectory 0.0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photo/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6750", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7614", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7614" - }, - { - "name" : "51303", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51303" - }, - { - "name" : "33353", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33353" - }, - { - "name" : "flexphpdirectory-add-file-upload(47641)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47641" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in add.php in FlexPHPDirectory 0.0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photo/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33353", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33353" + }, + { + "name": "51303", + "refsource": "OSVDB", + "url": "http://osvdb.org/51303" + }, + { + "name": "7614", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7614" + }, + { + "name": "flexphpdirectory-add-file-upload(47641)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47641" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6857.json b/2008/6xxx/CVE-2008-6857.json index 70da1689acf..a412f0da4ba 100644 --- a/2008/6xxx/CVE-2008-6857.json +++ b/2008/6xxx/CVE-2008-6857.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6857", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6882", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6882" - }, - { - "name" : "32003", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32003" - }, - { - "name" : "49467", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49467" - }, - { - "name" : "32472", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32472" - }, - { - "name" : "absolutepodcastnet-xlaapcuser-auth-bypass(46241)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32003", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32003" + }, + { + "name": "absolutepodcastnet-xlaapcuser-auth-bypass(46241)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46241" + }, + { + "name": "49467", + "refsource": "OSVDB", + "url": "http://osvdb.org/49467" + }, + { + "name": "6882", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6882" + }, + { + "name": "32472", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32472" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2096.json b/2013/2xxx/CVE-2013-2096.json index 49723c5136f..3cbdc8dcc7c 100644 --- a/2013/2xxx/CVE-2013-2096.json +++ b/2013/2xxx/CVE-2013-2096.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[openstack-announce] 20130516 [OSSA 2013-012] Nova fails to verify image virtual size (CVE-2013-2096)", - "refsource" : "MLIST", - "url" : "http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.html" - }, - { - "name" : "https://review.openstack.org/#/c/28717/", - "refsource" : "CONFIRM", - "url" : "https://review.openstack.org/#/c/28717/" - }, - { - "name" : "https://review.openstack.org/#/c/28901/", - "refsource" : "CONFIRM", - "url" : "https://review.openstack.org/#/c/28901/" - }, - { - "name" : "https://review.openstack.org/#/c/29192/", - "refsource" : "CONFIRM", - "url" : "https://review.openstack.org/#/c/29192/" - }, - { - "name" : "USN-1831-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1831-1" - }, - { - "name" : "59924", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59924" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://review.openstack.org/#/c/28717/", + "refsource": "CONFIRM", + "url": "https://review.openstack.org/#/c/28717/" + }, + { + "name": "https://review.openstack.org/#/c/28901/", + "refsource": "CONFIRM", + "url": "https://review.openstack.org/#/c/28901/" + }, + { + "name": "USN-1831-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1831-1" + }, + { + "name": "[openstack-announce] 20130516 [OSSA 2013-012] Nova fails to verify image virtual size (CVE-2013-2096)", + "refsource": "MLIST", + "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.html" + }, + { + "name": "https://review.openstack.org/#/c/29192/", + "refsource": "CONFIRM", + "url": "https://review.openstack.org/#/c/29192/" + }, + { + "name": "59924", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59924" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2228.json b/2013/2xxx/CVE-2013-2228.json index 0e1da900b93..b95b42ae0f8 100644 --- a/2013/2xxx/CVE-2013-2228.json +++ b/2013/2xxx/CVE-2013-2228.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2228", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2228", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2709.json b/2013/2xxx/CVE-2013-2709.json index cee0ad012e4..ea7158e0079 100644 --- a/2013/2xxx/CVE-2013-2709.json +++ b/2013/2xxx/CVE-2013-2709.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the FourSquare Checkins plugin before 1.3 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2013-2709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wordpress.org/extend/plugins/foursquare-checkins/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/extend/plugins/foursquare-checkins/changelog/" - }, - { - "name" : "53151", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53151" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the FourSquare Checkins plugin before 1.3 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53151", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53151" + }, + { + "name": "http://wordpress.org/extend/plugins/foursquare-checkins/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/extend/plugins/foursquare-checkins/changelog/" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2786.json b/2013/2xxx/CVE-2013-2786.json index 7698f5b3b6d..2ae610a9494 100644 --- a/2013/2xxx/CVE-2013-2786.json +++ b/2013/2xxx/CVE-2013-2786.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Alstom Grid MiCOM S1 Agile before 1.0.3 and Alstom Grid MiCOM S1 Studio use weak permissions for the MiCOM S1 %PROGRAMFILES% directory, which allows local users to gain privileges via a Trojan horse executable file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2013-2786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-184-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-184-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Alstom Grid MiCOM S1 Agile before 1.0.3 and Alstom Grid MiCOM S1 Studio use weak permissions for the MiCOM S1 %PROGRAMFILES% directory, which allows local users to gain privileges via a Trojan horse executable file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-184-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-184-01" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2920.json b/2013/2xxx/CVE-2013-2920.json index a9566f1ccaf..e0a5d4f653e 100644 --- a/2013/2xxx/CVE-2013-2920.json +++ b/2013/2xxx/CVE-2013-2920.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DoResolveRelativeHost function in url/url_canon_relative.cc in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via a relative URL containing a hostname, as demonstrated by a protocol-relative URL beginning with a //www.google.com/ substring." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=285742", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=285742" - }, - { - "name" : "https://src.chromium.org/viewvc/chrome?revision=223735&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/chrome?revision=223735&view=revision" - }, - { - "name" : "DSA-2785", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2785" - }, - { - "name" : "openSUSE-SU-2013:1556", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html" - }, - { - "name" : "openSUSE-SU-2013:1861", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html" - }, - { - "name" : "openSUSE-SU-2014:0065", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" - }, - { - "name" : "oval:org.mitre.oval:def:18451", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18451" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DoResolveRelativeHost function in url/url_canon_relative.cc in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via a relative URL containing a hostname, as demonstrated by a protocol-relative URL beginning with a //www.google.com/ substring." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html" + }, + { + "name": "openSUSE-SU-2014:0065", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" + }, + { + "name": "DSA-2785", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2785" + }, + { + "name": "openSUSE-SU-2013:1556", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html" + }, + { + "name": "https://src.chromium.org/viewvc/chrome?revision=223735&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/chrome?revision=223735&view=revision" + }, + { + "name": "openSUSE-SU-2013:1861", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=285742", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=285742" + }, + { + "name": "oval:org.mitre.oval:def:18451", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18451" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2950.json b/2013/2xxx/CVE-2013-2950.json index 01fdcebe897..1a3418f9b88 100644 --- a/2013/2xxx/CVE-2013-2950.json +++ b/2013/2xxx/CVE-2013-2950.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-2950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21638864", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21638864" - }, - { - "name" : "PM85071", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM85071" - }, - { - "name" : "was-portal-cve20132950-response-splitting(83618)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83618" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21638864", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638864" + }, + { + "name": "PM85071", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM85071" + }, + { + "name": "was-portal-cve20132950-response-splitting(83618)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83618" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6325.json b/2013/6xxx/CVE-2013-6325.json index 2edbab4789e..b1d8ecdf2f2 100644 --- a/2013/6xxx/CVE-2013-6325.json +++ b/2013/6xxx/CVE-2013-6325.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote attackers to cause a denial of service (resource consumption) via a crafted request to a web services endpoint." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-6325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21661323", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21661323" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21661325", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21661325" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21669554", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21669554" - }, - { - "name" : "PM99450", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM99450" - }, - { - "name" : "ibm-websphere-cve20136325-dos(88906)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88906" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote attackers to cause a denial of service (resource consumption) via a crafted request to a web services endpoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21661323", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21661323" + }, + { + "name": "PM99450", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM99450" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21661325", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21661325" + }, + { + "name": "ibm-websphere-cve20136325-dos(88906)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88906" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6332.json b/2013/6xxx/CVE-2013-6332.json index 211caaea76d..ade1f4d7354 100644 --- a/2013/6xxx/CVE-2013-6332.json +++ b/2013/6xxx/CVE-2013-6332.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6332", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in IBM Algo One UDS 4.7.0 through 5.0.0 allows remote authenticated users to execute arbitrary code by uploading a .jsp file and then launching it." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-6332", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21663820", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21663820" - }, - { - "name" : "ibm-algo-cve20136332-code-exec(89023)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89023" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in IBM Algo One UDS 4.7.0 through 5.0.0 allows remote authenticated users to execute arbitrary code by uploading a .jsp file and then launching it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21663820", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21663820" + }, + { + "name": "ibm-algo-cve20136332-code-exec(89023)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89023" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11130.json b/2017/11xxx/CVE-2017-11130.json index 139afae5beb..5549874ed9e 100644 --- a/2017/11xxx/CVE-2017-11130.json +++ b/2017/11xxx/CVE-2017-11130.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The product's protocol only tries to ensure confidentiality. In the whole protocol, no integrity or authenticity checks are done. Therefore man-in-the-middle attackers can conduct replay attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Jul/90", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jul/90" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The product's protocol only tries to ensure confidentiality. In the whole protocol, no integrity or authenticity checks are done. Therefore man-in-the-middle attackers can conduct replay attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Jul/90", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Jul/90" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11296.json b/2017/11xxx/CVE-2017-11296.json index 28a6ae05eba..a70f6c16480 100644 --- a/2017/11xxx/CVE-2017-11296.json +++ b/2017/11xxx/CVE-2017-11296.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-11296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Experience Manager 6.3, 6.2, 6.1, 6.0", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Experience Manager 6.3, 6.2, 6.1, 6.0" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-11296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Experience Manager 6.3, 6.2, 6.1, 6.0", + "version": { + "version_data": [ + { + "version_value": "Adobe Experience Manager 6.3, 6.2, 6.1, 6.0" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/experience-manager/apsb17-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/experience-manager/apsb17-41.html" - }, - { - "name" : "101844", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101844" - }, - { - "name" : "1039800", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039800" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039800", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039800" + }, + { + "name": "101844", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101844" + }, + { + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb17-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb17-41.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14051.json b/2017/14xxx/CVE-2017-14051.json index 1beee5a2b60..69a41a422d8 100644 --- a/2017/14xxx/CVE-2017-14051.json +++ b/2017/14xxx/CVE-2017-14051.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html" - }, - { - "name" : "https://bugzilla.kernel.org/show_bug.cgi?id=194061", - "refsource" : "MISC", - "url" : "https://bugzilla.kernel.org/show_bug.cgi?id=194061" - }, - { - "name" : "https://patchwork.kernel.org/patch/9929625/", - "refsource" : "MISC", - "url" : "https://patchwork.kernel.org/patch/9929625/" - }, - { - "name" : "USN-3583-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3583-1/" - }, - { - "name" : "USN-3583-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3583-2/" - }, - { - "name" : "100571", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html" + }, + { + "name": "USN-3583-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3583-2/" + }, + { + "name": "https://bugzilla.kernel.org/show_bug.cgi?id=194061", + "refsource": "MISC", + "url": "https://bugzilla.kernel.org/show_bug.cgi?id=194061" + }, + { + "name": "100571", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100571" + }, + { + "name": "https://patchwork.kernel.org/patch/9929625/", + "refsource": "MISC", + "url": "https://patchwork.kernel.org/patch/9929625/" + }, + { + "name": "USN-3583-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3583-1/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14583.json b/2017/14xxx/CVE-2017-14583.json index c59c5a2f6c5..5c879cea634 100644 --- a/2017/14xxx/CVE-2017-14583.json +++ b/2017/14xxx/CVE-2017-14583.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_PUBLIC" : "2017-12-15T00:00:00", - "ID" : "CVE-2017-14583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_PUBLIC": "2017-12-15T00:00:00", + "ID": "CVE-2017-14583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security.netapp.com/advisory/ntap-20171215-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171215-0001/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20171215-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171215-0001/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14725.json b/2017/14xxx/CVE-2017-14725.json index ae4bbd49e69..b3444fcb5b2 100644 --- a/2017/14xxx/CVE-2017-14725.json +++ b/2017/14xxx/CVE-2017-14725.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://core.trac.wordpress.org/changeset/41398", - "refsource" : "MISC", - "url" : "https://core.trac.wordpress.org/changeset/41398" - }, - { - "name" : "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/", - "refsource" : "MISC", - "url" : "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8910", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8910" - }, - { - "name" : "DSA-3997", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3997" - }, - { - "name" : "100912", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100912" - }, - { - "name" : "1039553", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3997", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3997" + }, + { + "name": "100912", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100912" + }, + { + "name": "https://core.trac.wordpress.org/changeset/41398", + "refsource": "MISC", + "url": "https://core.trac.wordpress.org/changeset/41398" + }, + { + "name": "1039553", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039553" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8910", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8910" + }, + { + "name": "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/", + "refsource": "MISC", + "url": "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14788.json b/2017/14xxx/CVE-2017-14788.json index c821e7d1576..eef1ce93372 100644 --- a/2017/14xxx/CVE-2017-14788.json +++ b/2017/14xxx/CVE-2017-14788.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14788", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-14788", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14827.json b/2017/14xxx/CVE-2017-14827.json index ac0dced3afc..16de0ca8b51 100644 --- a/2017/14xxx/CVE-2017-14827.json +++ b/2017/14xxx/CVE-2017-14827.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-14827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "8.3.1.21155" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the append method of XFA Node objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-14827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "8.3.1.21155" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-871", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-871" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the append method of XFA Node objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-871", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-871" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15255.json b/2017/15xxx/CVE-2017-15255.json index b563ef9506d..78771baca73 100644 --- a/2017/15xxx/CVE-2017-15255.json +++ b/2017/15xxx/CVE-2017-15255.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a \"Read Access Violation starting at PDF!xmlParserInputRead+0x00000000001601b0.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15255", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a \"Read Access Violation starting at PDF!xmlParserInputRead+0x00000000001601b0.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15255", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15255" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15337.json b/2017/15xxx/CVE-2017-15337.json index 4034b564619..2bf69691219 100644 --- a/2017/15xxx/CVE-2017-15337.json +++ b/2017/15xxx/CVE-2017-15337.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-15337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DP300,IPS Module,NGFW Module,NIP6300,NIP6600,NIP6800,RP200,SVN5600,SVN5800,SVN5800-C,SeMG9811,Secospace USG6300,Secospace USG6500,Secospace USG6600,TE30,TE40,TE50,TE60,USG9500,USG9520,USG9560,USG9580,VP9660,ViewPoint 8660,ViewPoint 9030,eSpace U1981", - "version" : { - "version_data" : [ - { - "version_value" : "DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability. An attacker would have to find a way to craft specific messages to the affected products. Due to the insufficient validation for SIP messages, successful exploit may cause services abnormal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-15337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DP300,IPS Module,NGFW Module,NIP6300,NIP6600,NIP6800,RP200,SVN5600,SVN5800,SVN5800-C,SeMG9811,Secospace USG6300,Secospace USG6500,Secospace USG6600,TE30,TE40,TE50,TE60,USG9500,USG9520,USG9560,USG9580,VP9660,ViewPoint 8660,ViewPoint 9030,eSpace U1981", + "version": { + "version_data": [ + { + "version_value": "DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability. An attacker would have to find a way to craft specific messages to the affected products. Due to the insufficient validation for SIP messages, successful exploit may cause services abnormal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15437.json b/2017/15xxx/CVE-2017-15437.json index a5605bf1d4e..e7363f3ed22 100644 --- a/2017/15xxx/CVE-2017-15437.json +++ b/2017/15xxx/CVE-2017-15437.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15437", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15437", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15713.json b/2017/15xxx/CVE-2017-15713.json index 5e7d5ede99d..e6b62ec0ccb 100644 --- a/2017/15xxx/CVE-2017-15713.json +++ b/2017/15xxx/CVE-2017-15713.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-01-19T00:00:00", - "ID" : "CVE-2017-15713", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Hadoop", - "version" : { - "version_data" : [ - { - "version_value" : "0.23.0 to 0.23.11" - }, - { - "version_value" : "2.0.0-alpha to 2.8.2" - }, - { - "version_value" : "3.0.0-alpha to 3.0.0-beta1" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-01-19T00:00:00", + "ID": "CVE-2017-15713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Hadoop", + "version": { + "version_data": [ + { + "version_value": "0.23.0 to 0.23.11" + }, + { + "version_value": "2.0.0-alpha to 2.8.2" + }, + { + "version_value": "3.0.0-alpha to 3.0.0-beta1" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[general] 20180119 CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91@%3Cgeneral.hadoop.apache.org%3E" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[general] 20180119 CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91@%3Cgeneral.hadoop.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15715.json b/2017/15xxx/CVE-2017-15715.json index 7032cc6987c..b6e01d879bf 100644 --- a/2017/15xxx/CVE-2017-15715.json +++ b/2017/15xxx/CVE-2017-15715.json @@ -1,118 +1,118 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-03-23T00:00:00", - "ID" : "CVE-2017-15715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache HTTP Server", - "version" : { - "version_data" : [ - { - "version_value" : "2.4.0 to 2.4.29" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : " bypass with a trailing newline in the file name" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-03-23T00:00:00", + "ID": "CVE-2017-15715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache HTTP Server", + "version": { + "version_data": [ + { + "version_value": "2.4.0 to 2.4.29" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20180323 CVE-2017-15715: bypass with a trailing newline in the file name", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2018/03/24/6" - }, - { - "name" : "https://httpd.apache.org/security/vulnerabilities_24.html", - "refsource" : "CONFIRM", - "url" : "https://httpd.apache.org/security/vulnerabilities_24.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180601-0004/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180601-0004/" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us" - }, - { - "name" : "DSA-4164", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4164" - }, - { - "name" : "RHSA-2018:3558", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3558" - }, - { - "name" : "RHSA-2019:0366", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0366" - }, - { - "name" : "RHSA-2019:0367", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0367" - }, - { - "name" : "USN-3627-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3627-1/" - }, - { - "name" : "USN-3627-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3627-2/" - }, - { - "name" : "103525", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103525" - }, - { - "name" : "1040570", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040570" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": " bypass with a trailing newline in the file name" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3627-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3627-1/" + }, + { + "name": "DSA-4164", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4164" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180601-0004/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180601-0004/" + }, + { + "name": "RHSA-2018:3558", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3558" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us" + }, + { + "name": "RHSA-2019:0367", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0367" + }, + { + "name": "USN-3627-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3627-2/" + }, + { + "name": "103525", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103525" + }, + { + "name": "1040570", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040570" + }, + { + "name": "https://httpd.apache.org/security/vulnerabilities_24.html", + "refsource": "CONFIRM", + "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + }, + { + "name": "[oss-security] 20180323 CVE-2017-15715: bypass with a trailing newline in the file name", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2018/03/24/6" + }, + { + "name": "RHSA-2019:0366", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0366" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15910.json b/2017/15xxx/CVE-2017-15910.json index a8eee119c98..b61b704da57 100644 --- a/2017/15xxx/CVE-2017-15910.json +++ b/2017/15xxx/CVE-2017-15910.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15910", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15910", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9398.json b/2017/9xxx/CVE-2017-9398.json index 998eccba3ed..cf551c64dca 100644 --- a/2017/9xxx/CVE-2017-9398.json +++ b/2017/9xxx/CVE-2017-9398.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9398", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9398", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9585.json b/2017/9xxx/CVE-2017-9585.json index 53c5cc8b144..c9d6826131a 100644 --- a/2017/9xxx/CVE-2017-9585.json +++ b/2017/9xxx/CVE-2017-9585.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"Community State Bank - Lamar Mobile Banking\" by Community State Bank - Lamar app 3.0.3 -- aka community-state-bank-lamar-mobile-banking/id1083927885 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"Community State Bank - Lamar Mobile Banking\" by Community State Bank - Lamar app 3.0.3 -- aka community-state-bank-lamar-mobile-banking/id1083927885 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9764.json b/2017/9xxx/CVE-2017-9764.json index ea14c0ca7e0..cb001d647dd 100644 --- a/2017/9xxx/CVE-2017-9764.json +++ b/2017/9xxx/CVE-2017-9764.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/phantom0301/vulns/blob/master/Metinfo.md", - "refsource" : "MISC", - "url" : "https://github.com/phantom0301/vulns/blob/master/Metinfo.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/phantom0301/vulns/blob/master/Metinfo.md", + "refsource": "MISC", + "url": "https://github.com/phantom0301/vulns/blob/master/Metinfo.md" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9901.json b/2017/9xxx/CVE-2017-9901.json index 5a4939b4b0b..14038f34318 100644 --- a/2017/9xxx/CVE-2017-9901.json +++ b/2017/9xxx/CVE-2017-9901.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to \"Data from Faulting Address controls subsequent Write Address starting at Xfpx!gffGetFormatInfo+0x000000000002bfd5.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9901", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9901" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to \"Data from Faulting Address controls subsequent Write Address starting at Xfpx!gffGetFormatInfo+0x000000000002bfd5.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9901", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9901" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0279.json b/2018/0xxx/CVE-2018-0279.json index cb996795a49..72e6a4a302b 100644 --- a/2018/0xxx/CVE-2018-0279.json +++ b/2018/0xxx/CVE-2018-0279.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Enterprise NFV Infrastructure Software", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Enterprise NFV Infrastructure Software" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Secure Copy Protocol (SCP) server of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation of command arguments. An attacker could exploit this vulnerability by using crafted arguments when opening a connection to the affected device. An exploit could allow the attacker to gain shell access with a non-root user account to the underlying Linux operating system on the affected device. Due to the system design, access to the Linux shell could allow execution of additional attacks that may have a significant impact on the affected system. This vulnerability affects Cisco devices that are running release 3.7.1, 3.6.3, or earlier releases of Cisco Enterprise NFV Infrastructure Software (NFVIS) when access to the SCP server is allowed on the affected device. Cisco NFVIS Releases 3.5.x and 3.6.x do allow access to the SCP server by default, while Cisco NFVIS Release 3.7.1 does not. Cisco Bug IDs: CSCvh25026." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Enterprise NFV Infrastructure Software", + "version": { + "version_data": [ + { + "version_value": "Cisco Enterprise NFV Infrastructure Software" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis" - }, - { - "name" : "104243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104243" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Secure Copy Protocol (SCP) server of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation of command arguments. An attacker could exploit this vulnerability by using crafted arguments when opening a connection to the affected device. An exploit could allow the attacker to gain shell access with a non-root user account to the underlying Linux operating system on the affected device. Due to the system design, access to the Linux shell could allow execution of additional attacks that may have a significant impact on the affected system. This vulnerability affects Cisco devices that are running release 3.7.1, 3.6.3, or earlier releases of Cisco Enterprise NFV Infrastructure Software (NFVIS) when access to the SCP server is allowed on the affected device. Cisco NFVIS Releases 3.5.x and 3.6.x do allow access to the SCP server by default, while Cisco NFVIS Release 3.7.1 does not. Cisco Bug IDs: CSCvh25026." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis" + }, + { + "name": "104243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104243" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0341.json b/2018/0xxx/CVE-2018-0341.json index 07c3197cfef..ec68ee912a8 100644 --- a/2018/0xxx/CVE-2018-0341.json +++ b/2018/0xxx/CVE-2018-0341.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IP Phone 6800, 7800, and 8800 unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IP Phone 6800, 7800, and 8800 unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including arbitrary shell commands in a specific user input field. Cisco Bug IDs: CSCvi51426." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-77" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IP Phone 6800, 7800, and 8800 unknown", + "version": { + "version_data": [ + { + "version_value": "Cisco IP Phone 6800, 7800, and 8800 unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-phone-webui-inject", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-phone-webui-inject" - }, - { - "name" : "104731", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104731" - }, - { - "name" : "1041285", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including arbitrary shell commands in a specific user input field. Cisco Bug IDs: CSCvi51426." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-phone-webui-inject", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-phone-webui-inject" + }, + { + "name": "104731", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104731" + }, + { + "name": "1041285", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041285" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0937.json b/2018/0xxx/CVE-2018-0937.json index 9c9f69b4167..e2ed93b671a 100644 --- a/2018/0xxx/CVE-2018-0937.json +++ b/2018/0xxx/CVE-2018-0937.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-03-14T00:00:00", - "ID" : "CVE-2018-0937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ChakraCore, Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore, and Microsoft Windows 10 1703 and 1709." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ChakraCore and Microsoft Windows 10 1703 and 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka \"Chakra Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, and CVE-2018-0936." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-03-14T00:00:00", + "ID": "CVE-2018-0937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore, Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "ChakraCore, and Microsoft Windows 10 1703 and 1709." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0937", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0937" - }, - { - "name" : "103271", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103271" - }, - { - "name" : "1040507", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040507" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ChakraCore and Microsoft Windows 10 1703 and 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka \"Chakra Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, and CVE-2018-0936." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103271", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103271" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0937", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0937" + }, + { + "name": "1040507", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040507" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000036.json b/2018/1000xxx/CVE-2018-1000036.json index 95a54274af9..645d7043eb9 100644 --- a/2018/1000xxx/CVE-2018-1000036.json +++ b/2018/1000xxx/CVE-2018-1000036.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-05-18T21:46:02.309588", - "DATE_REQUESTED" : "2018-02-02T00:00:00", - "ID" : "CVE-2018-1000036", - "REQUESTER" : "jonathan@titanous.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MuPDF", - "version" : { - "version_data" : [ - { - "version_value" : "1.12.0" - } - ] - } - } - ] - }, - "vendor_name" : "Artifex Software, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-401" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-05-18T21:46:02.309588", + "DATE_REQUESTED": "2018-02-02T00:00:00", + "ID": "CVE-2018-1000036", + "REQUESTER": "jonathan@titanous.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5502", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5502" - }, - { - "name" : "GLSA-201811-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-15" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5502", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5502" + }, + { + "name": "GLSA-201811-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-15" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000544.json b/2018/1000xxx/CVE-2018-1000544.json index 78e3ee20dec..245048c500c 100644 --- a/2018/1000xxx/CVE-2018-1000544.json +++ b/2018/1000xxx/CVE-2018-1000544.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-06-23T11:22:33.063397", - "DATE_REQUESTED" : "2018-06-15T12:03:17", - "ID" : "CVE-2018-1000544", - "REQUESTER" : "tuzovakaoff@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "rubyzip", - "version" : { - "version_data" : [ - { - "version_value" : "1.2.1 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "rubyzip gem" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames \"../\" to write arbitrary files to the filesystem.." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory Traversal" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-06-23T11:22:33.063397", + "DATE_REQUESTED": "2018-06-15T12:03:17", + "ID": "CVE-2018-1000544", + "REQUESTER": "tuzovakaoff@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180815 [SECURITY] [DLA 1467-1] ruby-zip security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00013.html" - }, - { - "name" : "https://github.com/rubyzip/rubyzip/issues/369", - "refsource" : "MISC", - "url" : "https://github.com/rubyzip/rubyzip/issues/369" - }, - { - "name" : "RHSA-2018:3466", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3466" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames \"../\" to write arbitrary files to the filesystem.." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rubyzip/rubyzip/issues/369", + "refsource": "MISC", + "url": "https://github.com/rubyzip/rubyzip/issues/369" + }, + { + "name": "RHSA-2018:3466", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3466" + }, + { + "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1467-1] ruby-zip security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00013.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12126.json b/2018/12xxx/CVE-2018-12126.json index f9198dbc70a..3996e3462d8 100644 --- a/2018/12xxx/CVE-2018-12126.json +++ b/2018/12xxx/CVE-2018-12126.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12126", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12126", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12406.json b/2018/12xxx/CVE-2018-12406.json index 6129962e6cb..b9c138f3c0d 100644 --- a/2018/12xxx/CVE-2018-12406.json +++ b/2018/12xxx/CVE-2018-12406.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-12406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "64" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla developers and community members reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 64." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory safety bugs fixed in Firefox 64" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-12406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "64" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1456947%2C1475669%2C1504816%2C1502886%2C1500064%2C1500310%2C1500696%2C1499198%2C1434490%2C1481745%2C1458129", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1456947%2C1475669%2C1504816%2C1502886%2C1500064%2C1500310%2C1500696%2C1499198%2C1434490%2C1481745%2C1458129" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-29/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-29/" - }, - { - "name" : "USN-3844-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3844-1/" - }, - { - "name" : "106167", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106167" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla developers and community members reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 64." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 64" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-29/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-29/" + }, + { + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1456947%2C1475669%2C1504816%2C1502886%2C1500064%2C1500310%2C1500696%2C1499198%2C1434490%2C1481745%2C1458129", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1456947%2C1475669%2C1504816%2C1502886%2C1500064%2C1500310%2C1500696%2C1499198%2C1434490%2C1481745%2C1458129" + }, + { + "name": "USN-3844-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3844-1/" + }, + { + "name": "106167", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106167" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12499.json b/2018/12xxx/CVE-2018-12499.json index 54c51840197..eddaf16a6c9 100644 --- a/2018/12xxx/CVE-2018-12499.json +++ b/2018/12xxx/CVE-2018-12499.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Motorola MBP853 firmware does not correctly validate server certificates. This allows for a Man in The Middle (MiTM) attack to take place between a Motorola MBP853 camera and the servers it communicates with. In one such instance, it was identified that the device was downloading what appeared to be a client certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.sean-wright.com/cve-2018-12499/", - "refsource" : "MISC", - "url" : "https://blog.sean-wright.com/cve-2018-12499/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Motorola MBP853 firmware does not correctly validate server certificates. This allows for a Man in The Middle (MiTM) attack to take place between a Motorola MBP853 camera and the servers it communicates with. In one such instance, it was identified that the device was downloading what appeared to be a client certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.sean-wright.com/cve-2018-12499/", + "refsource": "MISC", + "url": "https://blog.sean-wright.com/cve-2018-12499/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12520.json b/2018/12xxx/CVE-2018-12520.json index d25653a7366..1463ec41e6f 100644 --- a/2018/12xxx/CVE-2018-12520.json +++ b/2018/12xxx/CVE-2018-12520.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12520", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard library in use by the host running the service and the username of the user whose session they're targeting can abuse the deterministic random number generation in order to hijack the user's session, thus escalating their access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12520", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44973", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44973/" - }, - { - "name" : "20180702 ntop-ng < 3.4.180617 - Authentication bypass / session hijacking", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Jul/14" - }, - { - "name" : "https://gist.github.com/Psychotropos/3e8c047cada9b1fb716e6a014a428b7f", - "refsource" : "MISC", - "url" : "https://gist.github.com/Psychotropos/3e8c047cada9b1fb716e6a014a428b7f" - }, - { - "name" : "https://github.com/ntop/ntopng/commit/30610bda60cbfc058f90a1c0a17d0e8f4516221a", - "refsource" : "CONFIRM", - "url" : "https://github.com/ntop/ntopng/commit/30610bda60cbfc058f90a1c0a17d0e8f4516221a" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard library in use by the host running the service and the username of the user whose session they're targeting can abuse the deterministic random number generation in order to hijack the user's session, thus escalating their access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ntop/ntopng/commit/30610bda60cbfc058f90a1c0a17d0e8f4516221a", + "refsource": "CONFIRM", + "url": "https://github.com/ntop/ntopng/commit/30610bda60cbfc058f90a1c0a17d0e8f4516221a" + }, + { + "name": "44973", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44973/" + }, + { + "name": "20180702 ntop-ng < 3.4.180617 - Authentication bypass / session hijacking", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Jul/14" + }, + { + "name": "https://gist.github.com/Psychotropos/3e8c047cada9b1fb716e6a014a428b7f", + "refsource": "MISC", + "url": "https://gist.github.com/Psychotropos/3e8c047cada9b1fb716e6a014a428b7f" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12874.json b/2018/12xxx/CVE-2018-12874.json index 42dbe4dd689..366f1b9edcb 100644 --- a/2018/12xxx/CVE-2018-12874.json +++ b/2018/12xxx/CVE-2018-12874.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" - }, - { - "name" : "105439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105439" - }, - { - "name" : "1041809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041809" + }, + { + "name": "105439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105439" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16303.json b/2018/16xxx/CVE-2018-16303.json index b94e0bfd053..c73f242fb27 100644 --- a/2018/16xxx/CVE-2018-16303.json +++ b/2018/16xxx/CVE-2018-16303.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://forum.tracker-software.com/viewtopic.php?f=62&t=31419", - "refsource" : "MISC", - "url" : "https://forum.tracker-software.com/viewtopic.php?f=62&t=31419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://forum.tracker-software.com/viewtopic.php?f=62&t=31419", + "refsource": "MISC", + "url": "https://forum.tracker-software.com/viewtopic.php?f=62&t=31419" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16993.json b/2018/16xxx/CVE-2018-16993.json index d448dd8d002..9d029ceb3b5 100644 --- a/2018/16xxx/CVE-2018-16993.json +++ b/2018/16xxx/CVE-2018-16993.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16993", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16993", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4317.json b/2018/4xxx/CVE-2018-4317.json index 737197c4372..9543ba06fbf 100644 --- a/2018/4xxx/CVE-2018-4317.json +++ b/2018/4xxx/CVE-2018-4317.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4317", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4317", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4600.json b/2018/4xxx/CVE-2018-4600.json index e7b5473c62e..06711dcb36e 100644 --- a/2018/4xxx/CVE-2018-4600.json +++ b/2018/4xxx/CVE-2018-4600.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4600", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4600", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4934.json b/2018/4xxx/CVE-2018-4934.json index b85c1830dad..4d4395c0665 100644 --- a/2018/4xxx/CVE-2018-4934.json +++ b/2018/4xxx/CVE-2018-4934.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 29.0.0.113 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 29.0.0.113 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 29.0.0.113 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 29.0.0.113 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44528", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44528/" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb18-08.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb18-08.html" - }, - { - "name" : "GLSA-201804-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201804-11" - }, - { - "name" : "RHSA-2018:1119", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1119" - }, - { - "name" : "103708", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103708" - }, - { - "name" : "1040648", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103708", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103708" + }, + { + "name": "RHSA-2018:1119", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1119" + }, + { + "name": "1040648", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040648" + }, + { + "name": "GLSA-201804-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201804-11" + }, + { + "name": "44528", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44528/" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb18-08.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-08.html" + } + ] + } +} \ No newline at end of file