diff --git a/2008/0xxx/CVE-2008-0032.json b/2008/0xxx/CVE-2008-0032.json index 9ca48a82866..f52a17d7314 100644 --- a/2008/0xxx/CVE-2008-0032.json +++ b/2008/0xxx/CVE-2008-0032.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080115 Apple QuickTime Macintosh Resource Processing Heap Corruption Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=642" - }, - { - "name" : "APPLE-SA-2008-01-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=307301", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307301" - }, - { - "name" : "TA08-016A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-016A.html" - }, - { - "name" : "27301", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27301" - }, - { - "name" : "ADV-2008-0148", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0148" - }, - { - "name" : "1019221", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019221" - }, - { - "name" : "28502", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28502" - }, - { - "name" : "quicktime-macintosh-code-execution(39696)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28502", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28502" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307301", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307301" + }, + { + "name": "quicktime-macintosh-code-execution(39696)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39696" + }, + { + "name": "TA08-016A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-016A.html" + }, + { + "name": "APPLE-SA-2008-01-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html" + }, + { + "name": "27301", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27301" + }, + { + "name": "ADV-2008-0148", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0148" + }, + { + "name": "20080115 Apple QuickTime Macintosh Resource Processing Heap Corruption Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=642" + }, + { + "name": "1019221", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019221" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0164.json b/2008/0xxx/CVE-2008-0164.json index b0628db6bf4..96b6228cfa9 100644 --- a/2008/0xxx/CVE-2008-0164.json +++ b/2008/0xxx/CVE-2008-0164.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via the prefs_groups_overview page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080313 PR08-02: Plone CMS Security Research - the Art of Plowning", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489544/100/0/threaded" - }, - { - "name" : "http://plone.org/about/security/advisories/cve-2008-0164", - "refsource" : "MISC", - "url" : "http://plone.org/about/security/advisories/cve-2008-0164" - }, - { - "name" : "http://www.procheckup.com/Hacking_Plone_CMS.pdf", - "refsource" : "MISC", - "url" : "http://www.procheckup.com/Hacking_Plone_CMS.pdf" - }, - { - "name" : "29361", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29361" - }, - { - "name" : "3754", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3754" - }, - { - "name" : "plone-joinform-csrf(41263)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via the prefs_groups_overview page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3754", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3754" + }, + { + "name": "29361", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29361" + }, + { + "name": "20080313 PR08-02: Plone CMS Security Research - the Art of Plowning", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489544/100/0/threaded" + }, + { + "name": "http://www.procheckup.com/Hacking_Plone_CMS.pdf", + "refsource": "MISC", + "url": "http://www.procheckup.com/Hacking_Plone_CMS.pdf" + }, + { + "name": "http://plone.org/about/security/advisories/cve-2008-0164", + "refsource": "MISC", + "url": "http://plone.org/about/security/advisories/cve-2008-0164" + }, + { + "name": "plone-joinform-csrf(41263)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41263" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0204.json b/2008/0xxx/CVE-2008-0204.json index 80b26d0e652..fbf8bf8483b 100644 --- a/2008/0xxx/CVE-2008-0204.json +++ b/2008/0xxx/CVE-2008-0204.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080103 securityvulns.com russian vulnerabilities digest", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485786/100/0/threaded" - }, - { - "name" : "20080103 securityvulns.com russian vulnerabilities digest", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html" - }, - { - "name" : "http://websecurity.com.ua/1576/", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/1576/" - }, - { - "name" : "3539", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080103 securityvulns.com russian vulnerabilities digest", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html" + }, + { + "name": "20080103 securityvulns.com russian vulnerabilities digest", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded" + }, + { + "name": "http://websecurity.com.ua/1576/", + "refsource": "MISC", + "url": "http://websecurity.com.ua/1576/" + }, + { + "name": "3539", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3539" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0323.json b/2008/0xxx/CVE-2008-0323.json index 84019b99d19..f4bf3f717a8 100644 --- a/2008/0xxx/CVE-2008-0323.json +++ b/2008/0xxx/CVE-2008-0323.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0323", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0323", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0601.json b/2008/0xxx/CVE-2008-0601.json index f17fb4d4257..3231d9e619f 100644 --- a/2008/0xxx/CVE-2008-0601.json +++ b/2008/0xxx/CVE-2008-0601.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5064", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5064" - }, - { - "name" : "27624", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27624" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5064", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5064" + }, + { + "name": "27624", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27624" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0782.json b/2008/0xxx/CVE-2008-0782.json index 2a007816833..935aabe6c4b 100644 --- a/2008/0xxx/CVE-2008-0782.json +++ b/2008/0xxx/CVE-2008-0782.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0782", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0782", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4957", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4957" - }, - { - "name" : "http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630", - "refsource" : "CONFIRM", - "url" : "http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630" - }, - { - "name" : "DSA-1514", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1514" - }, - { - "name" : "GLSA-200803-27", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml" - }, - { - "name" : "USN-716-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/716-1/" - }, - { - "name" : "20080124 MoinMoin 1.5.x MOIND_ID cookie Bug Remote Exploit", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2008-January/001890.html" - }, - { - "name" : "27404", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27404" - }, - { - "name" : "ADV-2008-0569", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0569/references" - }, - { - "name" : "29010", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29010" - }, - { - "name" : "29262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29262" - }, - { - "name" : "29444", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29444" - }, - { - "name" : "33755", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33755" - }, - { - "name" : "moinmoin-readme-file-overwrite(39837)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39837" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33755", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33755" + }, + { + "name": "GLSA-200803-27", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml" + }, + { + "name": "29262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29262" + }, + { + "name": "http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630", + "refsource": "CONFIRM", + "url": "http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630" + }, + { + "name": "29010", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29010" + }, + { + "name": "20080124 MoinMoin 1.5.x MOIND_ID cookie Bug Remote Exploit", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2008-January/001890.html" + }, + { + "name": "moinmoin-readme-file-overwrite(39837)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39837" + }, + { + "name": "4957", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4957" + }, + { + "name": "ADV-2008-0569", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0569/references" + }, + { + "name": "29444", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29444" + }, + { + "name": "27404", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27404" + }, + { + "name": "USN-716-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/716-1/" + }, + { + "name": "DSA-1514", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1514" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0903.json b/2008/0xxx/CVE-2008-0903.json index 2eed934c1b0..47a574313bc 100644 --- a/2008/0xxx/CVE-2008-0903.json +++ b/2008/0xxx/CVE-2008-0903.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA08-199.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/275" - }, - { - "name" : "ADV-2008-0608", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0608/references" - }, - { - "name" : "1019450", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019450" - }, - { - "name" : "29041", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "BEA08-199.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/275" + }, + { + "name": "29041", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29041" + }, + { + "name": "1019450", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019450" + }, + { + "name": "ADV-2008-0608", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0608/references" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1024.json b/2008/1xxx/CVE-2008-1024.json index 3df269190a0..a558cdc6634 100644 --- a/2008/1xxx/CVE-2008-1024.json +++ b/2008/1xxx/CVE-2008-1024.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT1467", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT1467" - }, - { - "name" : "APPLE-SA-2008-04-16", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html" - }, - { - "name" : "VU#529441", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/529441" - }, - { - "name" : "28813", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28813" - }, - { - "name" : "1019868", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019868" - }, - { - "name" : "ADV-2008-0979", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0979/references" - }, - { - "name" : "apple-safari-filedownload-code-execution(41864)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41864" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT1467", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT1467" + }, + { + "name": "ADV-2008-0979", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0979/references" + }, + { + "name": "APPLE-SA-2008-04-16", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html" + }, + { + "name": "VU#529441", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/529441" + }, + { + "name": "apple-safari-filedownload-code-execution(41864)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41864" + }, + { + "name": "28813", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28813" + }, + { + "name": "1019868", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019868" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1140.json b/2008/1xxx/CVE-2008-1140.json index fdcb5b4c62c..18544fd8e64 100644 --- a/2008/1xxx/CVE-2008-1140.json +++ b/2008/1xxx/CVE-2008-1140.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DLMFDISK.sys 1.2.0.27 in DESlock+ 3.2.6 and earlier allows local users to gain privileges via a certain DLKFDISK_IOCTL request to \\\\.\\DLKFDisk_Control that overwrites a data structure associated with a mounted pseudo-filesystem, aka the \"ring0 SYSTEM\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5144", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5144" - }, - { - "name" : "ADV-2008-0597", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0597" - }, - { - "name" : "29005", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DLMFDISK.sys 1.2.0.27 in DESlock+ 3.2.6 and earlier allows local users to gain privileges via a certain DLKFDISK_IOCTL request to \\\\.\\DLKFDisk_Control that overwrites a data structure associated with a mounted pseudo-filesystem, aka the \"ring0 SYSTEM\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5144", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5144" + }, + { + "name": "29005", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29005" + }, + { + "name": "ADV-2008-0597", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0597" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1737.json b/2008/1xxx/CVE-2008-1737.json index 68d1605a416..405f2c0e16d 100644 --- a/2008/1xxx/CVE-2008-1737.json +++ b/2008/1xxx/CVE-2008-1737.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime Behavioural Analysis is enabled, allows local users to cause a denial of service (reboot with the product disabled) and possibly gain privileges via a zero value in a certain length field in the ObjectAttributes argument to the NtCreateKey hooked System Service Descriptor Table (SSDT) function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080428 CORE-2008-0320 - Insufficient argument validation of hooked SSDT functions on multiple Antivirus and Firewalls", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491405/100/0/threaded" - }, - { - "name" : "http://www.coresecurity.com/?action=item&id=2249", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/?action=item&id=2249" - }, - { - "name" : "http://www.sophos.com/support/knowledgebase/article/37810.html", - "refsource" : "CONFIRM", - "url" : "http://www.sophos.com/support/knowledgebase/article/37810.html" - }, - { - "name" : "28743", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28743" - }, - { - "name" : "ADV-2008-1381", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1381" - }, - { - "name" : "1019945", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019945" - }, - { - "name" : "29996", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29996" - }, - { - "name" : "3838", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3838" - }, - { - "name" : "sophos-ssdt-dos(42083)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42083" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime Behavioural Analysis is enabled, allows local users to cause a denial of service (reboot with the product disabled) and possibly gain privileges via a zero value in a certain length field in the ObjectAttributes argument to the NtCreateKey hooked System Service Descriptor Table (SSDT) function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29996", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29996" + }, + { + "name": "28743", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28743" + }, + { + "name": "3838", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3838" + }, + { + "name": "ADV-2008-1381", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1381" + }, + { + "name": "sophos-ssdt-dos(42083)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42083" + }, + { + "name": "http://www.coresecurity.com/?action=item&id=2249", + "refsource": "MISC", + "url": "http://www.coresecurity.com/?action=item&id=2249" + }, + { + "name": "http://www.sophos.com/support/knowledgebase/article/37810.html", + "refsource": "CONFIRM", + "url": "http://www.sophos.com/support/knowledgebase/article/37810.html" + }, + { + "name": "20080428 CORE-2008-0320 - Insufficient argument validation of hooked SSDT functions on multiple Antivirus and Firewalls", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491405/100/0/threaded" + }, + { + "name": "1019945", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019945" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1741.json b/2008/1xxx/CVE-2008-1741.json index f7bba6e70c9..a3f49264670 100644 --- a/2008/1xxx/CVE-2008-1741.json +++ b/2008/1xxx/CVE-2008-1741.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) allows remote attackers to cause a denial of service (core dump and service interruption) via a TCP port scan, aka Bug ID CSCsj64533." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2008-1741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080514 Cisco Unified Presence Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995682.shtml" - }, - { - "name" : "29222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29222" - }, - { - "name" : "ADV-2008-1534", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1534" - }, - { - "name" : "1020023", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020023" - }, - { - "name" : "30269", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30269" - }, - { - "name" : "cisco-unifiedpresence-sipproxy-dos(42413)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42413" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) allows remote attackers to cause a denial of service (core dump and service interruption) via a TCP port scan, aka Bug ID CSCsj64533." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-unifiedpresence-sipproxy-dos(42413)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42413" + }, + { + "name": "20080514 Cisco Unified Presence Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995682.shtml" + }, + { + "name": "29222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29222" + }, + { + "name": "30269", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30269" + }, + { + "name": "ADV-2008-1534", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1534" + }, + { + "name": "1020023", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020023" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1909.json b/2008/1xxx/CVE-2008-1909.json index e221a26d633..0416910fc3d 100644 --- a/2008/1xxx/CVE-2008-1909.json +++ b/2008/1xxx/CVE-2008-1909.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPKB) 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5428", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5428" - }, - { - "name" : "28739", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28739" - }, - { - "name" : "29791", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29791" - }, - { - "name" : "phpkb-comment-sql-injection(41769)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPKB) 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5428", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5428" + }, + { + "name": "phpkb-comment-sql-injection(41769)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41769" + }, + { + "name": "29791", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29791" + }, + { + "name": "28739", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28739" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1974.json b/2008/1xxx/CVE-2008-1974.json index 92b1036d4c5..dbd71575ea1 100644 --- a/2008/1xxx/CVE-2008-1974.json +++ b/2008/1xxx/CVE-2008-1974.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080422 Horde Webmail XSS [Aria-Security]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491230/100/0/threaded" - }, - { - "name" : "[kronolith] 20080427 Kronolith H3 (2.1.8) (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/kronolith/Week-of-Mon-20080421/006807.html" - }, - { - "name" : "http://forum.aria-security.com/showthread.php?t=49", - "refsource" : "MISC", - "url" : "http://forum.aria-security.com/showthread.php?t=49" - }, - { - "name" : "DSA-1560", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2008/dsa-1560" - }, - { - "name" : "FEDORA-2008-3460", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00444.html" - }, - { - "name" : "FEDORA-2008-3543", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00427.html" - }, - { - "name" : "28898", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28898" - }, - { - "name" : "51238", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51238" - }, - { - "name" : "ADV-2008-1373", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1373/references" - }, - { - "name" : "1019934", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019934" - }, - { - "name" : "29920", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29920" - }, - { - "name" : "30649", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30649" - }, - { - "name" : "3831", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3831" - }, - { - "name" : "horde-webmail-addevent-xss(41974)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41974" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51238", + "refsource": "OSVDB", + "url": "http://osvdb.org/51238" + }, + { + "name": "FEDORA-2008-3460", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00444.html" + }, + { + "name": "29920", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29920" + }, + { + "name": "28898", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28898" + }, + { + "name": "30649", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30649" + }, + { + "name": "1019934", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019934" + }, + { + "name": "FEDORA-2008-3543", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00427.html" + }, + { + "name": "20080422 Horde Webmail XSS [Aria-Security]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491230/100/0/threaded" + }, + { + "name": "horde-webmail-addevent-xss(41974)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41974" + }, + { + "name": "ADV-2008-1373", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1373/references" + }, + { + "name": "DSA-1560", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2008/dsa-1560" + }, + { + "name": "3831", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3831" + }, + { + "name": "http://forum.aria-security.com/showthread.php?t=49", + "refsource": "MISC", + "url": "http://forum.aria-security.com/showthread.php?t=49" + }, + { + "name": "[kronolith] 20080427 Kronolith H3 (2.1.8) (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/kronolith/Week-of-Mon-20080421/006807.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4650.json b/2008/4xxx/CVE-2008-4650.json index 4dafb003543..cb0767a76f0 100644 --- a/2008/4xxx/CVE-2008-4650.json +++ b/2008/4xxx/CVE-2008-4650.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in viewevent.php in myEvent 1.6 allows remote attackers to execute arbitrary SQL commands via the eventdate parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6760", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6760" - }, - { - "name" : "31773", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31773" - }, - { - "name" : "4457", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4457" - }, - { - "name" : "myevent-viewevent-sql-injection(45919)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45919" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in viewevent.php in myEvent 1.6 allows remote attackers to execute arbitrary SQL commands via the eventdate parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31773", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31773" + }, + { + "name": "4457", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4457" + }, + { + "name": "myevent-viewevent-sql-injection(45919)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45919" + }, + { + "name": "6760", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6760" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4748.json b/2008/4xxx/CVE-2008-4748.json index 07d34f57f9d..8ded49b65fd 100644 --- a/2008/4xxx/CVE-2008-4748.json +++ b/2008/4xxx/CVE-2008-4748.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6832", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6832" - }, - { - "name" : "31912", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31912" - }, - { - "name" : "32410", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32410" - }, - { - "name" : "ADV-2008-2926", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2926" - }, - { - "name" : "4508", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4508" - }, - { - "name" : "kvirc-irc-format-string(46114)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6832", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6832" + }, + { + "name": "31912", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31912" + }, + { + "name": "kvirc-irc-format-string(46114)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46114" + }, + { + "name": "4508", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4508" + }, + { + "name": "ADV-2008-2926", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2926" + }, + { + "name": "32410", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32410" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5447.json b/2008/5xxx/CVE-2008-5447.json index 94db3a3d637..33aaccae4f1 100644 --- a/2008/5xxx/CVE-2008-5447.json +++ b/2008/5xxx/CVE-2008-5447.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Enterprise Manager component in Oracle Enterprise Manager 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2008-5447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" - }, - { - "name" : "33177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33177" - }, - { - "name" : "ADV-2009-0115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0115" - }, - { - "name" : "1021569", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021569" - }, - { - "name" : "33525", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Enterprise Manager component in Oracle Enterprise Manager 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33525", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33525" + }, + { + "name": "ADV-2009-0115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0115" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" + }, + { + "name": "33177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33177" + }, + { + "name": "1021569", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021569" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5656.json b/2008/5xxx/CVE-2008-5656.json index ef77d62bdba..e211ac802f9 100644 --- a/2008/5xxx/CVE-2008-5656.json +++ b/2008/5xxx/CVE-2008-5656.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5656", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-20081113-2/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-20081113-2/" - }, - { - "name" : "32284", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32284" - }, - { - "name" : "typo3-felogin-xss(46591)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46591" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "typo3-felogin-xss(46591)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46591" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-20081113-2/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-20081113-2/" + }, + { + "name": "32284", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32284" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5865.json b/2008/5xxx/CVE-2008-5865.json index f264ce29ce2..4182d0834c3 100644 --- a/2008/5xxx/CVE-2008-5865.json +++ b/2008/5xxx/CVE-2008-5865.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5865", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7538", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7538" - }, - { - "name" : "32951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32951" - }, - { - "name" : "33215", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33215" - }, - { - "name" : "4870", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4870" - }, - { - "name" : "joomlahbs-index-sql-injection(47539)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33215", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33215" + }, + { + "name": "4870", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4870" + }, + { + "name": "32951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32951" + }, + { + "name": "joomlahbs-index-sql-injection(47539)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47539" + }, + { + "name": "7538", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7538" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0777.json b/2013/0xxx/CVE-2013-0777.json index 3a77794f831..ef05ba08a39 100644 --- a/2013/0xxx/CVE-2013-0777.json +++ b/2013/0xxx/CVE-2013-0777.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-0777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-28.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-28.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=798691", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=798691" - }, - { - "name" : "openSUSE-SU-2013:0323", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html" - }, - { - "name" : "openSUSE-SU-2013:0324", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html" - }, - { - "name" : "USN-1729-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1729-1" - }, - { - "name" : "USN-1729-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1729-2" - }, - { - "name" : "USN-1748-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1748-1" - }, - { - "name" : "oval:org.mitre.oval:def:16977", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=798691", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=798691" + }, + { + "name": "USN-1729-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1729-1" + }, + { + "name": "USN-1729-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1729-2" + }, + { + "name": "USN-1748-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1748-1" + }, + { + "name": "openSUSE-SU-2013:0324", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-28.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-28.html" + }, + { + "name": "openSUSE-SU-2013:0323", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html" + }, + { + "name": "oval:org.mitre.oval:def:16977", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16977" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3029.json b/2013/3xxx/CVE-2013-3029.json index 9ab6de157d3..7b99ba8eaad 100644 --- a/2013/3xxx/CVE-2013-3029.json +++ b/2013/3xxx/CVE-2013-3029.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-3029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644047", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644047" - }, - { - "name" : "PM88746", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM88746" - }, - { - "name" : "was-cve20133029-csrf(84591)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84591" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047" + }, + { + "name": "PM88746", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM88746" + }, + { + "name": "was-cve20133029-csrf(84591)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84591" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3360.json b/2013/3xxx/CVE-2013-3360.json index 6a38df7d395..4618d42c23a 100644 --- a/2013/3xxx/CVE-2013-3360.json +++ b/2013/3xxx/CVE-2013-3360.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Shockwave Player before 12.0.4.144 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3359." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-3360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-23.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-23.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Shockwave Player before 12.0.4.144 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3359." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-23.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-23.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3425.json b/2013/3xxx/CVE-2013-3425.json index 1223434b2a6..8f9a5fc6706 100644 --- a/2013/3xxx/CVE-2013-3425.json +++ b/2013/3xxx/CVE-2013-3425.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumerate files via a series of SPI calls, aka Bug ID CSCuc35965." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-3425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130730 Cisco WebEx Information Disclosure through Inconsistent Error Messages Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3425" - }, - { - "name" : "95876", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95876" - }, - { - "name" : "cisco-webex-cve20133425-info-disc(86150)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumerate files via a series of SPI calls, aka Bug ID CSCuc35965." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130730 Cisco WebEx Information Disclosure through Inconsistent Error Messages Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3425" + }, + { + "name": "cisco-webex-cve20133425-info-disc(86150)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86150" + }, + { + "name": "95876", + "refsource": "OSVDB", + "url": "http://osvdb.org/95876" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3601.json b/2013/3xxx/CVE-2013-3601.json index 3fdf08faca7..3320323574e 100644 --- a/2013/3xxx/CVE-2013-3601.json +++ b/2013/3xxx/CVE-2013-3601.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Coursemill Learning Management System (LMS) 6.6 does not properly restrict JSP function calls, which allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student role and providing an op parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-3601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#960908", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/960908" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Coursemill Learning Management System (LMS) 6.6 does not properly restrict JSP function calls, which allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student role and providing an op parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#960908", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/960908" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4547.json b/2013/4xxx/CVE-2013-4547.json index 8a6e0e200ea..6e89d30c6c3 100644 --- a/2013/4xxx/CVE-2013-4547.json +++ b/2013/4xxx/CVE-2013-4547.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4547", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[nginx-announce] 20131119 nginx security advisory (CVE-2013-4547)", - "refsource" : "MLIST", - "url" : "http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html" - }, - { - "name" : "DSA-2802", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2802" - }, - { - "name" : "openSUSE-SU-2013:1745", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html" - }, - { - "name" : "openSUSE-SU-2013:1791", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html" - }, - { - "name" : "openSUSE-SU-2013:1792", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html" - }, - { - "name" : "SUSE-SU-2013:1895", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html" - }, - { - "name" : "55757", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55757" - }, - { - "name" : "55822", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55822" - }, - { - "name" : "55825", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55757", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55757" + }, + { + "name": "SUSE-SU-2013:1895", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html" + }, + { + "name": "openSUSE-SU-2013:1745", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html" + }, + { + "name": "55825", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55825" + }, + { + "name": "55822", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55822" + }, + { + "name": "openSUSE-SU-2013:1792", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html" + }, + { + "name": "openSUSE-SU-2013:1791", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html" + }, + { + "name": "DSA-2802", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2802" + }, + { + "name": "[nginx-announce] 20131119 nginx security advisory (CVE-2013-4547)", + "refsource": "MLIST", + "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4763.json b/2013/4xxx/CVE-2013-4763.json index 54fec5b8078..909d5d2bca8 100644 --- a/2013/4xxx/CVE-2013-4763.json +++ b/2013/4xxx/CVE-2013-4763.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4763", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4763", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4777.json b/2013/4xxx/CVE-2013-4777.json index fefa6c25809..636e93ad049 100644 --- a/2013/4xxx/CVE-2013-4777.json +++ b/2013/4xxx/CVE-2013-4777.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local users to gain privileges by interacting with a LocalSocket object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://plus.google.com/110348415484169880343/posts/5ofgPNrSu3J", - "refsource" : "MISC", - "url" : "https://plus.google.com/110348415484169880343/posts/5ofgPNrSu3J" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local users to gain privileges by interacting with a LocalSocket object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://plus.google.com/110348415484169880343/posts/5ofgPNrSu3J", + "refsource": "MISC", + "url": "https://plus.google.com/110348415484169880343/posts/5ofgPNrSu3J" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4800.json b/2013/4xxx/CVE-2013-4800.json index d806c05651d..f47d5b489ea 100644 --- a/2013/4xxx/CVE-2013-4800.json +++ b/2013/4xxx/CVE-2013-4800.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-4800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-13-169", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-13-169" - }, - { - "name" : "http://packetstormsecurity.com/files/123533", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/123533" - }, - { - "name" : "HPSBGN02905", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772" - }, - { - "name" : "SSRT101117", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772" - }, - { - "name" : "61446", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61446" - }, - { - "name" : "95644", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95644" - }, - { - "name" : "hp-loadrunner-cve20134800-code-exec(85960)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85960" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/123533", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/123533" + }, + { + "name": "SSRT101117", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772" + }, + { + "name": "hp-loadrunner-cve20134800-code-exec(85960)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85960" + }, + { + "name": "95644", + "refsource": "OSVDB", + "url": "http://osvdb.org/95644" + }, + { + "name": "61446", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61446" + }, + { + "name": "HPSBGN02905", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-13-169", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-13-169" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6114.json b/2013/6xxx/CVE-2013-6114.json index 659928b3b30..b636d245633 100644 --- a/2013/6xxx/CVE-2013-6114.json +++ b/2013/6xxx/CVE-2013-6114.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the subview attribute of a viewer element in a .motn file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "28811", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/28811/" - }, - { - "name" : "http://support.apple.com/kb/HT6041", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the subview attribute of a viewer element in a .motn file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28811", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/28811/" + }, + { + "name": "http://support.apple.com/kb/HT6041", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6041" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6234.json b/2013/6xxx/CVE-2013-6234.json index 3e350d94bb9..d4c34e909d6 100644 --- a/2013/6xxx/CVE-2013-6234.json +++ b/2013/6xxx/CVE-2013-6234.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6234", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6234", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7154.json b/2013/7xxx/CVE-2013-7154.json index 47060a3d45c..02a3c03a257 100644 --- a/2013/7xxx/CVE-2013-7154.json +++ b/2013/7xxx/CVE-2013-7154.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7154", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7154", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7304.json b/2013/7xxx/CVE-2013-7304.json index ba2bf194f92..2fe2babe1f9 100644 --- a/2013/7xxx/CVE-2013-7304.json +++ b/2013/7xxx/CVE-2013-7304.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does not configure X.509 certificate validation for client devices, which allows man-in-the-middle attackers to spoof SSL servers by presenting an arbitrary certificate during a session established by a client." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97784", - "refsource" : "CONFIRM", - "url" : "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97784" - }, - { - "name" : "65135", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65135" - }, - { - "name" : "1029704", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029704" - }, - { - "name" : "56744", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56744" - }, - { - "name" : "checkpoint-cve20137304-spoofing(90674)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90674" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does not configure X.509 certificate validation for client devices, which allows man-in-the-middle attackers to spoof SSL servers by presenting an arbitrary certificate during a session established by a client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97784", + "refsource": "CONFIRM", + "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97784" + }, + { + "name": "56744", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56744" + }, + { + "name": "checkpoint-cve20137304-spoofing(90674)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90674" + }, + { + "name": "65135", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65135" + }, + { + "name": "1029704", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029704" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7448.json b/2013/7xxx/CVE-2013-7448.json index 8a35859df9f..aeee4fcb886 100644 --- a/2013/7xxx/CVE-2013-7448.json +++ b/2013/7xxx/CVE-2013-7448.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160218 CVE request: didiwiki path traversal vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/19/4" - }, - { - "name" : "[oss-security] 20160219 Re: CVE request: didiwiki path traversal vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/19/5" - }, - { - "name" : "[oss-security] 20160219 Re: CVE request: didiwiki path traversal vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/19/6" - }, - { - "name" : "[oss-security] 20160219 Re: CVE request: didiwiki path traversal vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/19/7" - }, - { - "name" : "https://github.com/OpenedHand/didiwiki/pull/1/files", - "refsource" : "MISC", - "url" : "https://github.com/OpenedHand/didiwiki/pull/1/files" - }, - { - "name" : "https://github.com/yarolig/didiwiki/commit/5e5c796617e1712905dc5462b94bd5e6c08d15ea", - "refsource" : "MISC", - "url" : "https://github.com/yarolig/didiwiki/commit/5e5c796617e1712905dc5462b94bd5e6c08d15ea" - }, - { - "name" : "DSA-3485", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3485" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160219 Re: CVE request: didiwiki path traversal vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/19/5" + }, + { + "name": "https://github.com/yarolig/didiwiki/commit/5e5c796617e1712905dc5462b94bd5e6c08d15ea", + "refsource": "MISC", + "url": "https://github.com/yarolig/didiwiki/commit/5e5c796617e1712905dc5462b94bd5e6c08d15ea" + }, + { + "name": "https://github.com/OpenedHand/didiwiki/pull/1/files", + "refsource": "MISC", + "url": "https://github.com/OpenedHand/didiwiki/pull/1/files" + }, + { + "name": "[oss-security] 20160219 Re: CVE request: didiwiki path traversal vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/19/7" + }, + { + "name": "[oss-security] 20160219 Re: CVE request: didiwiki path traversal vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/19/6" + }, + { + "name": "[oss-security] 20160218 CVE request: didiwiki path traversal vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/19/4" + }, + { + "name": "DSA-3485", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3485" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10210.json b/2017/10xxx/CVE-2017-10210.json index e3d54f479fd..3a9f7f08e55 100644 --- a/2017/10xxx/CVE-2017-10210.json +++ b/2017/10xxx/CVE-2017-10210.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Oracle VM VirtualBox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "5.1.24" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle VM VirtualBox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.1.24" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99640", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99640" - }, - { - "name" : "1038929", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99640", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99640" + }, + { + "name": "1038929", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038929" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10276.json b/2017/10xxx/CVE-2017-10276.json index 27d1b6e8cc3..118edbe46e7 100644 --- a/2017/10xxx/CVE-2017-10276.json +++ b/2017/10xxx/CVE-2017-10276.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10276", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.6.37 and earlier" - }, - { - "version_affected" : "=", - "version_value" : "5.7.19 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.6.37 and earlier" + }, + { + "version_affected": "=", + "version_value": "5.7.19 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171019-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171019-0002/" - }, - { - "name" : "RHSA-2017:3265", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3265" - }, - { - "name" : "RHSA-2017:3442", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3442" - }, - { - "name" : "101441", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101441" - }, - { - "name" : "1039597", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20171019-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171019-0002/" + }, + { + "name": "RHSA-2017:3265", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3265" + }, + { + "name": "1039597", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039597" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "101441", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101441" + }, + { + "name": "RHSA-2017:3442", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3442" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10754.json b/2017/10xxx/CVE-2017-10754.json index 1c2d75e9a79..08a97d83804 100644 --- a/2017/10xxx/CVE-2017-10754.json +++ b/2017/10xxx/CVE-2017-10754.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpEnterCriticalSectionContended+0x0000000000000031.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10754", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10754" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpEnterCriticalSectionContended+0x0000000000000031.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10754", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10754" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10994.json b/2017/10xxx/CVE-2017-10994.json index 312432a9d4e..4ce8e394120 100644 --- a/2017/10xxx/CVE-2017-10994.json +++ b/2017/10xxx/CVE-2017-10994.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - }, - { - "name" : "99499", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99499" - }, - { - "name" : "1039113", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99499", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99499" + }, + { + "name": "1039113", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039113" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12272.json b/2017/12xxx/CVE-2017-12272.json index 835706755fd..a734275d53b 100644 --- a/2017/12xxx/CVE-2017-12272.json +++ b/2017/12xxx/CVE-2017-12272.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS XE", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS XE" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by convincing a user of the web interface to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvb09516." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS XE" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe" - }, - { - "name" : "101494", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101494" - }, - { - "name" : "1039627", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039627" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by convincing a user of the web interface to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvb09516." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039627", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039627" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe" + }, + { + "name": "101494", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101494" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12374.json b/2017/12xxx/CVE-2017-12374.json index 68ba0e4b64b..3ccb1b06155 100644 --- a/2017/12xxx/CVE-2017-12374.json +++ b/2017/12xxx/CVE-2017-12374.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ClamAV AntiVirus software versions 0.99.2 and prior", - "version" : { - "version_data" : [ - { - "version_value" : "ClamAV AntiVirus software versions 0.99.2 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "use-after-free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ClamAV AntiVirus software versions 0.99.2 and prior", + "version": { + "version_data": [ + { + "version_value": "ClamAV AntiVirus software versions 0.99.2 and prior" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html" - }, - { - "name" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", - "refsource" : "CONFIRM", - "url" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html" - }, - { - "name" : "https://bugzilla.clamav.net/show_bug.cgi?id=11939", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.clamav.net/show_bug.cgi?id=11939" - }, - { - "name" : "USN-3550-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3550-1/" - }, - { - "name" : "USN-3550-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3550-2/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3550-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3550-1/" + }, + { + "name": "USN-3550-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3550-2/" + }, + { + "name": "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html" + }, + { + "name": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", + "refsource": "CONFIRM", + "url": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html" + }, + { + "name": "https://bugzilla.clamav.net/show_bug.cgi?id=11939", + "refsource": "CONFIRM", + "url": "https://bugzilla.clamav.net/show_bug.cgi?id=11939" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12586.json b/2017/12xxx/CVE-2017-12586.json index f92d99b5b60..5871b3ba0f3 100644 --- a/2017/12xxx/CVE-2017-12586.json +++ b/2017/12xxx/CVE-2017-12586.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/slims/slims8_akasia/issues/48", - "refsource" : "CONFIRM", - "url" : "https://github.com/slims/slims8_akasia/issues/48" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/slims/slims8_akasia/issues/48", + "refsource": "CONFIRM", + "url": "https://github.com/slims/slims8_akasia/issues/48" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13163.json b/2017/13xxx/CVE-2017-13163.json index 09593d56fdc..2cbd84c3866 100644 --- a/2017/13xxx/CVE-2017-13163.json +++ b/2017/13xxx/CVE-2017-13163.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-12-04T00:00:00", - "ID" : "CVE-2017-13163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the kernel mtp usb driver. Product: Android. Versions: Android kernel. Android ID A-37429972." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-12-04T00:00:00", + "ID": "CVE-2017-13163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-12-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-12-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the kernel mtp usb driver. Product: Android. Versions: Android kernel. Android ID A-37429972." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-12-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13652.json b/2017/13xxx/CVE-2017-13652.json index 20841a1e4e7..cdf30404d8e 100644 --- a/2017/13xxx/CVE-2017-13652.json +++ b/2017/13xxx/CVE-2017-13652.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_PUBLIC" : "2018-07-31T00:00:00", - "ID" : "CVE-2017-13652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are susceptible to clickjacking attacks which could cause a user to perform an unintended action in the user interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_PUBLIC": "2018-07-31T00:00:00", + "ID": "CVE-2017-13652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security.netapp.com/advisory/ntap-20180731-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180731-0001/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are susceptible to clickjacking attacks which could cause a user to perform an unintended action in the user interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20180731-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180731-0001/" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13706.json b/2017/13xxx/CVE-2017-13706.json index 03e36332dd6..90dd7cc6aa9 100644 --- a/2017/13xxx/CVE-2017-13706.json +++ b/2017/13xxx/CVE-2017-13706.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request, aka bug #572705." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20171007 CVE-2017-13706, Lansweeper 6.0.100.29 XXE Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Oct/14" - }, - { - "name" : "http://packetstormsecurity.com/files/144527/Lansweeper-6.0.100.29-XXE-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/144527/Lansweeper-6.0.100.29-XXE-Injection.html" - }, - { - "name" : "https://www.lansweeper.com/changelog.aspx", - "refsource" : "CONFIRM", - "url" : "https://www.lansweeper.com/changelog.aspx" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request, aka bug #572705." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20171007 CVE-2017-13706, Lansweeper 6.0.100.29 XXE Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Oct/14" + }, + { + "name": "https://www.lansweeper.com/changelog.aspx", + "refsource": "CONFIRM", + "url": "https://www.lansweeper.com/changelog.aspx" + }, + { + "name": "http://packetstormsecurity.com/files/144527/Lansweeper-6.0.100.29-XXE-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/144527/Lansweeper-6.0.100.29-XXE-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17044.json b/2017/17xxx/CVE-2017-17044.json index 7864c2c6164..0a5e3ed58c7 100644 --- a/2017/17xxx/CVE-2017-17044.json +++ b/2017/17xxx/CVE-2017-17044.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180105 [SECURITY] [DLA 1230-1] xen security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00003.html" - }, - { - "name" : "[debian-lts-announce] 20181030 [SECURITY] [DLA 1559-1] xen security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html" - }, - { - "name" : "https://xenbits.xen.org/xsa/advisory-246.html", - "refsource" : "CONFIRM", - "url" : "https://xenbits.xen.org/xsa/advisory-246.html" - }, - { - "name" : "https://support.citrix.com/article/CTX230138", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX230138" - }, - { - "name" : "GLSA-201801-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201801-14" - }, - { - "name" : "102008", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102008" - }, - { - "name" : "102129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102129" - }, - { - "name" : "105954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105954" - }, - { - "name" : "1039878", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039878" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20181030 [SECURITY] [DLA 1559-1] xen security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html" + }, + { + "name": "102129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102129" + }, + { + "name": "https://xenbits.xen.org/xsa/advisory-246.html", + "refsource": "CONFIRM", + "url": "https://xenbits.xen.org/xsa/advisory-246.html" + }, + { + "name": "[debian-lts-announce] 20180105 [SECURITY] [DLA 1230-1] xen security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00003.html" + }, + { + "name": "102008", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102008" + }, + { + "name": "1039878", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039878" + }, + { + "name": "GLSA-201801-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201801-14" + }, + { + "name": "105954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105954" + }, + { + "name": "https://support.citrix.com/article/CTX230138", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX230138" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17293.json b/2017/17xxx/CVE-2017-17293.json index 18e29e4ff7b..351f6dfc1c0 100644 --- a/2017/17xxx/CVE-2017-17293.json +++ b/2017/17xxx/CVE-2017-17293.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-17293", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "AR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR3600,AR510,DP300,MAX PRESENCE,NetEngine16EX,RP200,SRG1300,SRG2300,SRG3300,TE30,TE40,TE50,TE60,TP3106,TP3206", - "version" : { - "version_data" : [ - { - "version_value" : "AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10 have a buffer overflow vulnerability. An authenticated, local attacker may craft a specific XML file to the affected products. Due to insufficient input validation, successful exploit will cause some service abnormal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-17293", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR3600,AR510,DP300,MAX PRESENCE,NetEngine16EX,RP200,SRG1300,SRG2300,SRG3300,TE30,TE40,TE50,TE60,TP3106,TP3206", + "version": { + "version_data": [ + { + "version_value": "AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-06-xml-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-06-xml-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10 have a buffer overflow vulnerability. An authenticated, local attacker may craft a specific XML file to the affected products. Due to insufficient input validation, successful exploit will cause some service abnormal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-06-xml-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-06-xml-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17501.json b/2017/17xxx/CVE-2017-17501.json index fac077da3ec..bc29adfa5b6 100644 --- a/2017/17xxx/CVE-2017-17501.json +++ b/2017/17xxx/CVE-2017-17501.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180108 [SECURITY] [DLA 1231-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html" - }, - { - "name" : "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html" - }, - { - "name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/5b8414c0d0c4", - "refsource" : "CONFIRM", - "url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/5b8414c0d0c4" - }, - { - "name" : "https://sourceforge.net/p/graphicsmagick/bugs/526/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/graphicsmagick/bugs/526/" - }, - { - "name" : "DSA-4321", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4321" - }, - { - "name" : "102185", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/graphicsmagick/bugs/526/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/graphicsmagick/bugs/526/" + }, + { + "name": "DSA-4321", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4321" + }, + { + "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html" + }, + { + "name": "102185", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102185" + }, + { + "name": "[debian-lts-announce] 20180108 [SECURITY] [DLA 1231-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html" + }, + { + "name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/5b8414c0d0c4", + "refsource": "CONFIRM", + "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/5b8414c0d0c4" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17611.json b/2017/17xxx/CVE-2017-17611.json index 9e6a2b2908c..079fd2e807d 100644 --- a/2017/17xxx/CVE-2017-17611.json +++ b/2017/17xxx/CVE-2017-17611.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17611", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Doctor Search Script 1.0 has SQL Injection via the /list city parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43276", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43276/" - }, - { - "name" : "https://packetstormsecurity.com/files/145312/Doctor-Search-Script-1.0-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/145312/Doctor-Search-Script-1.0-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Doctor Search Script 1.0 has SQL Injection via the /list city parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43276", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43276/" + }, + { + "name": "https://packetstormsecurity.com/files/145312/Doctor-Search-Script-1.0-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/145312/Doctor-Search-Script-1.0-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0450.json b/2018/0xxx/CVE-2018-0450.json index 1050ea567fc..7ce27bf688c 100644 --- a/2018/0xxx/CVE-2018-0450.json +++ b/2018/0xxx/CVE-2018-0450.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-09-05T16:00:00-0500", - "ID" : "CVE-2018-0450", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Data Center Network Manager Cross-Site Scripting Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Data Center Network Manager ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the management interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "6.1", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-09-05T16:00:00-0500", + "ID": "CVE-2018-0450", + "STATE": "PUBLIC", + "TITLE": "Cisco Data Center Network Manager Cross-Site Scripting Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Data Center Network Manager ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180905 Cisco Data Center Network Manager Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-dcnm-xss" - }, - { - "name" : "105288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105288" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20180905-dcnm-xss", - "defect" : [ - [ - "CSCvh70379" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the management interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105288" + }, + { + "name": "20180905 Cisco Data Center Network Manager Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-dcnm-xss" + } + ] + }, + "source": { + "advisory": "cisco-sa-20180905-dcnm-xss", + "defect": [ + [ + "CSCvh70379" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0791.json b/2018/0xxx/CVE-2018-0791.json index fc91e1f97ea..b555591bb25 100644 --- a/2018/0xxx/CVE-2018-0791.json +++ b/2018/0xxx/CVE-2018-0791.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-01-09T00:00:00", - "ID" : "CVE-2018-0791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Outlook", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka \"Microsoft Outlook Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0793." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-01-09T00:00:00", + "ID": "CVE-2018-0791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Outlook", + "version": { + "version_data": [ + { + "version_value": "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0791", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0791" - }, - { - "name" : "102383", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102383" - }, - { - "name" : "1040154", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka \"Microsoft Outlook Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0793." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040154", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040154" + }, + { + "name": "102383", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102383" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0791", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0791" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18319.json b/2018/18xxx/CVE-2018-18319.json index 5d526d7c964..eafbfae940a 100644 --- a/2018/18xxx/CVE-2018-18319.json +++ b/2018/18xxx/CVE-2018-18319.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.51cto.com/010bjsoft/2298902", - "refsource" : "MISC", - "url" : "http://blog.51cto.com/010bjsoft/2298902" - }, - { - "name" : "https://github.com/qoli/Merlin.PHP/issues/27", - "refsource" : "MISC", - "url" : "https://github.com/qoli/Merlin.PHP/issues/27" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.51cto.com/010bjsoft/2298902", + "refsource": "MISC", + "url": "http://blog.51cto.com/010bjsoft/2298902" + }, + { + "name": "https://github.com/qoli/Merlin.PHP/issues/27", + "refsource": "MISC", + "url": "https://github.com/qoli/Merlin.PHP/issues/27" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18538.json b/2018/18xxx/CVE-2018-18538.json index 083f6faa946..ab34527f5d5 100644 --- a/2018/18xxx/CVE-2018-18538.json +++ b/2018/18xxx/CVE-2018-18538.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18538", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18538", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18625.json b/2018/18xxx/CVE-2018-18625.json index 83e574d0b49..3fe9f001be4 100644 --- a/2018/18xxx/CVE-2018-18625.json +++ b/2018/18xxx/CVE-2018-18625.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18625", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18625", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18628.json b/2018/18xxx/CVE-2018-18628.json index 3b5414df99a..22f6947f108 100644 --- a/2018/18xxx/CVE-2018-18628.json +++ b/2018/18xxx/CVE-2018-18628.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Pippo 1.11.0. The function SerializationSessionDataTranscoder.decode() calls ObjectInputStream.readObject() to deserialize a SessionData object without checking the object types. An attacker can create a malicious object, base64 encode it, and place it in the PIPPO_SESSION field of a cookie. Sending this cookie may lead to remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/pippo-java/pippo/issues/458", - "refsource" : "MISC", - "url" : "https://github.com/pippo-java/pippo/issues/458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Pippo 1.11.0. The function SerializationSessionDataTranscoder.decode() calls ObjectInputStream.readObject() to deserialize a SessionData object without checking the object types. An attacker can create a malicious object, base64 encode it, and place it in the PIPPO_SESSION field of a cookie. Sending this cookie may lead to remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/pippo-java/pippo/issues/458", + "refsource": "MISC", + "url": "https://github.com/pippo-java/pippo/issues/458" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19285.json b/2018/19xxx/CVE-2018-19285.json index 0ea3a17bbe5..49eb7bb3798 100644 --- a/2018/19xxx/CVE-2018-19285.json +++ b/2018/19xxx/CVE-2018-19285.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19285", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19285", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19730.json b/2018/19xxx/CVE-2018-19730.json index 02b057d9b56..a0a76d2f077 100644 --- a/2018/19xxx/CVE-2018-19730.json +++ b/2018/19xxx/CVE-2018-19730.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19730", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-19730", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1158.json b/2018/1xxx/CVE-2018-1158.json index cdace143a1b..936e318e22d 100644 --- a/2018/1xxx/CVE-2018-1158.json +++ b/2018/1xxx/CVE-2018-1158.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnreport@tenable.com", - "DATE_PUBLIC" : "2018-08-22T00:00:00", - "ID" : "CVE-2018-1158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vulnreport@tenable.com", + "DATE_PUBLIC": "2018-08-22T00:00:00", + "ID": "CVE-2018-1158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2018-21", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2018-21" - }, - { - "name" : "https://mikrotik.com/download/changelogs", - "refsource" : "CONFIRM", - "url" : "https://mikrotik.com/download/changelogs" - }, - { - "name" : "https://mikrotik.com/download/changelogs/bugfix-release-tree", - "refsource" : "CONFIRM", - "url" : "https://mikrotik.com/download/changelogs/bugfix-release-tree" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/research/tra-2018-21", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2018-21" + }, + { + "name": "https://mikrotik.com/download/changelogs", + "refsource": "CONFIRM", + "url": "https://mikrotik.com/download/changelogs" + }, + { + "name": "https://mikrotik.com/download/changelogs/bugfix-release-tree", + "refsource": "CONFIRM", + "url": "https://mikrotik.com/download/changelogs/bugfix-release-tree" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1200.json b/2018/1xxx/CVE-2018-1200.json index af16ab2329d..5b2c26ecd00 100644 --- a/2018/1xxx/CVE-2018-1200.json +++ b/2018/1xxx/CVE-2018-1200.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "DATE_PUBLIC" : "2018-02-13T00:00:00", - "ID" : "CVE-2018-1200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apps Manager for PCF", - "version" : { - "version_data" : [ - { - "version_value" : "Pivotal Application Service: 1.11.x versions prior to 1.11.26, 1.12.x versions prior to 1.12.14, 2.0.x versions prior to 2.0.5, Please note: PAS versions prior to 1.11 are not affected." - } - ] - } - } - ] - }, - "vendor_name" : "Dell EMC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "File Access Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-02-13T00:00:00", + "ID": "CVE-2018-1200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apps Manager for PCF", + "version": { + "version_data": [ + { + "version_value": "Pivotal Application Service: 1.11.x versions prior to 1.11.26, 1.12.x versions prior to 1.12.14, 2.0.x versions prior to 2.0.5, Please note: PAS versions prior to 1.11 are not affected." + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2018-1200", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2018-1200" - }, - { - "name" : "103042", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103042" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "File Access Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pivotal.io/security/cve-2018-1200", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2018-1200" + }, + { + "name": "103042", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103042" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1217.json b/2018/1xxx/CVE-2018-1217.json index 9010d41f81a..e8642da704e 100644 --- a/2018/1xxx/CVE-2018-1217.json +++ b/2018/1xxx/CVE-2018-1217.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "DATE_PUBLIC" : "2018-04-05T00:00:00", - "ID" : "CVE-2018-1217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Avamar, Integrated Data Protection Appliance", - "version" : { - "version_data" : [ - { - "version_value" : "Avamar Server versions 7.3.1, 7.4.1, 7.5.0" - }, - { - "version_value" : "Integrated Data Protection Appliance Versions 2.0, 2.1" - } - ] - } - } - ] - }, - "vendor_name" : "Dell EMC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials. The LDLS credentials are used to connect to Dell EMC Online Support. If the LDLS configuration was changed to an invalid configuration, then Avamar Installation Manager may not be able to connect to Dell EMC Online Support web site successfully. The remote unauthenticated attacker can also read and use the credentials to login to Dell EMC Online Support, impersonating the AVI service actions using those credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Access Control Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-04-05T00:00:00", + "ID": "CVE-2018-1217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Avamar, Integrated Data Protection Appliance", + "version": { + "version_data": [ + { + "version_value": "Avamar Server versions 7.3.1, 7.4.1, 7.5.0" + }, + { + "version_value": "Integrated Data Protection Appliance Versions 2.0, 2.1" + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44441", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44441/" - }, - { - "name" : "20180405 DSA-2018-025: Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager Missing Access Control Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Apr/14" - }, - { - "name" : "1040641", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040641" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials. The LDLS credentials are used to connect to Dell EMC Online Support. If the LDLS configuration was changed to an invalid configuration, then Avamar Installation Manager may not be able to connect to Dell EMC Online Support web site successfully. The remote unauthenticated attacker can also read and use the credentials to login to Dell EMC Online Support, impersonating the AVI service actions using those credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Access Control Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44441", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44441/" + }, + { + "name": "1040641", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040641" + }, + { + "name": "20180405 DSA-2018-025: Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager Missing Access Control Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Apr/14" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1891.json b/2018/1xxx/CVE-2018-1891.json index ff50caf77a1..a75b86c2e3b 100644 --- a/2018/1xxx/CVE-2018-1891.json +++ b/2018/1xxx/CVE-2018-1891.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-12-13T00:00:00", - "ID" : "CVE-2018-1891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Guardium", - "version" : { - "version_data" : [ - { - "version_value" : "10" - }, - { - "version_value" : "10.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152082." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-12-13T00:00:00", + "ID": "CVE-2018-1891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Guardium", + "version": { + "version_data": [ + { + "version_value": "10" + }, + { + "version_value": "10.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10742865", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10742865" - }, - { - "name" : "106239", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106239" - }, - { - "name" : "ibm-guardium-cve20181891-xss(152082)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152082." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10742865", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10742865" + }, + { + "name": "ibm-guardium-cve20181891-xss(152082)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152082" + }, + { + "name": "106239", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106239" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5651.json b/2018/5xxx/CVE-2018-5651.json index 81af966e5db..31a15b1baa3 100644 --- a/2018/5xxx/CVE-2018-5651.json +++ b/2018/5xxx/CVE-2018-5651.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_start parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/dark-mode.md", - "refsource" : "MISC", - "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/dark-mode.md" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/9008", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/9008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_start parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wpvulndb.com/vulnerabilities/9008", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/9008" + }, + { + "name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/dark-mode.md", + "refsource": "MISC", + "url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/dark-mode.md" + } + ] + } +} \ No newline at end of file