diff --git a/2008/0xxx/CVE-2008-0166.json b/2008/0xxx/CVE-2008-0166.json index 9c2d347c90c..a2b1fde0e5c 100644 --- a/2008/0xxx/CVE-2008-0166.json +++ b/2008/0xxx/CVE-2008-0166.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080515 Debian generated SSH-Keys working exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492112/100/0/threaded" - }, - { - "name" : "5622", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5622" - }, - { - "name" : "5632", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5632" - }, - { - "name" : "5720", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5720" - }, - { - "name" : "[rsyncrypto-devel] 20080523 Advisory - Rsyncrypto maybe affected from Debian OpenSSL reduced entropy problem", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz&forum_name=rsyncrypto-devel" - }, - { - "name" : "http://metasploit.com/users/hdm/tools/debian-openssl/", - "refsource" : "MISC", - "url" : "http://metasploit.com/users/hdm/tools/debian-openssl/" - }, - { - "name" : "DSA-1571", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1571" - }, - { - "name" : "DSA-1576", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1576" - }, - { - "name" : "USN-612-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-612-1" - }, - { - "name" : "USN-612-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-612-2" - }, - { - "name" : "USN-612-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-612-3" - }, - { - "name" : "USN-612-4", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-612-4" - }, - { - "name" : "USN-612-7", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-612-7" - }, - { - "name" : "TA08-137A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-137A.html" - }, - { - "name" : "VU#925211", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/925211" - }, - { - "name" : "29179", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29179" - }, - { - "name" : "1020017", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020017" - }, - { - "name" : "30220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30220" - }, - { - "name" : "30221", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30221" - }, - { - "name" : "30231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30231" - }, - { - "name" : "30239", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30239" - }, - { - "name" : "30249", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30249" - }, - { - "name" : "30136", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30136" - }, - { - "name" : "openssl-rng-weak-security(42375)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1576", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1576" + }, + { + "name": "5622", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5622" + }, + { + "name": "30221", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30221" + }, + { + "name": "[rsyncrypto-devel] 20080523 Advisory - Rsyncrypto maybe affected from Debian OpenSSL reduced entropy problem", + "refsource": "MLIST", + "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz&forum_name=rsyncrypto-devel" + }, + { + "name": "DSA-1571", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1571" + }, + { + "name": "29179", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29179" + }, + { + "name": "20080515 Debian generated SSH-Keys working exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492112/100/0/threaded" + }, + { + "name": "30239", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30239" + }, + { + "name": "30220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30220" + }, + { + "name": "USN-612-7", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-612-7" + }, + { + "name": "30231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30231" + }, + { + "name": "openssl-rng-weak-security(42375)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42375" + }, + { + "name": "http://metasploit.com/users/hdm/tools/debian-openssl/", + "refsource": "MISC", + "url": "http://metasploit.com/users/hdm/tools/debian-openssl/" + }, + { + "name": "30249", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30249" + }, + { + "name": "1020017", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020017" + }, + { + "name": "5632", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5632" + }, + { + "name": "USN-612-4", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-612-4" + }, + { + "name": "USN-612-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-612-2" + }, + { + "name": "TA08-137A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-137A.html" + }, + { + "name": "VU#925211", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/925211" + }, + { + "name": "5720", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5720" + }, + { + "name": "30136", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30136" + }, + { + "name": "USN-612-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-612-3" + }, + { + "name": "USN-612-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-612-1" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0349.json b/2008/0xxx/CVE-2008-0349.json index 4a2d858ec22..0091a374f82 100644 --- a/2008/0xxx/CVE-2008-0349.json +++ b/2008/0xxx/CVE-2008-0349.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.15 and 8.49.07 has unknown impact and remote attack vectors, aka PSE02." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=120058413923005&w=2" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=120058413923005&w=2" - }, - { - "name" : "TA08-017A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-017A.html" - }, - { - "name" : "27229", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27229" - }, - { - "name" : "ADV-2008-0150", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0150" - }, - { - "name" : "ADV-2008-0180", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0180" - }, - { - "name" : "1019218", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019218" - }, - { - "name" : "28518", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28518" - }, - { - "name" : "28556", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28556" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.15 and 8.49.07 has unknown impact and remote attack vectors, aka PSE02." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1019218", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019218" + }, + { + "name": "27229", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27229" + }, + { + "name": "TA08-017A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-017A.html" + }, + { + "name": "ADV-2008-0150", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0150" + }, + { + "name": "ADV-2008-0180", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0180" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=120058413923005&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=120058413923005&w=2" + }, + { + "name": "28556", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28556" + }, + { + "name": "28518", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28518" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0698.json b/2008/0xxx/CVE-2008-0698.json index d44b8c81425..a9f59d432f9 100644 --- a/2008/0xxx/CVE-2008-0698.json +++ b/2008/0xxx/CVE-2008-0698.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving \"invalid memory access.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT" - }, - { - "name" : "IZ05496", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05496" - }, - { - "name" : "27681", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27681" - }, - { - "name" : "ADV-2008-0401", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0401" - }, - { - "name" : "28771", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28771" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving \"invalid memory access.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT", + "refsource": "CONFIRM", + "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT" + }, + { + "name": "27681", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27681" + }, + { + "name": "28771", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28771" + }, + { + "name": "ADV-2008-0401", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0401" + }, + { + "name": "IZ05496", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05496" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1329.json b/2008/1xxx/CVE-2008-1329.json index e4f922b11c5..588ec47921d 100644 --- a/2008/1xxx/CVE-2008-1329.json +++ b/2008/1xxx/CVE-2008-1329.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the NetBackup service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary commands, related to \"insufficient verification of file uploads.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080404 CA ARCserve Backup for Laptops and Desktops Server and CA Desktop Management Suite Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490463/100/0/threaded" - }, - { - "name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173105", - "refsource" : "CONFIRM", - "url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173105" - }, - { - "name" : "28616", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28616" - }, - { - "name" : "ADV-2008-1104", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1104/references" - }, - { - "name" : "1019788", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019788" - }, - { - "name" : "3800", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3800" - }, - { - "name" : "ca-arcserverbackup-netbackup-code-execution(41642)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41642" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the NetBackup service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary commands, related to \"insufficient verification of file uploads.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173105", + "refsource": "CONFIRM", + "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173105" + }, + { + "name": "ca-arcserverbackup-netbackup-code-execution(41642)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41642" + }, + { + "name": "3800", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3800" + }, + { + "name": "28616", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28616" + }, + { + "name": "20080404 CA ARCserve Backup for Laptops and Desktops Server and CA Desktop Management Suite Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490463/100/0/threaded" + }, + { + "name": "1019788", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019788" + }, + { + "name": "ADV-2008-1104", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1104/references" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1432.json b/2008/1xxx/CVE-2008-1432.json index fd176fd81cb..816ad86b1b7 100644 --- a/2008/1xxx/CVE-2008-1432.json +++ b/2008/1xxx/CVE-2008-1432.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "29441", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29441" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29441", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29441" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4728.json b/2008/4xxx/CVE-2008-4728.json index 2e64b67c23b..544268e0b9c 100644 --- a/2008/4xxx/CVE-2008-4728.json +++ b/2008/4xxx/CVE-2008-4728.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6773", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6773" - }, - { - "name" : "6774", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6774" - }, - { - "name" : "6776", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6776" - }, - { - "name" : "http://www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.html", - "refsource" : "MISC", - "url" : "http://www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.html" - }, - { - "name" : "http://www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.html", - "refsource" : "MISC", - "url" : "http://www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.html" - }, - { - "name" : "http://www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.html", - "refsource" : "MISC", - "url" : "http://www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.html" - }, - { - "name" : "31799", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31799" - }, - { - "name" : "ADV-2008-2857", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2857" - }, - { - "name" : "32337", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32337" - }, - { - "name" : "hummingbird-run-command-execution(45961)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45961" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6773", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6773" + }, + { + "name": "http://www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.html", + "refsource": "MISC", + "url": "http://www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.html" + }, + { + "name": "6774", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6774" + }, + { + "name": "31799", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31799" + }, + { + "name": "hummingbird-run-command-execution(45961)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45961" + }, + { + "name": "6776", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6776" + }, + { + "name": "ADV-2008-2857", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2857" + }, + { + "name": "32337", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32337" + }, + { + "name": "http://www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.html", + "refsource": "MISC", + "url": "http://www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.html" + }, + { + "name": "http://www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.html", + "refsource": "MISC", + "url": "http://www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4818.json b/2008/4xxx/CVE-2008-4818.json index cd297666579..838eaf8d4dd 100644 --- a/2008/4xxx/CVE-2008-4818.json +++ b/2008/4xxx/CVE-2008-4818.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb08-20.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb08-20.html" - }, - { - "name" : "http://support.apple.com/kb/HT3338", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3338" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm" - }, - { - "name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=", - "refsource" : "CONFIRM", - "url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=" - }, - { - "name" : "APPLE-SA-2008-12-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html" - }, - { - "name" : "GLSA-200903-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200903-23.xml" - }, - { - "name" : "RHSA-2008:0980", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0980.html" - }, - { - "name" : "248586", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1" - }, - { - "name" : "TA08-350A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-350A.html" - }, - { - "name" : "32129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32129" - }, - { - "name" : "34226", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34226" - }, - { - "name" : "ADV-2008-3444", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3444" - }, - { - "name" : "1021146", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021146" - }, - { - "name" : "32702", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32702" - }, - { - "name" : "33179", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33179" - }, - { - "name" : "33390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33390" - }, - { - "name" : "adobe-flash-response-xss(46531)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=", + "refsource": "CONFIRM", + "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=" + }, + { + "name": "32129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32129" + }, + { + "name": "33390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33390" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm" + }, + { + "name": "ADV-2008-3444", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3444" + }, + { + "name": "32702", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32702" + }, + { + "name": "TA08-350A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb08-20.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb08-20.html" + }, + { + "name": "33179", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33179" + }, + { + "name": "34226", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34226" + }, + { + "name": "adobe-flash-response-xss(46531)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46531" + }, + { + "name": "1021146", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021146" + }, + { + "name": "GLSA-200903-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml" + }, + { + "name": "http://support.apple.com/kb/HT3338", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3338" + }, + { + "name": "RHSA-2008:0980", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm" + }, + { + "name": "APPLE-SA-2008-12-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html" + }, + { + "name": "248586", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4857.json b/2008/4xxx/CVE-2008-4857.json index 8311f80a8c7..7d2d82f2a8c 100644 --- a/2008/4xxx/CVE-2008-4857.json +++ b/2008/4xxx/CVE-2008-4857.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4857", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-4857", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5443.json b/2008/5xxx/CVE-2008-5443.json index 8037f6dd62e..4609743fe4a 100644 --- a/2008/5xxx/CVE-2008-5443.json +++ b/2008/5xxx/CVE-2008-5443.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2008-5441 and CVE-2008-5442." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2008-5443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" - }, - { - "name" : "33177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33177" - }, - { - "name" : "ADV-2009-0115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0115" - }, - { - "name" : "33525", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2008-5441 and CVE-2008-5442." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33525", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33525" + }, + { + "name": "ADV-2009-0115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0115" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" + }, + { + "name": "33177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33177" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5946.json b/2008/5xxx/CVE-2008-5946.json index 7a870494387..9cf4701a6c2 100644 --- a/2008/5xxx/CVE-2008-5946.json +++ b/2008/5xxx/CVE-2008-5946.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the news_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/bid/30680/exploit", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/bid/30680/exploit" - }, - { - "name" : "30680", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30680" - }, - { - "name" : "phpfusion-readmore-sql-injection(44456)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the news_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securityfocus.com/bid/30680/exploit", + "refsource": "MISC", + "url": "http://www.securityfocus.com/bid/30680/exploit" + }, + { + "name": "phpfusion-readmore-sql-injection(44456)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44456" + }, + { + "name": "30680", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30680" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2159.json b/2013/2xxx/CVE-2013-2159.json index d684d0dcd65..b3a92f78551 100644 --- a/2013/2xxx/CVE-2013-2159.json +++ b/2013/2xxx/CVE-2013-2159.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2159", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2159", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2810.json b/2013/2xxx/CVE-2013-2810.json index 1d97db5b462..4b3c8903e89 100644 --- a/2013/2xxx/CVE-2013-2810.json +++ b/2013/2xxx/CVE-2013-2810.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary commands via a TCP replay attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2013-2810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-13-259-01A", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-13-259-01A" - }, - { - "name" : "71425", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71425" - }, - { - "name" : "rtu-cve20142810-command-exec(99131)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary commands via a TCP replay attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-13-259-01A", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-259-01A" + }, + { + "name": "71425", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71425" + }, + { + "name": "rtu-cve20142810-command-exec(99131)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99131" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3793.json b/2013/3xxx/CVE-2013-3793.json index a201993baac..5bc345a8660 100644 --- a/2013/3xxx/CVE-2013-3793.json +++ b/2013/3xxx/CVE-2013-3793.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-3793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "DSA-2818", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2818" - }, - { - "name" : "SUSE-SU-2013:1390", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html" - }, - { - "name" : "openSUSE-SU-2013:1335", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html" - }, - { - "name" : "openSUSE-SU-2013:1410", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html" - }, - { - "name" : "SUSE-SU-2013:1529", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html" - }, - { - "name" : "USN-1909-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1909-1" - }, - { - "name" : "61264", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61264" - }, - { - "name" : "95323", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95323" - }, - { - "name" : "54300", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54300" - }, - { - "name" : "oracle-cpujuly2013-cve20133793(85710)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85710" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54300", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54300" + }, + { + "name": "oracle-cpujuly2013-cve20133793(85710)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85710" + }, + { + "name": "DSA-2818", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2818" + }, + { + "name": "95323", + "refsource": "OSVDB", + "url": "http://osvdb.org/95323" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" + }, + { + "name": "openSUSE-SU-2013:1335", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html" + }, + { + "name": "USN-1909-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1909-1" + }, + { + "name": "SUSE-SU-2013:1390", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html" + }, + { + "name": "openSUSE-SU-2013:1410", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html" + }, + { + "name": "61264", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61264" + }, + { + "name": "SUSE-SU-2013:1529", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4749.json b/2013/4xxx/CVE-2013-4749.json index 84ecc2ea19c..9e7d696f9fd 100644 --- a/2013/4xxx/CVE-2013-4749.json +++ b/2013/4xxx/CVE-2013-4749.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/", - "refsource" : "MISC", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/" - }, - { - "name" : "typo3-usertaskcenter-unspecified-xss(81584)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81584" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "typo3-usertaskcenter-unspecified-xss(81584)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81584" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/", + "refsource": "MISC", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4768.json b/2013/4xxx/CVE-2013-4768.json index 72e22450bb7..9971177fb57 100644 --- a/2013/4xxx/CVE-2013-4768.json +++ b/2013/4xxx/CVE-2013-4768.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the \"network connection clean up code\" and (1) Cloud Controller (CLC), (2) Walrus, (3) Storage Controller (SC), and (4) VMware Broker (VB)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.eucalyptus.com/resources/security/advisories/esa-15", - "refsource" : "CONFIRM", - "url" : "https://www.eucalyptus.com/resources/security/advisories/esa-15" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the \"network connection clean up code\" and (1) Cloud Controller (CLC), (2) Walrus, (3) Storage Controller (SC), and (4) VMware Broker (VB)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.eucalyptus.com/resources/security/advisories/esa-15", + "refsource": "CONFIRM", + "url": "https://www.eucalyptus.com/resources/security/advisories/esa-15" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4874.json b/2013/4xxx/CVE-2013-4874.json index 1845c3fbc59..c7ca7a8ce08 100644 --- a/2013/4xxx/CVE-2013-4874.json +++ b/2013/4xxx/CVE-2013-4874.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/BLUU-997M5B", - "refsource" : "MISC", - "url" : "http://www.kb.cert.org/vuls/id/BLUU-997M5B" - }, - { - "name" : "VU#458007", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/458007" - }, - { - "name" : "61169", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61169" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kb.cert.org/vuls/id/BLUU-997M5B", + "refsource": "MISC", + "url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B" + }, + { + "name": "VU#458007", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/458007" + }, + { + "name": "61169", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61169" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6501.json b/2013/6xxx/CVE-2013-6501.json index bd2a24ce0e9..74596901ab9 100644 --- a/2013/6xxx/CVE-2013-6501.json +++ b/2013/6xxx/CVE-2013-6501.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1009103", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1009103" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" - }, - { - "name" : "GLSA-201606-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-10" - }, - { - "name" : "SUSE-SU-2015:0436", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.html" - }, - { - "name" : "72530", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72530" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1009103", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1009103" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" + }, + { + "name": "SUSE-SU-2015:0436", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.html" + }, + { + "name": "72530", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72530" + }, + { + "name": "GLSA-201606-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-10" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7007.json b/2013/7xxx/CVE-2013-7007.json index fc74472ad02..b7f97250562 100644 --- a/2013/7xxx/CVE-2013-7007.json +++ b/2013/7xxx/CVE-2013-7007.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7007", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7007", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10200.json b/2017/10xxx/CVE-2017-10200.json index affd579815a..503349f3a28 100644 --- a/2017/10xxx/CVE-2017-10200.json +++ b/2017/10xxx/CVE-2017-10200.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality e7", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "4.2.1" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality e7 component of Oracle Hospitality Applications (subcomponent: Other). The supported version that is affected is 4.2.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality e7 executes to compromise Oracle Hospitality e7. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality e7 accessible data as well as unauthorized read access to a subset of Oracle Hospitality e7 accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality e7 executes to compromise Oracle Hospitality e7. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality e7 accessible data as well as unauthorized read access to a subset of Oracle Hospitality e7 accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality e7", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.2.1" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99858", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99858" - }, - { - "name" : "1038941", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality e7 component of Oracle Hospitality Applications (subcomponent: Other). The supported version that is affected is 4.2.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality e7 executes to compromise Oracle Hospitality e7. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality e7 accessible data as well as unauthorized read access to a subset of Oracle Hospitality e7 accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality e7 executes to compromise Oracle Hospitality e7. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality e7 accessible data as well as unauthorized read access to a subset of Oracle Hospitality e7 accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99858", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99858" + }, + { + "name": "1038941", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038941" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10910.json b/2017/10xxx/CVE-2017-10910.json index 3e6db1ff168..4897cb479d9 100644 --- a/2017/10xxx/CVE-2017-10910.json +++ b/2017/10xxx/CVE-2017-10910.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-10910", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MQTT.js", - "version" : { - "version_data" : [ - { - "version_value" : "2.x.x prior to 2.15.0" - } - ] - } - } - ] - }, - "vendor_name" : "MQTT.js." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer error" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-10910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MQTT.js", + "version": { + "version_data": [ + { + "version_value": "2.x.x prior to 2.15.0" + } + ] + } + } + ] + }, + "vendor_name": "MQTT.js." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/mqttjs/MQTT.js/commit/403ba53b838f2d319a0c0505a045fe00239e9923", - "refsource" : "MISC", - "url" : "https://github.com/mqttjs/MQTT.js/commit/403ba53b838f2d319a0c0505a045fe00239e9923" - }, - { - "name" : "https://github.com/mqttjs/MQTT.js/releases/tag/v2.15.0", - "refsource" : "MISC", - "url" : "https://github.com/mqttjs/MQTT.js/releases/tag/v2.15.0" - }, - { - "name" : "JVN#45494523", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN45494523/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#45494523", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN45494523/index.html" + }, + { + "name": "https://github.com/mqttjs/MQTT.js/releases/tag/v2.15.0", + "refsource": "MISC", + "url": "https://github.com/mqttjs/MQTT.js/releases/tag/v2.15.0" + }, + { + "name": "https://github.com/mqttjs/MQTT.js/commit/403ba53b838f2d319a0c0505a045fe00239e9923", + "refsource": "MISC", + "url": "https://github.com/mqttjs/MQTT.js/commit/403ba53b838f2d319a0c0505a045fe00239e9923" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12172.json b/2017/12xxx/CVE-2017-12172.json index 78a8ead8f1d..2f0d5b2a679 100644 --- a/2017/12xxx/CVE-2017-12172.json +++ b/2017/12xxx/CVE-2017-12172.json @@ -1,98 +1,98 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2017-11-09T00:00:00", - "ID" : "CVE-2017-12172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "postgresql", - "version" : { - "version_data" : [ - { - "version_value" : "10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, 9.2.x before 9.2.24" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-59" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2017-11-09T00:00:00", + "ID": "CVE-2017-12172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "postgresql", + "version": { + "version_data": [ + { + "version_value": "10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, 9.2.x before 9.2.24" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.postgresql.org/support/security/", - "refsource" : "MISC", - "url" : "https://www.postgresql.org/support/security/" - }, - { - "name" : "https://www.postgresql.org/about/news/1801/", - "refsource" : "CONFIRM", - "url" : "https://www.postgresql.org/about/news/1801/" - }, - { - "name" : "RHSA-2017:3402", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3402" - }, - { - "name" : "RHSA-2017:3403", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3403" - }, - { - "name" : "RHSA-2017:3404", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3404" - }, - { - "name" : "RHSA-2017:3405", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3405" - }, - { - "name" : "101949", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101949" - }, - { - "name" : "1039752", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039752" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-59" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:3402", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3402" + }, + { + "name": "101949", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101949" + }, + { + "name": "RHSA-2017:3403", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3403" + }, + { + "name": "RHSA-2017:3405", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3405" + }, + { + "name": "https://www.postgresql.org/support/security/", + "refsource": "MISC", + "url": "https://www.postgresql.org/support/security/" + }, + { + "name": "1039752", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039752" + }, + { + "name": "https://www.postgresql.org/about/news/1801/", + "refsource": "CONFIRM", + "url": "https://www.postgresql.org/about/news/1801/" + }, + { + "name": "RHSA-2017:3404", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3404" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13182.json b/2017/13xxx/CVE-2017-13182.json index 33158be1f1c..3646decd423 100644 --- a/2017/13xxx/CVE-2017-13182.json +++ b/2017/13xxx/CVE-2017-13182.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-01-02T00:00:00", - "ID" : "CVE-2017-13182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "8.0" - }, - { - "version_value" : "8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to an out-of-bounds write. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67737022." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-01-02T00:00:00", + "ID": "CVE-2017-13182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "8.0" + }, + { + "version_value": "8.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-01-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-01-01" - }, - { - "name" : "102414", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102414" - }, - { - "name" : "1040106", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to an out-of-bounds write. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67737022." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-01-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-01-01" + }, + { + "name": "1040106", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040106" + }, + { + "name": "102414", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102414" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13737.json b/2017/13xxx/CVE-2017-13737.json index 7c9e3ab318c..dcbcb9dfce5 100644 --- a/2017/13xxx/CVE-2017-13737.json +++ b/2017/13xxx/CVE-2017-13737.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html" - }, - { - "name" : "http://openwall.com/lists/oss-security/2017/08/29/4", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2017/08/29/4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1484196", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1484196" - }, - { - "name" : "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/3db9449e3d6a/", - "refsource" : "CONFIRM", - "url" : "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/3db9449e3d6a/" - }, - { - "name" : "https://bugs.debian.org/878511", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/878511" - }, - { - "name" : "DSA-4321", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4321" - }, - { - "name" : "100518", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100518" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1484196", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484196" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/08/29/4", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2017/08/29/4" + }, + { + "name": "100518", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100518" + }, + { + "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/3db9449e3d6a/", + "refsource": "CONFIRM", + "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/3db9449e3d6a/" + }, + { + "name": "DSA-4321", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4321" + }, + { + "name": "https://bugs.debian.org/878511", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/878511" + }, + { + "name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17140.json b/2017/17xxx/CVE-2017-17140.json index 9fc36e30a5b..13fce0a2eff 100644 --- a/2017/17xxx/CVE-2017-17140.json +++ b/2017/17xxx/CVE-2017-17140.json @@ -1,66 +1,66 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-12-06T00:00:00", - "ID" : "CVE-2017-17140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Enjoy 5s; Y6 Pro", - "version" : { - "version_data" : [ - { - "version_value" : "The versions before TAG-AL00C92B170" - }, - { - "version_value" : "The versions before TIT-L01C576B121" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei Enjoy 5s and Y6 Pro smartphones with software the versions before TAG-AL00C92B170; the versions before TIT-L01C576B121 have an information leak vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious application on the smart phone and the application can read some sensitive information in kernel memory which may cause sensitive information leak." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "information leak" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-12-06T00:00:00", + "ID": "CVE-2017-17140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enjoy 5s; Y6 Pro", + "version": { + "version_data": [ + { + "version_value": "The versions before TAG-AL00C92B170" + }, + { + "version_value": "The versions before TIT-L01C576B121" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-smartphone-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei Enjoy 5s and Y6 Pro smartphones with software the versions before TAG-AL00C92B170; the versions before TIT-L01C576B121 have an information leak vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious application on the smart phone and the application can read some sensitive information in kernel memory which may cause sensitive information leak." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17508.json b/2017/17xxx/CVE-2017-17508.json index 753dfd5a259..dbcc2ec2c0a 100644 --- a/2017/17xxx/CVE-2017-17508.json +++ b/2017/17xxx/CVE-2017-17508.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md", - "refsource" : "MISC", - "url" : "https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md", + "refsource": "MISC", + "url": "https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17692.json b/2017/17xxx/CVE-2017-17692.json index 4337efd3ed2..b9e2dea2d2a 100644 --- a/2017/17xxx/CVE-2017-17692.json +++ b/2017/17xxx/CVE-2017-17692.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43376", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43376/" - }, - { - "name" : "http://packetstormsecurity.com/files/145510/Samsung-Internet-Browser-SOP-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/145510/Samsung-Internet-Browser-SOP-Bypass.html" - }, - { - "name" : "https://datarift.blogspot.in/p/samsung-interent-browser-sop-bypass-cve.html", - "refsource" : "MISC", - "url" : "https://datarift.blogspot.in/p/samsung-interent-browser-sop-bypass-cve.html" - }, - { - "name" : "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/samsung_browser_sop_bypass.rb", - "refsource" : "MISC", - "url" : "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/samsung_browser_sop_bypass.rb" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43376", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43376/" + }, + { + "name": "http://packetstormsecurity.com/files/145510/Samsung-Internet-Browser-SOP-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/145510/Samsung-Internet-Browser-SOP-Bypass.html" + }, + { + "name": "https://datarift.blogspot.in/p/samsung-interent-browser-sop-bypass-cve.html", + "refsource": "MISC", + "url": "https://datarift.blogspot.in/p/samsung-interent-browser-sop-bypass-cve.html" + }, + { + "name": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/samsung_browser_sop_bypass.rb", + "refsource": "MISC", + "url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/samsung_browser_sop_bypass.rb" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17829.json b/2017/17xxx/CVE-2017-17829.json index ae72dd7b875..0afc2a1060d 100644 --- a/2017/17xxx/CVE-2017-17829.json +++ b/2017/17xxx/CVE-2017-17829.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Bus-Booking-Script.md", - "refsource" : "MISC", - "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Bus-Booking-Script.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Bus-Booking-Script.md", + "refsource": "MISC", + "url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Bus-Booking-Script.md" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17944.json b/2017/17xxx/CVE-2017-17944.json index 6e112aece2b..528b2e48d94 100644 --- a/2017/17xxx/CVE-2017-17944.json +++ b/2017/17xxx/CVE-2017-17944.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17944", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17944", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9032.json b/2017/9xxx/CVE-2017-9032.json index 1d9d5878da9..dcea33a9dac 100644 --- a/2017/9xxx/CVE-2017-9032.json +++ b/2017/9xxx/CVE-2017-9032.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) T1 or (2) tmLastConfigFileModifiedDate parameter to log_management.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170523 [CORE-2017-0002] - Trend Micro ServerProtect Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/May/91" - }, - { - "name" : "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html" - }, - { - "name" : "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities" - }, - { - "name" : "https://success.trendmicro.com/solution/1117411", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1117411" - }, - { - "name" : "1038548", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) T1 or (2) tmLastConfigFileModifiedDate parameter to log_management.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038548", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038548" + }, + { + "name": "https://success.trendmicro.com/solution/1117411", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1117411" + }, + { + "name": "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities" + }, + { + "name": "20170523 [CORE-2017-0002] - Trend Micro ServerProtect Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/May/91" + }, + { + "name": "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9443.json b/2017/9xxx/CVE-2017-9443.json index 5c103e2d54e..ac9dbd5121a 100644 --- a/2017/9xxx/CVE-2017-9443.json +++ b/2017/9xxx/CVE-2017-9443.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\\admin\\modules\\developer\\extensions\\install\\process.php and core\\admin\\modules\\developer\\packages\\install\\process.php. NOTE: the vendor states \"You must implicitly trust any package or extension you install as they all have the ability to write PHP files.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/bigtreecms/BigTree-CMS/issues/292", - "refsource" : "MISC", - "url" : "https://github.com/bigtreecms/BigTree-CMS/issues/292" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\\admin\\modules\\developer\\extensions\\install\\process.php and core\\admin\\modules\\developer\\packages\\install\\process.php. NOTE: the vendor states \"You must implicitly trust any package or extension you install as they all have the ability to write PHP files.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bigtreecms/BigTree-CMS/issues/292", + "refsource": "MISC", + "url": "https://github.com/bigtreecms/BigTree-CMS/issues/292" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9798.json b/2017/9xxx/CVE-2017-9798.json index 2e8b65296e1..7ebd4e3d4c1 100644 --- a/2017/9xxx/CVE-2017-9798.json +++ b/2017/9xxx/CVE-2017-9798.json @@ -1,232 +1,232 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2017-9798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache HTTP Server", - "version" : { - "version_data" : [ - { - "version_value" : "Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "use-after-free" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2017-9798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache HTTP Server", + "version": { + "version_data": [ + { + "version_value": "Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42745", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42745/" - }, - { - "name" : "http://openwall.com/lists/oss-security/2017/09/18/2", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2017/09/18/2" - }, - { - "name" : "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html", - "refsource" : "MISC", - "url" : "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html" - }, - { - "name" : "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch", - "refsource" : "MISC", - "url" : "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch" - }, - { - "name" : "https://github.com/apache/httpd/commit/29afdd2550b3d30a8defece2b95ae81edcf66ac9", - "refsource" : "MISC", - "url" : "https://github.com/apache/httpd/commit/29afdd2550b3d30a8defece2b95ae81edcf66ac9" - }, - { - "name" : "https://github.com/hannob/optionsbleed", - "refsource" : "MISC", - "url" : "https://github.com/hannob/optionsbleed" - }, - { - "name" : "https://security-tracker.debian.org/tracker/CVE-2017-9798", - "refsource" : "MISC", - "url" : "https://security-tracker.debian.org/tracker/CVE-2017-9798" - }, - { - "name" : "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch", - "refsource" : "MISC", - "url" : "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch" - }, - { - "name" : "https://support.apple.com/HT208331", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208331" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180601-0003/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180601-0003/" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us" - }, - { - "name" : "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798", - "refsource" : "CONFIRM", - "url" : "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798" - }, - { - "name" : "DSA-3980", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3980" - }, - { - "name" : "GLSA-201710-32", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-32" - }, - { - "name" : "RHSA-2017:3018", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3018" - }, - { - "name" : "RHSA-2017:3113", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3113" - }, - { - "name" : "RHSA-2017:3114", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3114" - }, - { - "name" : "RHSA-2017:3193", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3193" - }, - { - "name" : "RHSA-2017:3194", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3194" - }, - { - "name" : "RHSA-2017:3195", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3195" - }, - { - "name" : "RHSA-2017:3239", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3239" - }, - { - "name" : "RHSA-2017:3240", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3240" - }, - { - "name" : "RHSA-2017:2972", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2972" - }, - { - "name" : "RHSA-2017:2882", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2882" - }, - { - "name" : "RHSA-2017:3475", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3475" - }, - { - "name" : "RHSA-2017:3476", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3476" - }, - { - "name" : "RHSA-2017:3477", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3477" - }, - { - "name" : "100872", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100872" - }, - { - "name" : "105598", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105598" - }, - { - "name" : "1039387", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039387" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:3113", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3113" + }, + { + "name": "100872", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100872" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "RHSA-2017:2882", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2882" + }, + { + "name": "RHSA-2017:2972", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2972" + }, + { + "name": "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch", + "refsource": "MISC", + "url": "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch" + }, + { + "name": "https://support.apple.com/HT208331", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208331" + }, + { + "name": "1039387", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039387" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us" + }, + { + "name": "RHSA-2017:3475", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3475" + }, + { + "name": "https://github.com/hannob/optionsbleed", + "refsource": "MISC", + "url": "https://github.com/hannob/optionsbleed" + }, + { + "name": "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch", + "refsource": "MISC", + "url": "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch" + }, + { + "name": "RHSA-2017:3240", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3240" + }, + { + "name": "RHSA-2017:3195", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3195" + }, + { + "name": "RHSA-2017:3018", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3018" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "RHSA-2017:3239", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3239" + }, + { + "name": "RHSA-2017:3476", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3476" + }, + { + "name": "105598", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105598" + }, + { + "name": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798", + "refsource": "CONFIRM", + "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "RHSA-2017:3114", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3114" + }, + { + "name": "RHSA-2017:3477", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3477" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/09/18/2", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2017/09/18/2" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180601-0003/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180601-0003/" + }, + { + "name": "RHSA-2017:3194", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3194" + }, + { + "name": "https://security-tracker.debian.org/tracker/CVE-2017-9798", + "refsource": "MISC", + "url": "https://security-tracker.debian.org/tracker/CVE-2017-9798" + }, + { + "name": "RHSA-2017:3193", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3193" + }, + { + "name": "DSA-3980", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3980" + }, + { + "name": "https://github.com/apache/httpd/commit/29afdd2550b3d30a8defece2b95ae81edcf66ac9", + "refsource": "MISC", + "url": "https://github.com/apache/httpd/commit/29afdd2550b3d30a8defece2b95ae81edcf66ac9" + }, + { + "name": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html", + "refsource": "MISC", + "url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html" + }, + { + "name": "42745", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42745/" + }, + { + "name": "GLSA-201710-32", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-32" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0012.json b/2018/0xxx/CVE-2018-0012.json index 2447b2c15c4..757bf05c0db 100644 --- a/2018/0xxx/CVE-2018-0012.json +++ b/2018/0xxx/CVE-2018-0012.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "DATE_PUBLIC" : "2018-01-10T17:00:00.000Z", - "ID" : "CVE-2018-0012", - "STATE" : "PUBLIC", - "TITLE" : "Junos Space: Local privilege escalation vulnerability in Junos Space" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Junos Space", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "All", - "version_value" : "17.2R1" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." - } - ], - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "LOCAL", - "availabilityImpact" : "HIGH", - "baseScore" : 7.8, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege escalation" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2018-01-10T17:00:00.000Z", + "ID": "CVE-2018-0012", + "STATE": "PUBLIC", + "TITLE": "Junos Space: Local privilege escalation vulnerability in Junos Space" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos Space", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "All", + "version_value": "17.2R1" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10838", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10838" - }, - { - "name" : "1040189", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040189" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "The following software releases have been updated to resolve this specific issue: Junos Space 17.2R1 and all subsequent releases." - } - ], - "source" : { - "advisory" : "JSA10838", - "defect" : [ - "1296620" - ], - "discovery" : "INTERNAL" - }, - "work_around" : [ - { - "lang" : "eng", - "value" : "Use access lists or firewall filters to limit access to the device only from trusted hosts and administrators." - } - ] -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10838", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10838" + }, + { + "name": "1040189", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040189" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: Junos Space 17.2R1 and all subsequent releases." + } + ], + "source": { + "advisory": "JSA10838", + "defect": [ + "1296620" + ], + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "Use access lists or firewall filters to limit access to the device only from trusted hosts and administrators." + } + ] +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0046.json b/2018/0xxx/CVE-2018-0046.json index ec06024a842..a1547391344 100644 --- a/2018/0xxx/CVE-2018-0046.json +++ b/2018/0xxx/CVE-2018-0046.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "DATE_PUBLIC" : "2018-10-10T16:00:00.000Z", - "ID" : "CVE-2018-0046", - "STATE" : "PUBLIC", - "TITLE" : "Junos Space: Reflected Cross-site Scripting vulnerability in OpenNMS" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Junos Space", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "18.2R1" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Marcel Bilal of IT-Dienstleistungszentrum Berlin" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." - } - ], - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 8.8, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Reflected cross-site scripting vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2018-10-10T16:00:00.000Z", + "ID": "CVE-2018-0046", + "STATE": "PUBLIC", + "TITLE": "Junos Space: Reflected Cross-site Scripting vulnerability in OpenNMS" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos Space", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "18.2R1" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d", - "refsource" : "CONFIRM", - "url" : "https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d" - }, - { - "name" : "https://kb.juniper.net/JSA10880", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10880" - }, - { - "name" : "105566", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105566" - }, - { - "name" : "1041862", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041862" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "The following software releases have been updated to resolve this specific issue: Junos Space 18.2R1, and all subsequent releases.\n" - } - ], - "source" : { - "advisory" : "JSA10880", - "defect" : [ - "1337619" - ], - "discovery" : "EXTERNAL" - }, - "work_around" : [ - { - "lang" : "eng", - "value" : "There are no viable workarounds for this issue." - } - ] -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Marcel Bilal of IT-Dienstleistungszentrum Berlin" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected cross-site scripting vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105566", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105566" + }, + { + "name": "https://kb.juniper.net/JSA10880", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10880" + }, + { + "name": "https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d", + "refsource": "CONFIRM", + "url": "https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d" + }, + { + "name": "1041862", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041862" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: Junos Space 18.2R1, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA10880", + "defect": [ + "1337619" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no viable workarounds for this issue." + } + ] +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0460.json b/2018/0xxx/CVE-2018-0460.json index 6f0792dbfbe..b6a2fc78973 100644 --- a/2018/0xxx/CVE-2018-0460.json +++ b/2018/0xxx/CVE-2018-0460.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-09-05T16:00:00-0500", - "ID" : "CVE-2018-0460", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Enterprise NFV Infrastructure Software Information Disclosure Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Enterprise NFV Infrastructure Software ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this vulnerability by sending a malicious API request with the authentication credentials of a low-privileged user. A successful exploit could allow the attacker to read any file on the affected system." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "6.5", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-285" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-09-05T16:00:00-0500", + "ID": "CVE-2018-0460", + "STATE": "PUBLIC", + "TITLE": "Cisco Enterprise NFV Infrastructure Software Information Disclosure Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Enterprise NFV Infrastructure Software ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180905 Cisco Enterprise NFV Infrastructure Software Information Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nfvis-infodis" - }, - { - "name" : "105299", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105299" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20180905-nfvis-infodis", - "defect" : [ - [ - "CSCvj07787" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this vulnerability by sending a malicious API request with the authentication credentials of a low-privileged user. A successful exploit could allow the attacker to read any file on the affected system." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.5", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105299", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105299" + }, + { + "name": "20180905 Cisco Enterprise NFV Infrastructure Software Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nfvis-infodis" + } + ] + }, + "source": { + "advisory": "cisco-sa-20180905-nfvis-infodis", + "defect": [ + [ + "CSCvj07787" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0534.json b/2018/0xxx/CVE-2018-0534.json index d83a6449a22..9eec6c90c16 100644 --- a/2018/0xxx/CVE-2018-0534.json +++ b/2018/0xxx/CVE-2018-0534.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ArsenoL", - "version" : { - "version_data" : [ - { - "version_value" : "Version 0.5" - } - ] - } - } - ] - }, - "vendor_name" : "FlaFla..." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in ArsenoL Version 0.5 allows an attacker to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ArsenoL", + "version": { + "version_data": [ + { + "version_value": "Version 0.5" + } + ] + } + } + ] + }, + "vendor_name": "FlaFla..." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#30864198", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN30864198/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in ArsenoL Version 0.5 allows an attacker to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#30864198", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN30864198/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0625.json b/2018/0xxx/CVE-2018-0625.json index 7a90a2a6bde..14727bf8c02 100644 --- a/2018/0xxx/CVE-2018-0625.json +++ b/2018/0xxx/CVE-2018-0625.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WG1200HP", - "version" : { - "version_data" : [ - { - "version_value" : "firmware Ver1.0.31 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "NEC Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WG1200HP", + "version": { + "version_data": [ + { + "version_value": "firmware Ver1.0.31 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jpn.nec.com/security-info/secinfo/nv18-011.html", - "refsource" : "MISC", - "url" : "https://jpn.nec.com/security-info/secinfo/nv18-011.html" - }, - { - "name" : "JVN#00401783", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN00401783/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jpn.nec.com/security-info/secinfo/nv18-011.html", + "refsource": "MISC", + "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html" + }, + { + "name": "JVN#00401783", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN00401783/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18431.json b/2018/18xxx/CVE-2018-18431.json index 914f865df02..b5b9058345b 100644 --- a/2018/18xxx/CVE-2018-18431.json +++ b/2018/18xxx/CVE-2018-18431.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in DESTOON B2B 7.0. XSS exists via certain text boxes to the admin.php?moduleid=2&action=add URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/DESTOON/blob/master/XSS.md#xss2", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/DESTOON/blob/master/XSS.md#xss2" - }, - { - "name" : "https://www.patec.cn/newsshow.php?cid=24&id=134", - "refsource" : "MISC", - "url" : "https://www.patec.cn/newsshow.php?cid=24&id=134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in DESTOON B2B 7.0. XSS exists via certain text boxes to the admin.php?moduleid=2&action=add URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/DESTOON/blob/master/XSS.md#xss2", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/DESTOON/blob/master/XSS.md#xss2" + }, + { + "name": "https://www.patec.cn/newsshow.php?cid=24&id=134", + "refsource": "MISC", + "url": "https://www.patec.cn/newsshow.php?cid=24&id=134" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19262.json b/2018/19xxx/CVE-2018-19262.json index c05a881b853..790f0fcc84c 100644 --- a/2018/19xxx/CVE-2018-19262.json +++ b/2018/19xxx/CVE-2018-19262.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19262", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-19262", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19271.json b/2018/19xxx/CVE-2018-19271.json index 000ee0bf0a8..0f4c2d4f8fd 100644 --- a/2018/19xxx/CVE-2018-19271.json +++ b/2018/19xxx/CVE-2018-19271.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Centreon 3.4.x allows SQL Injection via the main.php searchH parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.rootlabs.com.br/authenticated-sql-injection-in-centreon-3-4-x/", - "refsource" : "MISC", - "url" : "http://www.rootlabs.com.br/authenticated-sql-injection-in-centreon-3-4-x/" - }, - { - "name" : "https://github.com/centreon/centreon/pull/6625", - "refsource" : "MISC", - "url" : "https://github.com/centreon/centreon/pull/6625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Centreon 3.4.x allows SQL Injection via the main.php searchH parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.rootlabs.com.br/authenticated-sql-injection-in-centreon-3-4-x/", + "refsource": "MISC", + "url": "http://www.rootlabs.com.br/authenticated-sql-injection-in-centreon-3-4-x/" + }, + { + "name": "https://github.com/centreon/centreon/pull/6625", + "refsource": "MISC", + "url": "https://github.com/centreon/centreon/pull/6625" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19652.json b/2018/19xxx/CVE-2018-19652.json index 2490f7855d4..4b833568a45 100644 --- a/2018/19xxx/CVE-2018-19652.json +++ b/2018/19xxx/CVE-2018-19652.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19652", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19652", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19817.json b/2018/19xxx/CVE-2018-19817.json index f5742485c63..c7f7e9fdc36 100644 --- a/2018/19xxx/CVE-2018-19817.json +++ b/2018/19xxx/CVE-2018-19817.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page \"/VPortal/mgtconsole/AdminAuthorisationFrame.jsp\" has reflected XSS via the ConnPoolName or GroupId parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Dec/20" - }, - { - "name" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page \"/VPortal/mgtconsole/AdminAuthorisationFrame.jsp\" has reflected XSS via the ConnPoolName or GroupId parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html" + }, + { + "name": "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Dec/20" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1082.json b/2018/1xxx/CVE-2018-1082.json index f0f88e4285d..3275561eba5 100644 --- a/2018/1xxx/CVE-2018-1082.json +++ b/2018/1xxx/CVE-2018-1082.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2018-03-26T00:00:00", - "ID" : "CVE-2018-1082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Moodle", - "version" : { - "version_data" : [ - { - "version_value" : "3.4 to 3.4.1, 3.3 to 3.3.4" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-285" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2018-03-26T00:00:00", + "ID": "CVE-2018-1082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Moodle", + "version": { + "version_data": [ + { + "version_value": "3.4 to 3.4.1, 3.3 to 3.3.4" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-60101", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-60101" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=367939", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=367939" - }, - { - "name" : "103725", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-60101", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-60101" + }, + { + "name": "103725", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103725" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=367939", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=367939" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1424.json b/2018/1xxx/CVE-2018-1424.json index fbe9d209249..9d1f5fe6a69 100644 --- a/2018/1xxx/CVE-2018-1424.json +++ b/2018/1xxx/CVE-2018-1424.json @@ -1,99 +1,99 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-12-05T00:00:00", - "ID" : "CVE-2018-1424", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Marketing Platform", - "version" : { - "version_data" : [ - { - "version_value" : "9.1.2" - }, - { - "version_value" : "9.1.0" - }, - { - "version_value" : "10.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139029." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "L", - "AC" : "L", - "AV" : "N", - "C" : "H", - "I" : "N", - "PR" : "L", - "S" : "U", - "SCORE" : "7.100", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-12-05T00:00:00", + "ID": "CVE-2018-1424", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Marketing Platform", + "version": { + "version_data": [ + { + "version_value": "9.1.2" + }, + { + "version_value": "9.1.0" + }, + { + "version_value": "10.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10744217", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10744217" - }, - { - "name" : "106201", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106201" - }, - { - "name" : "ibm-marketing-cve20181424-info-disc(139029)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/139029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139029." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "L", + "AC": "L", + "AV": "N", + "C": "H", + "I": "N", + "PR": "L", + "S": "U", + "SCORE": "7.100", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-marketing-cve20181424-info-disc(139029)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139029" + }, + { + "name": "106201", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106201" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10744217", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10744217" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1716.json b/2018/1xxx/CVE-2018-1716.json index 1221dca097f..797c430148b 100644 --- a/2018/1xxx/CVE-2018-1716.json +++ b/2018/1xxx/CVE-2018-1716.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-09-25T00:00:00", - "ID" : "CVE-2018-1716", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Portal", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.5" - }, - { - "version_value" : "9.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "N", - "S" : "C", - "SCORE" : "6.100", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-09-25T00:00:00", + "ID": "CVE-2018-1716", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Portal", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.5" + }, + { + "version_value": "9.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10729323", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10729323" - }, - { - "name" : "1041754", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041754" - }, - { - "name" : "ibm-websphere-cve20181716-xss(147164)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "N", + "S": "C", + "SCORE": "6.100", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041754", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041754" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10729323", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10729323" + }, + { + "name": "ibm-websphere-cve20181716-xss(147164)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147164" + } + ] + } +} \ No newline at end of file