From d6defedb591b32821c272d074542ad6f29cd334c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:34:24 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2008/0xxx/CVE-2008-0280.json | 170 +++++++++--------- 2008/0xxx/CVE-2008-0939.json | 200 ++++++++++----------- 2008/0xxx/CVE-2008-0953.json | 210 +++++++++++----------- 2008/1xxx/CVE-2008-1572.json | 190 ++++++++++---------- 2008/3xxx/CVE-2008-3776.json | 150 ++++++++-------- 2008/4xxx/CVE-2008-4649.json | 140 +++++++-------- 2008/4xxx/CVE-2008-4816.json | 170 +++++++++--------- 2013/2xxx/CVE-2013-2364.json | 130 +++++++------- 2013/2xxx/CVE-2013-2423.json | 270 ++++++++++++++--------------- 2013/2xxx/CVE-2013-2746.json | 34 ++-- 2013/3xxx/CVE-2013-3501.json | 150 ++++++++-------- 2013/3xxx/CVE-2013-3637.json | 34 ++-- 2013/6xxx/CVE-2013-6041.json | 130 +++++++------- 2013/6xxx/CVE-2013-6127.json | 130 +++++++------- 2013/6xxx/CVE-2013-6161.json | 34 ++-- 2013/6xxx/CVE-2013-6179.json | 34 ++-- 2013/6xxx/CVE-2013-6472.json | 120 ++++++------- 2013/7xxx/CVE-2013-7014.json | 190 ++++++++++---------- 2013/7xxx/CVE-2013-7157.json | 34 ++-- 2013/7xxx/CVE-2013-7308.json | 130 +++++++------- 2017/10xxx/CVE-2017-10006.json | 166 +++++++++--------- 2017/10xxx/CVE-2017-10535.json | 34 ++-- 2017/14xxx/CVE-2017-14139.json | 130 +++++++------- 2017/14xxx/CVE-2017-14236.json | 34 ++-- 2017/14xxx/CVE-2017-14978.json | 34 ++-- 2017/17xxx/CVE-2017-17513.json | 120 ++++++------- 2017/17xxx/CVE-2017-17575.json | 130 +++++++------- 2017/17xxx/CVE-2017-17757.json | 120 ++++++------- 2017/9xxx/CVE-2017-9186.json | 120 ++++++------- 2017/9xxx/CVE-2017-9509.json | 122 ++++++------- 2017/9xxx/CVE-2017-9742.json | 150 ++++++++-------- 2018/0xxx/CVE-2018-0344.json | 130 +++++++------- 2018/0xxx/CVE-2018-0527.json | 130 +++++++------- 2018/0xxx/CVE-2018-0956.json | 234 ++++++++++++------------- 2018/1000xxx/CVE-2018-1000189.json | 126 +++++++------- 2018/1000xxx/CVE-2018-1000811.json | 136 +++++++-------- 2018/1000xxx/CVE-2018-1000836.json | 136 +++++++-------- 2018/19xxx/CVE-2018-19341.json | 130 +++++++------- 2018/19xxx/CVE-2018-19692.json | 120 ++++++------- 2018/19xxx/CVE-2018-19735.json | 34 ++-- 2018/19xxx/CVE-2018-19908.json | 140 +++++++-------- 2018/19xxx/CVE-2018-19931.json | 150 ++++++++-------- 2018/1xxx/CVE-2018-1242.json | 156 ++++++++--------- 2018/1xxx/CVE-2018-1763.json | 226 ++++++++++++------------ 2018/1xxx/CVE-2018-1941.json | 178 +++++++++---------- 2018/4xxx/CVE-2018-4607.json | 34 ++-- 2018/4xxx/CVE-2018-4833.json | 180 +++++++++---------- 2018/4xxx/CVE-2018-4850.json | 154 ++++++++-------- 2018/4xxx/CVE-2018-4910.json | 140 +++++++-------- 49 files changed, 3172 insertions(+), 3172 deletions(-) diff --git a/2008/0xxx/CVE-2008-0280.json b/2008/0xxx/CVE-2008-0280.json index 47335ec4370..3020507074a 100644 --- a/2008/0xxx/CVE-2008-0280.json +++ b/2008/0xxx/CVE-2008-0280.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the (1) a or (2) cid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080110 MTCMS <=2.0 SQL Injection Vulnerbility", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/486090/100/0/threaded" - }, - { - "name" : "4882", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4882" - }, - { - "name" : "27224", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27224" - }, - { - "name" : "28428", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28428" - }, - { - "name" : "3544", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3544" - }, - { - "name" : "mtcms-a-sql-injection(39597)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the (1) a or (2) cid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28428", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28428" + }, + { + "name": "mtcms-a-sql-injection(39597)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39597" + }, + { + "name": "3544", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3544" + }, + { + "name": "27224", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27224" + }, + { + "name": "4882", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4882" + }, + { + "name": "20080110 MTCMS <=2.0 SQL Injection Vulnerbility", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/486090/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0939.json b/2008/0xxx/CVE-2008-0939.json index 5b7fc54b2fb..2b583f34b95 100644 --- a/2008/0xxx/CVE-2008-0939.json +++ b/2008/0xxx/CVE-2008-0939.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0939", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080216 WordPress album PHOTO SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488290" - }, - { - "name" : "5135", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5135" - }, - { - "name" : "http://weblogtoolscollection.com/archives/2008/02/21/photo-album-plugin-vulnerabilities/", - "refsource" : "MISC", - "url" : "http://weblogtoolscollection.com/archives/2008/02/21/photo-album-plugin-vulnerabilities/" - }, - { - "name" : "http://me.mywebsight.ws/web/wppa/", - "refsource" : "CONFIRM", - "url" : "http://me.mywebsight.ws/web/wppa/" - }, - { - "name" : "27832", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27832" - }, - { - "name" : "ADV-2008-0586", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0586" - }, - { - "name" : "28988", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28988" - }, - { - "name" : "3693", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3693" - }, - { - "name" : "photoalbum-index-sql-injection(40599)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40599" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0586", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0586" + }, + { + "name": "3693", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3693" + }, + { + "name": "20080216 WordPress album PHOTO SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488290" + }, + { + "name": "27832", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27832" + }, + { + "name": "photoalbum-index-sql-injection(40599)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40599" + }, + { + "name": "5135", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5135" + }, + { + "name": "http://weblogtoolscollection.com/archives/2008/02/21/photo-album-plugin-vulnerabilities/", + "refsource": "MISC", + "url": "http://weblogtoolscollection.com/archives/2008/02/21/photo-album-plugin-vulnerabilities/" + }, + { + "name": "http://me.mywebsight.ws/web/wppa/", + "refsource": "CONFIRM", + "url": "http://me.mywebsight.ws/web/wppa/" + }, + { + "name": "28988", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28988" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0953.json b/2008/0xxx/CVE-2008-0953.json index 5c211676f17..ae09a182434 100644 --- a/2008/0xxx/CVE-2008-0953.json +++ b/2008/0xxx/CVE-2008-0953.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The StartApp function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary programs via a .exe filename in the argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2008-0953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.csis.dk/dk/forside/CSIS-RI-0003.pdf", - "refsource" : "MISC", - "url" : "http://www.csis.dk/dk/forside/CSIS-RI-0003.pdf" - }, - { - "name" : "HPSBMA02326", - "refsource" : "HP", - "url" : "http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264" - }, - { - "name" : "SSRT071490", - "refsource" : "HP", - "url" : "http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264" - }, - { - "name" : "VU#998779", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/998779" - }, - { - "name" : "29526", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29526" - }, - { - "name" : "29533", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29533" - }, - { - "name" : "ADV-2008-1740", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1740/references" - }, - { - "name" : "1020165", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020165" - }, - { - "name" : "30516", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30516" - }, - { - "name" : "hp-instantsupport-startapp-code-execution(42851)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The StartApp function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary programs via a .exe filename in the argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30516", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30516" + }, + { + "name": "HPSBMA02326", + "refsource": "HP", + "url": "http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264" + }, + { + "name": "29533", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29533" + }, + { + "name": "29526", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29526" + }, + { + "name": "ADV-2008-1740", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1740/references" + }, + { + "name": "http://www.csis.dk/dk/forside/CSIS-RI-0003.pdf", + "refsource": "MISC", + "url": "http://www.csis.dk/dk/forside/CSIS-RI-0003.pdf" + }, + { + "name": "VU#998779", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/998779" + }, + { + "name": "hp-instantsupport-startapp-code-execution(42851)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42851" + }, + { + "name": "1020165", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020165" + }, + { + "name": "SSRT071490", + "refsource": "HP", + "url": "http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1572.json b/2008/1xxx/CVE-2008-1572.json index 07b0c91e6e4..b5a7a8cff84 100644 --- a/2008/1xxx/CVE-2008-1572.json +++ b/2008/1xxx/CVE-2008-1572.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1572", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2008-05-28", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" - }, - { - "name" : "TA08-150A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" - }, - { - "name" : "29412", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29412" - }, - { - "name" : "29521", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29521" - }, - { - "name" : "ADV-2008-1697", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1697" - }, - { - "name" : "1020141", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020141" - }, - { - "name" : "30430", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30430" - }, - { - "name" : "macosx-imagecapture-symlink(42719)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42719" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1020141", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020141" + }, + { + "name": "macosx-imagecapture-symlink(42719)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42719" + }, + { + "name": "TA08-150A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" + }, + { + "name": "30430", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30430" + }, + { + "name": "APPLE-SA-2008-05-28", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" + }, + { + "name": "ADV-2008-1697", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1697" + }, + { + "name": "29521", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29521" + }, + { + "name": "29412", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29412" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3776.json b/2008/3xxx/CVE-2008-3776.json index f3e028e0221..b5beb96a800 100644 --- a/2008/3xxx/CVE-2008-3776.json +++ b/2008/3xxx/CVE-2008-3776.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080821 Fujitsu Web-Based Admin View Directory Traversal Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2008/Aug/0411.html" - }, - { - "name" : "30780", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30780" - }, - { - "name" : "1020726", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020726" - }, - { - "name" : "fujitsu-webbasedadminview-dir-traversal(44602)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30780", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30780" + }, + { + "name": "fujitsu-webbasedadminview-dir-traversal(44602)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44602" + }, + { + "name": "20080821 Fujitsu Web-Based Admin View Directory Traversal Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2008/Aug/0411.html" + }, + { + "name": "1020726", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020726" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4649.json b/2008/4xxx/CVE-2008-4649.json index 08912ab94ec..7adc5e5a6fb 100644 --- a/2008/4xxx/CVE-2008-4649.json +++ b/2008/4xxx/CVE-2008-4649.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0810-exploits/elxis-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0810-exploits/elxis-xss.txt" - }, - { - "name" : "31764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31764" - }, - { - "name" : "elxis-phpsessid-session-hijacking(45868)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45868" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "elxis-phpsessid-session-hijacking(45868)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45868" + }, + { + "name": "http://packetstormsecurity.org/0810-exploits/elxis-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0810-exploits/elxis-xss.txt" + }, + { + "name": "31764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31764" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4816.json b/2008/4xxx/CVE-2008-4816.json index 8bda6b51792..701bddbdbed 100644 --- a/2008/4xxx/CVE-2008-4816.json +++ b/2008/4xxx/CVE-2008-4816.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Download Manager in Adobe Reader 8.1.2 and earlier on Windows allows remote attackers to change Internet Security options on a client machine via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb08-19.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb08-19.html" - }, - { - "name" : "SUSE-SR:2008:026", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html" - }, - { - "name" : "TA08-309A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-309A.html" - }, - { - "name" : "1021140", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021140" - }, - { - "name" : "ADV-2008-3001", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3001" - }, - { - "name" : "32872", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32872" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Download Manager in Adobe Reader 8.1.2 and earlier on Windows allows remote attackers to change Internet Security options on a client machine via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32872", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32872" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb08-19.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb08-19.html" + }, + { + "name": "TA08-309A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-309A.html" + }, + { + "name": "1021140", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021140" + }, + { + "name": "ADV-2008-3001", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3001" + }, + { + "name": "SUSE-SR:2008:026", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2364.json b/2013/2xxx/CVE-2013-2364.json index df9b52e0a86..13c6294271a 100644 --- a/2013/2xxx/CVE-2013-2364.json +++ b/2013/2xxx/CVE-2013-2364.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-2364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02900", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" - }, - { - "name" : "SSRT101151", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101151", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" + }, + { + "name": "HPSBMU02900", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2423.json b/2013/2xxx/CVE-2013-2423.json index f5cc7b21c43..28fd7af025a 100644 --- a/2013/2xxx/CVE-2013-2423.json +++ b/2013/2xxx/CVE-2013-2423.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-2423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "24976", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/24976" - }, - { - "name" : "http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html", - "refsource" : "MISC", - "url" : "http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html" - }, - { - "name" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f", - "refsource" : "MISC", - "url" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f" - }, - { - "name" : "http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0", - "refsource" : "MISC", - "url" : "http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=952398", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=952398" - }, - { - "name" : "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/", - "refsource" : "CONFIRM", - "url" : "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "MDVSA-2013:161", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161" - }, - { - "name" : "RHSA-2013:0752", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0752.html" - }, - { - "name" : "RHSA-2013:0757", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0757.html" - }, - { - "name" : "openSUSE-SU-2013:0964", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html" - }, - { - "name" : "USN-1806-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1806-1" - }, - { - "name" : "TA13-107A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-107A" - }, - { - "name" : "oval:org.mitre.oval:def:16700", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16700" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0", + "refsource": "MISC", + "url": "http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0" + }, + { + "name": "TA13-107A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-107A" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130" + }, + { + "name": "RHSA-2013:0757", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html" + }, + { + "name": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f", + "refsource": "MISC", + "url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f" + }, + { + "name": "24976", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/24976" + }, + { + "name": "MDVSA-2013:161", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161" + }, + { + "name": "openSUSE-SU-2013:0964", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html" + }, + { + "name": "RHSA-2013:0752", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0752.html" + }, + { + "name": "USN-1806-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1806-1" + }, + { + "name": "http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html", + "refsource": "MISC", + "url": "http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=952398", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952398" + }, + { + "name": "oval:org.mitre.oval:def:16700", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16700" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" + }, + { + "name": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/", + "refsource": "CONFIRM", + "url": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2746.json b/2013/2xxx/CVE-2013-2746.json index d2af157e75d..6707ea7aa6e 100644 --- a/2013/2xxx/CVE-2013-2746.json +++ b/2013/2xxx/CVE-2013-2746.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2746", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2746", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3501.json b/2013/3xxx/CVE-2013-3501.json index af53de847aa..2bd9d8a964f 100644 --- a/2013/3xxx/CVE-2013-3501.json +++ b/2013/3xxx/CVE-2013-3501.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the foundation-webapp/admin/ directory, (2) the NeDi component, or (3) the Noma component." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls", - "refsource" : "MISC", - "url" : "https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-0_GroundWork_Monitoring_Multiple_critical_vulnerabilities_wo_poc_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-0_GroundWork_Monitoring_Multiple_critical_vulnerabilities_wo_poc_v10.txt" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-1_GroundWork_Monitoring_Multiple_high_risk_vulnerabilities_part2_wo_poc_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-1_GroundWork_Monitoring_Multiple_high_risk_vulnerabilities_part2_wo_poc_v10.txt" - }, - { - "name" : "VU#345260", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/345260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the foundation-webapp/admin/ directory, (2) the NeDi component, or (3) the Noma component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls", + "refsource": "MISC", + "url": "https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-1_GroundWork_Monitoring_Multiple_high_risk_vulnerabilities_part2_wo_poc_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-1_GroundWork_Monitoring_Multiple_high_risk_vulnerabilities_part2_wo_poc_v10.txt" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-0_GroundWork_Monitoring_Multiple_critical_vulnerabilities_wo_poc_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-0_GroundWork_Monitoring_Multiple_critical_vulnerabilities_wo_poc_v10.txt" + }, + { + "name": "VU#345260", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/345260" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3637.json b/2013/3xxx/CVE-2013-3637.json index b4e6b3d8e5f..59e93c47f04 100644 --- a/2013/3xxx/CVE-2013-3637.json +++ b/2013/3xxx/CVE-2013-3637.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3637", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3637", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6041.json b/2013/6xxx/CVE-2013-6041.json index 7a92c433e3f..bc556f42a02 100644 --- a/2013/6xxx/CVE-2013-6041.json +++ b/2013/6xxx/CVE-2013-6041.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://web.archive.org/web/20140126212101/http://www.baesystemsdetica.com.au/Research/Advisories/Webuzo-Multiple-Vulnerabilities-(DS-2013-007)", - "refsource" : "MISC", - "url" : "https://web.archive.org/web/20140126212101/http://www.baesystemsdetica.com.au/Research/Advisories/Webuzo-Multiple-Vulnerabilities-(DS-2013-007)" - }, - { - "name" : "http://www.softaculous.com/board/index.php?tid=4526&title=Webuzo_2.1.4_Launched", - "refsource" : "CONFIRM", - "url" : "http://www.softaculous.com/board/index.php?tid=4526&title=Webuzo_2.1.4_Launched" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://web.archive.org/web/20140126212101/http://www.baesystemsdetica.com.au/Research/Advisories/Webuzo-Multiple-Vulnerabilities-(DS-2013-007)", + "refsource": "MISC", + "url": "https://web.archive.org/web/20140126212101/http://www.baesystemsdetica.com.au/Research/Advisories/Webuzo-Multiple-Vulnerabilities-(DS-2013-007)" + }, + { + "name": "http://www.softaculous.com/board/index.php?tid=4526&title=Webuzo_2.1.4_Launched", + "refsource": "CONFIRM", + "url": "http://www.softaculous.com/board/index.php?tid=4526&title=Webuzo_2.1.4_Launched" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6127.json b/2013/6xxx/CVE-2013-6127.json index 3b65a8ecc5d..c8c9b522215 100644 --- a/2013/6xxx/CVE-2013-6127.json +++ b/2013/6xxx/CVE-2013-6127.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the two pathname arguments, as demonstrated by a directory traversal attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2013-6127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "28084", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/28084/" - }, - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-295-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-295-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the two pathname arguments, as demonstrated by a directory traversal attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28084", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/28084/" + }, + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-295-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-295-01" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6161.json b/2013/6xxx/CVE-2013-6161.json index 89ac3f68524..9a0b0bb15c4 100644 --- a/2013/6xxx/CVE-2013-6161.json +++ b/2013/6xxx/CVE-2013-6161.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6161", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6161", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6179.json b/2013/6xxx/CVE-2013-6179.json index 74c9ce74c4c..4188159bb4e 100644 --- a/2013/6xxx/CVE-2013-6179.json +++ b/2013/6xxx/CVE-2013-6179.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6179", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6179", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6472.json b/2013/6xxx/CVE-2013-6472.json index 4e3142efe21..6356aa3846b 100644 --- a/2013/6xxx/CVE-2013-6472.json +++ b/2013/6xxx/CVE-2013-6472.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6472", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6472", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10", - "refsource" : "MLIST", - "url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10", + "refsource": "MLIST", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7014.json b/2013/7xxx/CVE-2013-7014.json index 09bae4150e7..81613183709 100644 --- a/2013/7xxx/CVE-2013-7014.json +++ b/2013/7xxx/CVE-2013-7014.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in the add_bytes_l2_c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted PNG data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/11/26/7" - }, - { - "name" : "[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/12/08/3" - }, - { - "name" : "http://ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/security.html" - }, - { - "name" : "https://github.com/FFmpeg/FFmpeg/commit/86736f59d6a527d8bc807d09b93f971c0fe0bb07", - "refsource" : "CONFIRM", - "url" : "https://github.com/FFmpeg/FFmpeg/commit/86736f59d6a527d8bc807d09b93f971c0fe0bb07" - }, - { - "name" : "https://trac.ffmpeg.org/ticket/2919", - "refsource" : "CONFIRM", - "url" : "https://trac.ffmpeg.org/ticket/2919" - }, - { - "name" : "http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v9.11", - "refsource" : "CONFIRM", - "url" : "http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v9.11" - }, - { - "name" : "DSA-2855", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2855" - }, - { - "name" : "GLSA-201603-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-06" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in the add_bytes_l2_c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted PNG data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2855", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2855" + }, + { + "name": "GLSA-201603-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-06" + }, + { + "name": "https://github.com/FFmpeg/FFmpeg/commit/86736f59d6a527d8bc807d09b93f971c0fe0bb07", + "refsource": "CONFIRM", + "url": "https://github.com/FFmpeg/FFmpeg/commit/86736f59d6a527d8bc807d09b93f971c0fe0bb07" + }, + { + "name": "http://ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/security.html" + }, + { + "name": "[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/12/08/3" + }, + { + "name": "https://trac.ffmpeg.org/ticket/2919", + "refsource": "CONFIRM", + "url": "https://trac.ffmpeg.org/ticket/2919" + }, + { + "name": "http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v9.11", + "refsource": "CONFIRM", + "url": "http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v9.11" + }, + { + "name": "[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/11/26/7" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7157.json b/2013/7xxx/CVE-2013-7157.json index c6000e65430..53b3823b3d2 100644 --- a/2013/7xxx/CVE-2013-7157.json +++ b/2013/7xxx/CVE-2013-7157.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7157", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7157", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7308.json b/2013/7xxx/CVE-2013-7308.json index 1a2f22333a9..5243cbda4db 100644 --- a/2013/7xxx/CVE-2013-7308.json +++ b/2013/7xxx/CVE-2013-7308.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7308", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OSPF implementation on the D-Link DES-3810-28 switch with firmware R2.20.B017 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7308", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/BLUU-985QRV", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/BLUU-985QRV" - }, - { - "name" : "VU#229804", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/229804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OSPF implementation on the D-Link DES-3810-28 switch with firmware R2.20.B017 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kb.cert.org/vuls/id/BLUU-985QRV", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/BLUU-985QRV" + }, + { + "name": "VU#229804", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/229804" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10006.json b/2017/10xxx/CVE-2017-10006.json index 96efc71fa2f..12ee2fd0728 100644 --- a/2017/10xxx/CVE-2017-10006.json +++ b/2017/10xxx/CVE-2017-10006.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Private Banking", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "2.0.0" - }, - { - "version_affected" : "=", - "version_value" : "2.0.1" - }, - { - "version_affected" : "=", - "version_value" : "2.2.0" - }, - { - "version_affected" : "=", - "version_value" : "12.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Private Banking accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Private Banking accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Private Banking", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.0" + }, + { + "version_affected": "=", + "version_value": "2.0.1" + }, + { + "version_affected": "=", + "version_value": "2.2.0" + }, + { + "version_affected": "=", + "version_value": "12.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99716", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99716" - }, - { - "name" : "1038934", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038934" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Private Banking accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Private Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038934", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038934" + }, + { + "name": "99716", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99716" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10535.json b/2017/10xxx/CVE-2017-10535.json index 8fff82146eb..e71995b4dbd 100644 --- a/2017/10xxx/CVE-2017-10535.json +++ b/2017/10xxx/CVE-2017-10535.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10535", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10535", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14139.json b/2017/14xxx/CVE-2017-14139.json index c417f4263f0..f9178d1cff0 100644 --- a/2017/14xxx/CVE-2017-14139.json +++ b/2017/14xxx/CVE-2017-14139.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/578", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/578" - }, - { - "name" : "GLSA-201711-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201711-07" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201711-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201711-07" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/578", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/578" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14236.json b/2017/14xxx/CVE-2017-14236.json index ec29c09126e..5e42ffd716a 100644 --- a/2017/14xxx/CVE-2017-14236.json +++ b/2017/14xxx/CVE-2017-14236.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14236", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14236", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14978.json b/2017/14xxx/CVE-2017-14978.json index ad8c6df2271..d868aab0aa1 100644 --- a/2017/14xxx/CVE-2017-14978.json +++ b/2017/14xxx/CVE-2017-14978.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14978", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14978", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17513.json b/2017/17xxx/CVE-2017-17513.json index 8ed5df80a5e..7746c85a6d8 100644 --- a/2017/17xxx/CVE-2017-17513.json +++ b/2017/17xxx/CVE-2017-17513.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security-tracker.debian.org/tracker/CVE-2017-17513", - "refsource" : "MISC", - "url" : "https://security-tracker.debian.org/tracker/CVE-2017-17513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security-tracker.debian.org/tracker/CVE-2017-17513", + "refsource": "MISC", + "url": "https://security-tracker.debian.org/tracker/CVE-2017-17513" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17575.json b/2017/17xxx/CVE-2017-17575.json index 6c1b1c5e898..5a08049ad07 100644 --- a/2017/17xxx/CVE-2017-17575.json +++ b/2017/17xxx/CVE-2017-17575.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43253", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43253/" - }, - { - "name" : "https://packetstormsecurity.com/files/145315/FS-Groupon-Clone-1.0-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/145315/FS-Groupon-Clone-1.0-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/145315/FS-Groupon-Clone-1.0-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/145315/FS-Groupon-Clone-1.0-SQL-Injection.html" + }, + { + "name": "43253", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43253/" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17757.json b/2017/17xxx/CVE-2017-17757.json index 668141a7fef..1813b486c54 100644 --- a/2017/17xxx/CVE-2017-17757.json +++ b/2017/17xxx/CVE-2017-17757.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LUCI_Wechat_Authenticated_RCE_Record.txt", - "refsource" : "MISC", - "url" : "https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LUCI_Wechat_Authenticated_RCE_Record.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LUCI_Wechat_Authenticated_RCE_Record.txt", + "refsource": "MISC", + "url": "https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LUCI_Wechat_Authenticated_RCE_Record.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9186.json b/2017/9xxx/CVE-2017-9186.json index 3fd47c6678b..f2aae13f89f 100644 --- a/2017/9xxx/CVE-2017-9186.json +++ b/2017/9xxx/CVE-2017-9186.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libautotrace.a in AutoTrace 0.31.1 has a \"cannot be represented in type int\" issue in input-bmp.c:326:17." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libautotrace.a in AutoTrace 0.31.1 has a \"cannot be represented in type int\" issue in input-bmp.c:326:17." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9509.json b/2017/9xxx/CVE-2017-9509.json index af3675501c5..bbbfa71d492 100644 --- a/2017/9xxx/CVE-2017-9509.json +++ b/2017/9xxx/CVE-2017-9509.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2017-07-17T00:00:00", - "ID" : "CVE-2017-9509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Atlassian Crucible", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version 4.4.1" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2017-07-17T00:00:00", + "ID": "CVE-2017-9509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Atlassian Crucible", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 4.4.1" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/CRUC-8046", - "refsource" : "MISC", - "url" : "https://jira.atlassian.com/browse/CRUC-8046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.atlassian.com/browse/CRUC-8046", + "refsource": "MISC", + "url": "https://jira.atlassian.com/browse/CRUC-8046" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9742.json b/2017/9xxx/CVE-2017-9742.json index 94ad0042a58..3ba6fcc1122 100644 --- a/2017/9xxx/CVE-2017-9742.json +++ b/2017/9xxx/CVE-2017-9742.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9742", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42203", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42203/" - }, - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21576", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21576" - }, - { - "name" : "GLSA-201709-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-02" - }, - { - "name" : "99105", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=21576", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21576" + }, + { + "name": "GLSA-201709-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-02" + }, + { + "name": "99105", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99105" + }, + { + "name": "42203", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42203/" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0344.json b/2018/0xxx/CVE-2018-0344.json index 7e13943ecdd..8b26ed92d3e 100644 --- a/2018/0xxx/CVE-2018-0344.json +++ b/2018/0xxx/CVE-2018-0344.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco SD-WAN Solution unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco SD-WAN Solution unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69974." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-77" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco SD-WAN Solution unknown", + "version": { + "version_data": [ + { + "version_value": "Cisco SD-WAN Solution unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-cmd-inject", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-cmd-inject" - }, - { - "name" : "104868", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104868" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69974." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-cmd-inject", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-cmd-inject" + }, + { + "name": "104868", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104868" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0527.json b/2018/0xxx/CVE-2018-0527.json index 2772d9e228e..7b15c5ac891 100644 --- a/2018/0xxx/CVE-2018-0527.json +++ b/2018/0xxx/CVE-2018-0527.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cybozu Office", - "version" : { - "version_data" : [ - { - "version_value" : "10.0.0 to 10.7.0" - } - ] - } - } - ] - }, - "vendor_name" : "Cybozu, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cybozu Office", + "version": { + "version_data": [ + { + "version_value": "10.0.0 to 10.7.0" + } + ] + } + } + ] + }, + "vendor_name": "Cybozu, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.cybozu.com/ja-jp/article/10029", - "refsource" : "CONFIRM", - "url" : "https://support.cybozu.com/ja-jp/article/10029" - }, - { - "name" : "JVN#51737843", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN51737843/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.cybozu.com/ja-jp/article/10029", + "refsource": "CONFIRM", + "url": "https://support.cybozu.com/ja-jp/article/10029" + }, + { + "name": "JVN#51737843", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN51737843/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0956.json b/2018/0xxx/CVE-2018-0956.json index 1e43c3b0320..7fd16277010 100644 --- a/2018/0xxx/CVE-2018-0956.json +++ b/2018/0xxx/CVE-2018-0956.json @@ -1,119 +1,119 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-0956", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1511 for 32-bit Systems" - }, - { - "version_value" : "Version 1511 for x64-based Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka \"HTTP.sys Denial of Service Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-0956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1511 for 32-bit Systems" + }, + { + "version_value": "Version 1511 for x64-based Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0956", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0956" - }, - { - "name" : "103650", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103650" - }, - { - "name" : "1040661", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka \"HTTP.sys Denial of Service Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0956", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0956" + }, + { + "name": "103650", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103650" + }, + { + "name": "1040661", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040661" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000189.json b/2018/1000xxx/CVE-2018-1000189.json index d6d496b62f4..d265964eb78 100644 --- a/2018/1000xxx/CVE-2018-1000189.json +++ b/2018/1000xxx/CVE-2018-1000189.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-06-05T12:46:01.945520", - "DATE_REQUESTED" : "2018-06-05T00:00:00", - "ID" : "CVE-2018-1000189", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Absint Astrée Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.5 and older" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A command execution vulnerability exists in Jenkins Absint Astree Plugin 1.0.5 and older in AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the Jenkins master." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-285" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-06-05T12:46:01.945520", + "DATE_REQUESTED": "2018-06-05T00:00:00", + "ID": "CVE-2018-1000189", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-807", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A command execution vulnerability exists in Jenkins Absint Astree Plugin 1.0.5 and older in AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the Jenkins master." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-807", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-807" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000811.json b/2018/1000xxx/CVE-2018-1000811.json index 1130f1ad0eb..7a874781ba4 100644 --- a/2018/1000xxx/CVE-2018-1000811.json +++ b/2018/1000xxx/CVE-2018-1000811.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-11-27T13:54:33.452834", - "DATE_REQUESTED" : "2018-10-04T17:36:25", - "ID" : "CVE-2018-1000811", - "REQUESTER" : "bousalman@protonmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "bludit", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "bludit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "\tUnrestricted Upload of File with Dangerous Type" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-11-27T13:54:33.452834", + "DATE_REQUESTED": "2018-10-04T17:36:25", + "ID": "CVE-2018-1000811", + "REQUESTER": "bousalman@protonmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46060", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46060/" - }, - { - "name" : "https://github.com/bludit/bludit/issues/812", - "refsource" : "MISC", - "url" : "https://github.com/bludit/bludit/issues/812" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46060", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46060/" + }, + { + "name": "https://github.com/bludit/bludit/issues/812", + "refsource": "MISC", + "url": "https://github.com/bludit/bludit/issues/812" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000836.json b/2018/1000xxx/CVE-2018-1000836.json index 0c2d678aea8..0e5b78ed80d 100644 --- a/2018/1000xxx/CVE-2018-1000836.json +++ b/2018/1000xxx/CVE-2018-1000836.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-11-27T13:54:33.472275", - "DATE_REQUESTED" : "2018-10-28T04:26:29", - "ID" : "CVE-2018-1000836", - "REQUESTER" : "sajeeb@0dd.zone", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "bw-calendar-engine", - "version" : { - "version_data" : [ - { - "version_value" : "<= bw-calendar-engine-3.12.0 " - } - ] - } - } - ] - }, - "vendor_name" : "bw-calendar-engine" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "bw-calendar-engine version <= bw-calendar-engine-3.12.0 contains a XML External Entity (XXE) vulnerability in IscheduleClient XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the Middle or malicious server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XML External Entity (XXE)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-11-27T13:54:33.472275", + "DATE_REQUESTED": "2018-10-28T04:26:29", + "ID": "CVE-2018-1000836", + "REQUESTER": "sajeeb@0dd.zone", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://0dd.zone/2018/10/28/bw-calendar-engine-XXE-MitM/", - "refsource" : "MISC", - "url" : "https://0dd.zone/2018/10/28/bw-calendar-engine-XXE-MitM/" - }, - { - "name" : "https://github.com/Bedework/bw-calendar-engine/issues/3", - "refsource" : "MISC", - "url" : "https://github.com/Bedework/bw-calendar-engine/issues/3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bw-calendar-engine version <= bw-calendar-engine-3.12.0 contains a XML External Entity (XXE) vulnerability in IscheduleClient XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the Middle or malicious server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Bedework/bw-calendar-engine/issues/3", + "refsource": "MISC", + "url": "https://github.com/Bedework/bw-calendar-engine/issues/3" + }, + { + "name": "https://0dd.zone/2018/10/28/bw-calendar-engine-XXE-MitM/", + "refsource": "MISC", + "url": "https://0dd.zone/2018/10/28/bw-calendar-engine-XXE-MitM/" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19341.json b/2018/19xxx/CVE-2018-19341.json index 4615b899d1e..6820bc815eb 100644 --- a/2018/19xxx/CVE-2018-19341.json +++ b/2018/19xxx/CVE-2018-19341.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The u3d plugin 9.3.0.10809 (aka plugins\\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a \"Read Access Violation near NULL starting at FoxitReader!std::basic_ostream >::operator<<+0x0000000000087906\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/10/2018/11/2018-11-10/index.html", - "refsource" : "MISC", - "url" : "https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/10/2018/11/2018-11-10/index.html" - }, - { - "name" : "https://yan-1-20.github.io/2018/11/10/2018/11/2018-11-10/", - "refsource" : "MISC", - "url" : "https://yan-1-20.github.io/2018/11/10/2018/11/2018-11-10/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The u3d plugin 9.3.0.10809 (aka plugins\\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a \"Read Access Violation near NULL starting at FoxitReader!std::basic_ostream >::operator<<+0x0000000000087906\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/10/2018/11/2018-11-10/index.html", + "refsource": "MISC", + "url": "https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/10/2018/11/2018-11-10/index.html" + }, + { + "name": "https://yan-1-20.github.io/2018/11/10/2018/11/2018-11-10/", + "refsource": "MISC", + "url": "https://yan-1-20.github.io/2018/11/10/2018/11/2018-11-10/" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19692.json b/2018/19xxx/CVE-2018-19692.json index 096f2abe123..45de06b2440 100644 --- a/2018/19xxx/CVE-2018-19692.json +++ b/2018/19xxx/CVE-2018-19692.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote attackers to execute arbitrary PHP code by uploading a .php file with the image/jpeg content type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/fmsdwifull/tp5cms/issues/5", - "refsource" : "MISC", - "url" : "https://github.com/fmsdwifull/tp5cms/issues/5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote attackers to execute arbitrary PHP code by uploading a .php file with the image/jpeg content type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/fmsdwifull/tp5cms/issues/5", + "refsource": "MISC", + "url": "https://github.com/fmsdwifull/tp5cms/issues/5" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19735.json b/2018/19xxx/CVE-2018-19735.json index f60b9f8889d..e44d446e8ed 100644 --- a/2018/19xxx/CVE-2018-19735.json +++ b/2018/19xxx/CVE-2018-19735.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19735", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-19735", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19908.json b/2018/19xxx/CVE-2018-19908.json index a3d41997ffa..cfb139abfed 100644 --- a/2018/19xxx/CVE-2018-19908.json +++ b/2018/19xxx/CVE-2018-19908.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19908", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19908", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46401", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46401/" - }, - { - "name" : "https://github.com/MISP/MISP/commit/211ac0737281b65e7da160f0aac52f401a94e1a3", - "refsource" : "MISC", - "url" : "https://github.com/MISP/MISP/commit/211ac0737281b65e7da160f0aac52f401a94e1a3" - }, - { - "name" : "https://github.com/MISP/MISP/releases/tag/v2.4.99", - "refsource" : "MISC", - "url" : "https://github.com/MISP/MISP/releases/tag/v2.4.99" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/MISP/MISP/commit/211ac0737281b65e7da160f0aac52f401a94e1a3", + "refsource": "MISC", + "url": "https://github.com/MISP/MISP/commit/211ac0737281b65e7da160f0aac52f401a94e1a3" + }, + { + "name": "https://github.com/MISP/MISP/releases/tag/v2.4.99", + "refsource": "MISC", + "url": "https://github.com/MISP/MISP/releases/tag/v2.4.99" + }, + { + "name": "46401", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46401/" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19931.json b/2018/19xxx/CVE-2018-19931.json index 4db59f9e8ed..dbc247e7dae 100644 --- a/2018/19xxx/CVE-2018-19931.json +++ b/2018/19xxx/CVE-2018-19931.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23942", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23942" - }, - { - "name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5f60af5d24d181371d67534fa273dd221df20c07", - "refsource" : "MISC", - "url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5f60af5d24d181371d67534fa273dd221df20c07" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190221-0004/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190221-0004/" - }, - { - "name" : "106144", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=23942", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23942" + }, + { + "name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5f60af5d24d181371d67534fa273dd221df20c07", + "refsource": "MISC", + "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5f60af5d24d181371d67534fa273dd221df20c07" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190221-0004/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190221-0004/" + }, + { + "name": "106144", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106144" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1242.json b/2018/1xxx/CVE-2018-1242.json index 75b906f8e0f..154d51223bc 100644 --- a/2018/1xxx/CVE-2018-1242.json +++ b/2018/1xxx/CVE-2018-1242.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "DATE_PUBLIC" : "2018-05-22T04:00:00.000Z", - "ID" : "CVE-2018-1242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Dell EMC RecoverPoint", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "5.1.2" - } - ] - } - }, - { - "product_name" : "Dell EMC RecoverPoint Virtual Machine (VM)", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "5.1.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "Dell EMC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "command injection vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-05-22T04:00:00.000Z", + "ID": "CVE-2018-1242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dell EMC RecoverPoint", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "5.1.2" + } + ] + } + }, + { + "product_name": "Dell EMC RecoverPoint Virtual Machine (VM)", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "5.1.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180522 DSA-2018-095: Dell EMC RecoverPoint Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/61" - }, - { - "name" : "104246", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104246" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "command injection vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180522 DSA-2018-095: Dell EMC RecoverPoint Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/61" + }, + { + "name": "104246", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104246" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1763.json b/2018/1xxx/CVE-2018-1763.json index a510a1cf0b6..d70506cedd0 100644 --- a/2018/1xxx/CVE-2018-1763.json +++ b/2018/1xxx/CVE-2018-1763.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-03-08T00:00:00", - "ID" : "CVE-2018-1763", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Quality Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - }, - { - "version_value" : "6.0.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148617." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-03-08T00:00:00", + "ID": "CVE-2018-1763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Quality Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + }, + { + "version_value": "6.0.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10875318", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10875318" - }, - { - "name" : "ibm-rqm-cve20181763-xss(148617)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148617." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10875318", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875318" + }, + { + "name": "ibm-rqm-cve20181763-xss(148617)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148617" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1941.json b/2018/1xxx/CVE-2018-1941.json index 93e3468ab8b..89a85d23167 100644 --- a/2018/1xxx/CVE-2018-1941.json +++ b/2018/1xxx/CVE-2018-1941.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-12-03T00:00:00", - "ID" : "CVE-2018-1941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Campaign", - "version" : { - "version_data" : [ - { - "version_value" : "9.1.2" - }, - { - "version_value" : "9.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. IBM X-Force ID: 153382." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "H", - "AC" : "L", - "AV" : "L", - "C" : "H", - "I" : "H", - "PR" : "N", - "S" : "U", - "SCORE" : "8.400", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-12-03T00:00:00", + "ID": "CVE-2018-1941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Campaign", + "version": { + "version_data": [ + { + "version_value": "9.1.2" + }, + { + "version_value": "9.1.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10743115", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10743115" - }, - { - "name" : "ibm-campaign-cve20181941-priv-escalation(153382)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153382" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. IBM X-Force ID: 153382." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "H", + "AC": "L", + "AV": "L", + "C": "H", + "I": "H", + "PR": "N", + "S": "U", + "SCORE": "8.400", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10743115", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10743115" + }, + { + "name": "ibm-campaign-cve20181941-priv-escalation(153382)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153382" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4607.json b/2018/4xxx/CVE-2018-4607.json index 1ec5b2785dc..e5ac5ac4d83 100644 --- a/2018/4xxx/CVE-2018-4607.json +++ b/2018/4xxx/CVE-2018-4607.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4607", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4607", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4833.json b/2018/4xxx/CVE-2018-4833.json index 4b6d4b0859d..f99d820e609 100644 --- a/2018/4xxx/CVE-2018-4833.json +++ b/2018/4xxx/CVE-2018-4833.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "DATE_PUBLIC" : "2018-06-12T00:00:00", - "ID" : "CVE-2018-4833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RFID 181-EIP, RUGGEDCOM WiMAX, SCALANCE X-200, SCALANCE X-200 IRT, SCALANCE X-204RNA, SCALANCE X-300, SCALANCE X408, SCALANCE X414, SIMATIC RF182C", - "version" : { - "version_data" : [ - { - "version_value" : "RFID 181-EIP : All versions" - }, - { - "version_value" : "RUGGEDCOM WiMAX : V4.4 and V4.5" - }, - { - "version_value" : "SCALANCE X-200 : All versions < V5.2.3" - }, - { - "version_value" : "SCALANCE X-200 IRT : All versions < V5.4.1" - }, - { - "version_value" : "SCALANCE X-204RNA : All versions" - }, - { - "version_value" : "SCALANCE X-300 : All versions" - }, - { - "version_value" : "SCALANCE X408 : All versions" - }, - { - "version_value" : "SCALANCE X414 : All versions" - }, - { - "version_value" : "SIMATIC RF182C : All versions" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in RFID 181-EIP (All versions), RUGGEDCOM WiMAX (V4.4 and V4.5), SCALANCE X-200 (All versions < V5.2.3), SCALANCE X-200 IRT (All versions < V5.4.1), SCALANCE X-204RNA (All versions), SCALANCE X-300 (All versions), SCALANCE X408 (All versions), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-122: Heap-based Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "DATE_PUBLIC": "2018-06-12T00:00:00", + "ID": "CVE-2018-4833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RFID 181-EIP, RUGGEDCOM WiMAX, SCALANCE X-200, SCALANCE X-200 IRT, SCALANCE X-204RNA, SCALANCE X-300, SCALANCE X408, SCALANCE X414, SIMATIC RF182C", + "version": { + "version_data": [ + { + "version_value": "RFID 181-EIP : All versions" + }, + { + "version_value": "RUGGEDCOM WiMAX : V4.4 and V4.5" + }, + { + "version_value": "SCALANCE X-200 : All versions < V5.2.3" + }, + { + "version_value": "SCALANCE X-200 IRT : All versions < V5.4.1" + }, + { + "version_value": "SCALANCE X-204RNA : All versions" + }, + { + "version_value": "SCALANCE X-300 : All versions" + }, + { + "version_value": "SCALANCE X408 : All versions" + }, + { + "version_value": "SCALANCE X414 : All versions" + }, + { + "version_value": "SIMATIC RF182C : All versions" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf" - }, - { - "name" : "104482", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in RFID 181-EIP (All versions), RUGGEDCOM WiMAX (V4.4 and V4.5), SCALANCE X-200 (All versions < V5.2.3), SCALANCE X-200 IRT (All versions < V5.4.1), SCALANCE X-204RNA (All versions), SCALANCE X-300 (All versions), SCALANCE X408 (All versions), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf" + }, + { + "name": "104482", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104482" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4850.json b/2018/4xxx/CVE-2018-4850.json index d09a801c031..3e03f9a4a6f 100644 --- a/2018/4xxx/CVE-2018-4850.json +++ b/2018/4xxx/CVE-2018-4850.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "DATE_PUBLIC" : "2018-05-15T00:00:00", - "ID" : "CVE-2018-4850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below, SIMATIC S7-400 (incl. F) CPU hardware version 5.0, SIMATIC S7-400H CPU hardware version 4.5 and below", - "version" : { - "version_data" : [ - { - "version_value" : "SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below : All versions" - }, - { - "version_value" : "SIMATIC S7-400 (incl. F) CPU hardware version 5.0 : All firmware versions < V5.2" - }, - { - "version_value" : "SIMATIC S7-400H CPU hardware version 4.5 and below : All versions" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below (All versions), SIMATIC S7-400 (incl. F) CPU hardware version 5.0 (All firmware versions < V5.2), SIMATIC S7-400H CPU hardware version 4.5 and below (All versions). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20: Improper Input Validation" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "DATE_PUBLIC": "2018-05-15T00:00:00", + "ID": "CVE-2018-4850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below, SIMATIC S7-400 (incl. F) CPU hardware version 5.0, SIMATIC S7-400H CPU hardware version 4.5 and below", + "version": { + "version_data": [ + { + "version_value": "SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below : All versions" + }, + { + "version_value": "SIMATIC S7-400 (incl. F) CPU hardware version 5.0 : All firmware versions < V5.2" + }, + { + "version_value": "SIMATIC S7-400H CPU hardware version 4.5 and below : All versions" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdf" - }, - { - "name" : "https://www.siemens.com/global/en/home/products/services/cert.html#SecurityPublications", - "refsource" : "CONFIRM", - "url" : "https://www.siemens.com/global/en/home/products/services/cert.html#SecurityPublications" - }, - { - "name" : "104217", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below (All versions), SIMATIC S7-400 (incl. F) CPU hardware version 5.0 (All firmware versions < V5.2), SIMATIC S7-400H CPU hardware version 4.5 and below (All versions). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdf" + }, + { + "name": "104217", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104217" + }, + { + "name": "https://www.siemens.com/global/en/home/products/services/cert.html#SecurityPublications", + "refsource": "CONFIRM", + "url": "https://www.siemens.com/global/en/home/products/services/cert.html#SecurityPublications" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4910.json b/2018/4xxx/CVE-2018-4910.json index 70a51b9eff1..cfce2e8b050 100644 --- a/2018/4xxx/CVE-2018-4910.json +++ b/2018/4xxx/CVE-2018-4910.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4910", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file with crafted JavaScript code that manipulates the optional content group (OCG). A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "name" : "102992", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102992" - }, - { - "name" : "1040364", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file with crafted JavaScript code that manipulates the optional content group (OCG). A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" + }, + { + "name": "102992", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102992" + }, + { + "name": "1040364", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040364" + } + ] + } +} \ No newline at end of file