From e83e543b880f53fb8e92ae4e363aa9953f4ab127 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:25:24 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2008/0xxx/CVE-2008-0006.json | 790 ++++++++++++++++----------------- 2008/0xxx/CVE-2008-0372.json | 170 +++---- 2008/0xxx/CVE-2008-0448.json | 130 +++--- 2008/0xxx/CVE-2008-0652.json | 130 +++--- 2008/0xxx/CVE-2008-0748.json | 190 ++++---- 2008/1xxx/CVE-2008-1261.json | 140 +++--- 2008/1xxx/CVE-2008-1317.json | 160 +++---- 2008/1xxx/CVE-2008-1397.json | 200 ++++----- 2008/1xxx/CVE-2008-1608.json | 150 +++---- 2008/1xxx/CVE-2008-1629.json | 150 +++---- 2008/5xxx/CVE-2008-5075.json | 150 +++---- 2008/5xxx/CVE-2008-5670.json | 150 +++---- 2013/0xxx/CVE-2013-0090.json | 170 +++---- 2013/3xxx/CVE-2013-3148.json | 140 +++--- 2013/3xxx/CVE-2013-3350.json | 140 +++--- 2013/4xxx/CVE-2013-4072.json | 34 +- 2013/4xxx/CVE-2013-4758.json | 140 +++--- 2013/4xxx/CVE-2013-4881.json | 160 +++---- 2013/4xxx/CVE-2013-4901.json | 34 +- 2013/6xxx/CVE-2013-6296.json | 34 +- 2013/6xxx/CVE-2013-6634.json | 200 ++++----- 2013/6xxx/CVE-2013-6733.json | 130 +++--- 2013/6xxx/CVE-2013-6848.json | 34 +- 2013/7xxx/CVE-2013-7265.json | 320 ++++++------- 2013/7xxx/CVE-2013-7315.json | 170 +++---- 2017/10xxx/CVE-2017-10145.json | 152 +++---- 2017/10xxx/CVE-2017-10789.json | 150 +++---- 2017/10xxx/CVE-2017-10820.json | 130 +++--- 2017/10xxx/CVE-2017-10907.json | 136 +++--- 2017/12xxx/CVE-2017-12240.json | 160 +++---- 2017/12xxx/CVE-2017-12257.json | 130 +++--- 2017/12xxx/CVE-2017-12513.json | 142 +++--- 2017/12xxx/CVE-2017-12772.json | 34 +- 2017/13xxx/CVE-2017-13056.json | 120 ++--- 2017/13xxx/CVE-2017-13057.json | 34 +- 2017/13xxx/CVE-2017-13833.json | 170 +++---- 2017/17xxx/CVE-2017-17720.json | 34 +- 2018/0xxx/CVE-2018-0704.json | 130 +++--- 2018/18xxx/CVE-2018-18252.json | 120 ++--- 2018/18xxx/CVE-2018-18428.json | 140 +++--- 2018/18xxx/CVE-2018-18488.json | 120 ++--- 2018/18xxx/CVE-2018-18910.json | 34 +- 2018/19xxx/CVE-2018-19017.json | 132 +++--- 2018/19xxx/CVE-2018-19052.json | 120 ++--- 2018/19xxx/CVE-2018-19933.json | 140 +++--- 2018/1xxx/CVE-2018-1118.json | 200 ++++----- 2018/1xxx/CVE-2018-1711.json | 210 ++++----- 2018/5xxx/CVE-2018-5495.json | 120 ++--- 2018/5xxx/CVE-2018-5763.json | 120 ++--- 49 files changed, 3597 insertions(+), 3597 deletions(-) diff --git a/2008/0xxx/CVE-2008-0006.json b/2008/0xxx/CVE-2008-0006.json index 1c7b4df275a..0ae2c478950 100644 --- a/2008/0xxx/CVE-2008-0006.json +++ b/2008/0xxx/CVE-2008-0006.json @@ -1,397 +1,397 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-0006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080130 rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487335/100/0/threaded" - }, - { - "name" : "[xorg] 20080117 X.Org security advisory: multiple vulnerabilities in the X server", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/xorg/2008-January/031918.html" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=204362", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=204362" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=428044", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=428044" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-038.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-038.htm" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2010", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2010" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-077.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-077.htm" - }, - { - "name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities", - "refsource" : "CONFIRM", - "url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=307562", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307562" - }, - { - "name" : "APPLE-SA-2008-03-18", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" - }, - { - "name" : "FEDORA-2008-0760", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html" - }, - { - "name" : "FEDORA-2008-0794", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00674.html" - }, - { - "name" : "FEDORA-2008-0831", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html" - }, - { - "name" : "FEDORA-2008-0891", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00771.html" - }, - { - "name" : "GLSA-200801-09", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200801-09.xml" - }, - { - "name" : "GLSA-200804-05", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200804-05.xml" - }, - { - "name" : "GLSA-200805-07", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml" - }, - { - "name" : "HPSBUX02381", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321" - }, - { - "name" : "SSRT080083", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321" - }, - { - "name" : "MDVSA-2008:021", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:021" - }, - { - "name" : "MDVSA-2008:022", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:022" - }, - { - "name" : "MDVSA-2008:024", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:024" - }, - { - "name" : "[4.1] 20080208 012: SECURITY FIX: February 8, 2008", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata41.html#012_xorg" - }, - { - "name" : "[4.2] 20080208 006: SECURITY FIX: February 8, 2008", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata42.html#006_xorg" - }, - { - "name" : "RHSA-2008:0029", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0029.html" - }, - { - "name" : "RHSA-2008:0030", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0030.html" - }, - { - "name" : "RHSA-2008:0064", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0064.html" - }, - { - "name" : "103192", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103192-1" - }, - { - "name" : "201230", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201230-1" - }, - { - "name" : "SUSE-SA:2008:003", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html" - }, - { - "name" : "SUSE-SR:2008:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html" - }, - { - "name" : "USN-571-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/571-1/" - }, - { - "name" : "VU#203220", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/203220" - }, - { - "name" : "JVN#88935101", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN88935101/index.html" - }, - { - "name" : "JVNDB-2008-001043", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001043.html" - }, - { - "name" : "27336", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27336" - }, - { - "name" : "27352", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27352" - }, - { - "name" : "oval:org.mitre.oval:def:10021", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10021" - }, - { - "name" : "32545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32545" - }, - { - "name" : "ADV-2008-0179", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0179" - }, - { - "name" : "ADV-2008-0184", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0184" - }, - { - "name" : "ADV-2008-0497", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0497/references" - }, - { - "name" : "ADV-2008-0703", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0703" - }, - { - "name" : "ADV-2008-0924", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0924/references" - }, - { - "name" : "1019232", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019232" - }, - { - "name" : "28532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28532" - }, - { - "name" : "28535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28535" - }, - { - "name" : "28536", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28536" - }, - { - "name" : "28540", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28540" - }, - { - "name" : "28542", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28542" - }, - { - "name" : "28544", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28544" - }, - { - "name" : "28550", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28550" - }, - { - "name" : "28273", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28273" - }, - { - "name" : "28500", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28500" - }, - { - "name" : "28592", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28592" - }, - { - "name" : "28571", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28571" - }, - { - "name" : "28621", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28621" - }, - { - "name" : "28718", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28718" - }, - { - "name" : "28843", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28843" - }, - { - "name" : "28885", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28885" - }, - { - "name" : "28941", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28941" - }, - { - "name" : "29139", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29139" - }, - { - "name" : "29420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29420" - }, - { - "name" : "29622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29622" - }, - { - "name" : "29707", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29707" - }, - { - "name" : "30161", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30161" - }, - { - "name" : "ADV-2008-3000", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3000" - }, - { - "name" : "xorg-pcffont-bo(39767)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28542", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28542" + }, + { + "name": "29139", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29139" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-077.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-077.htm" + }, + { + "name": "27336", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27336" + }, + { + "name": "ADV-2008-0184", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0184" + }, + { + "name": "103192", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103192-1" + }, + { + "name": "29622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29622" + }, + { + "name": "FEDORA-2008-0831", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html" + }, + { + "name": "FEDORA-2008-0794", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00674.html" + }, + { + "name": "SUSE-SA:2008:003", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html" + }, + { + "name": "SUSE-SR:2008:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=428044", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=428044" + }, + { + "name": "28500", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28500" + }, + { + "name": "28532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28532" + }, + { + "name": "29707", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29707" + }, + { + "name": "MDVSA-2008:024", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:024" + }, + { + "name": "28843", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28843" + }, + { + "name": "28540", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28540" + }, + { + "name": "SSRT080083", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321" + }, + { + "name": "20080130 rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487335/100/0/threaded" + }, + { + "name": "28544", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28544" + }, + { + "name": "ADV-2008-0703", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0703" + }, + { + "name": "MDVSA-2008:021", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:021" + }, + { + "name": "oval:org.mitre.oval:def:10021", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10021" + }, + { + "name": "ADV-2008-0924", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0924/references" + }, + { + "name": "28718", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28718" + }, + { + "name": "RHSA-2008:0029", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0029.html" + }, + { + "name": "[4.1] 20080208 012: SECURITY FIX: February 8, 2008", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata41.html#012_xorg" + }, + { + "name": "28941", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28941" + }, + { + "name": "28592", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28592" + }, + { + "name": "RHSA-2008:0064", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0064.html" + }, + { + "name": "xorg-pcffont-bo(39767)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39767" + }, + { + "name": "HPSBUX02381", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321" + }, + { + "name": "28621", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28621" + }, + { + "name": "29420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29420" + }, + { + "name": "MDVSA-2008:022", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:022" + }, + { + "name": "APPLE-SA-2008-03-18", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" + }, + { + "name": "30161", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30161" + }, + { + "name": "GLSA-200805-07", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml" + }, + { + "name": "RHSA-2008:0030", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0030.html" + }, + { + "name": "28273", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28273" + }, + { + "name": "VU#203220", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/203220" + }, + { + "name": "28550", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28550" + }, + { + "name": "ADV-2008-0497", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0497/references" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-038.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-038.htm" + }, + { + "name": "JVNDB-2008-001043", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001043.html" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=204362", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=204362" + }, + { + "name": "28885", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28885" + }, + { + "name": "USN-571-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/571-1/" + }, + { + "name": "GLSA-200804-05", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200804-05.xml" + }, + { + "name": "28535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28535" + }, + { + "name": "FEDORA-2008-0891", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00771.html" + }, + { + "name": "ADV-2008-3000", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3000" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307562", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307562" + }, + { + "name": "[xorg] 20080117 X.Org security advisory: multiple vulnerabilities in the X server", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/xorg/2008-January/031918.html" + }, + { + "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities", + "refsource": "CONFIRM", + "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities" + }, + { + "name": "27352", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27352" + }, + { + "name": "32545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32545" + }, + { + "name": "1019232", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019232" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2010", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2010" + }, + { + "name": "[4.2] 20080208 006: SECURITY FIX: February 8, 2008", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata42.html#006_xorg" + }, + { + "name": "FEDORA-2008-0760", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html" + }, + { + "name": "28571", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28571" + }, + { + "name": "28536", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28536" + }, + { + "name": "JVN#88935101", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN88935101/index.html" + }, + { + "name": "GLSA-200801-09", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200801-09.xml" + }, + { + "name": "ADV-2008-0179", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0179" + }, + { + "name": "201230", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201230-1" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0372.json b/2008/0xxx/CVE-2008-0372.json index 97fac37180b..eb8ad0ad315 100644 --- a/2008/0xxx/CVE-2008-0372.json +++ b/2008/0xxx/CVE-2008-0372.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, allows remote attackers to bypass intended restrictions via a fragmented HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080116 8e6 Technologies R3000 Internet Filter Bypass by Request Split", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/486398/100/0/threaded" - }, - { - "name" : "20080121 Re: 8e6 Technologies R3000 Internet Filter Bypass by Request Split", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/486770/100/0/threaded" - }, - { - "name" : "27309", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27309" - }, - { - "name" : "28524", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28524" - }, - { - "name" : "3557", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3557" - }, - { - "name" : "r3000-urlfilter-security-bypass(39723)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, allows remote attackers to bypass intended restrictions via a fragmented HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080121 Re: 8e6 Technologies R3000 Internet Filter Bypass by Request Split", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/486770/100/0/threaded" + }, + { + "name": "3557", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3557" + }, + { + "name": "27309", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27309" + }, + { + "name": "28524", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28524" + }, + { + "name": "r3000-urlfilter-security-bypass(39723)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39723" + }, + { + "name": "20080116 8e6 Technologies R3000 Internet Filter Bypass by Request Split", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/486398/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0448.json b/2008/0xxx/CVE-2008-0448.json index b0c2026be33..9b6bf283e0d 100644 --- a/2008/0xxx/CVE-2008-0448.json +++ b/2008/0xxx/CVE-2008-0448.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in utils/class_HTTPRetriever.php in phpSearch allows remote attackers to execute arbitrary PHP code via a URL in the libcurlemuinc parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080120 Php Search Remote Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=120093067011293&w=2" - }, - { - "name" : "phpsearch-classhttpretriever-file-include(39805)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39805" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in utils/class_HTTPRetriever.php in phpSearch allows remote attackers to execute arbitrary PHP code via a URL in the libcurlemuinc parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpsearch-classhttpretriever-file-include(39805)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39805" + }, + { + "name": "20080120 Php Search Remote Inclusion", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=120093067011293&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0652.json b/2008/0xxx/CVE-2008-0652.json index 8910fa4db8e..e801e6f5a02 100644 --- a/2008/0xxx/CVE-2008-0652.json +++ b/2008/0xxx/CVE-2008-0652.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5073", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5073" - }, - { - "name" : "27648", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27648", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27648" + }, + { + "name": "5073", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5073" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0748.json b/2008/0xxx/CVE-2008-0748.json index 10d9d2d3073..e5148a97784 100644 --- a/2008/0xxx/CVE-2008-0748.json +++ b/2008/0xxx/CVE-2008-0748.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Sony AxRUploadServer.AxRUploadControl.1 ActiveX control in AxRUploadServer.dll 1.0.0.38 in SonyISUpload.cab 1.0.0.38 for Sony ImageStation allows remote attackers to execute arbitrary code via a long argument to the SetLogging method. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080208 Buffer Overflow Vulnerability in AxRUploadServer.dll, Activex Method (SetLogging)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487802/100/0/threaded" - }, - { - "name" : "20080208 Re: Buffer Overflow Vulnerability in AxRUploadServer.dll, Activex Method (SetLogging)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487805/100/0/threaded" - }, - { - "name" : "5086", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5086" - }, - { - "name" : "5100", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5100" - }, - { - "name" : "27715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27715" - }, - { - "name" : "ADV-2008-0483", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0483" - }, - { - "name" : "28854", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28854" - }, - { - "name" : "3648", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Sony AxRUploadServer.AxRUploadControl.1 ActiveX control in AxRUploadServer.dll 1.0.0.38 in SonyISUpload.cab 1.0.0.38 for Sony ImageStation allows remote attackers to execute arbitrary code via a long argument to the SetLogging method. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080208 Buffer Overflow Vulnerability in AxRUploadServer.dll, Activex Method (SetLogging)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487802/100/0/threaded" + }, + { + "name": "3648", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3648" + }, + { + "name": "5086", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5086" + }, + { + "name": "28854", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28854" + }, + { + "name": "5100", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5100" + }, + { + "name": "27715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27715" + }, + { + "name": "ADV-2008-0483", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0483" + }, + { + "name": "20080208 Re: Buffer Overflow Vulnerability in AxRUploadServer.dll, Activex Method (SetLogging)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487805/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1261.json b/2008/1xxx/CVE-2008-1261.json index c7fa27cdc9e..f7032113ae9 100644 --- a/2008/1xxx/CVE-2008-1261.json +++ b/2008/1xxx/CVE-2008-1261.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware provides different responses to admin page requests depending on whether a user is logged in, which allows remote attackers to obtain current login status by requesting an arbitrary admin URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080301 The Router Hacking Challenge is Over!", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489009/100/0/threaded" - }, - { - "name" : "http://www.gnucitizen.org/projects/router-hacking-challenge/", - "refsource" : "MISC", - "url" : "http://www.gnucitizen.org/projects/router-hacking-challenge/" - }, - { - "name" : "zyxel-p2602hwd1a-loginstatus-info-disclosure(41113)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware provides different responses to admin page requests depending on whether a user is logged in, which allows remote attackers to obtain current login status by requesting an arbitrary admin URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080301 The Router Hacking Challenge is Over!", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded" + }, + { + "name": "http://www.gnucitizen.org/projects/router-hacking-challenge/", + "refsource": "MISC", + "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/" + }, + { + "name": "zyxel-p2602hwd1a-loginstatus-info-disclosure(41113)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41113" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1317.json b/2008/1xxx/CVE-2008-1317.json index 37fe2dae5ef..8aac5d73e93 100644 --- a/2008/1xxx/CVE-2008-1317.json +++ b/2008/1xxx/CVE-2008-1317.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Inter-Process Communication (IPC) message queue subsystem in Sun Solaris 10 allows local users to cause a denial of service (reboot) via blocked I/O message queues." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "231403", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231403-1" - }, - { - "name" : "28214", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28214" - }, - { - "name" : "ADV-2008-0858", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0858/references" - }, - { - "name" : "29352", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29352" - }, - { - "name" : "sun-solaris-ipc-dos(41146)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41146" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Inter-Process Communication (IPC) message queue subsystem in Sun Solaris 10 allows local users to cause a denial of service (reboot) via blocked I/O message queues." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29352", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29352" + }, + { + "name": "sun-solaris-ipc-dos(41146)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41146" + }, + { + "name": "28214", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28214" + }, + { + "name": "ADV-2008-0858", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0858/references" + }, + { + "name": "231403", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231403-1" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1397.json b/2008/1xxx/CVE-2008-1397.json index 19f24943c9e..dcb7e181c6f 100644 --- a/2008/1xxx/CVE-2008-1397.json +++ b/2008/1xxx/CVE-2008-1397.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.puresecurity.com.au/files/PureSecurity%20VPN-1%20DoS_Spoofing%20Attack%20against%20VPN%20tunnels.pdf", - "refsource" : "MISC", - "url" : "http://www.puresecurity.com.au/files/PureSecurity%20VPN-1%20DoS_Spoofing%20Attack%20against%20VPN%20tunnels.pdf" - }, - { - "name" : "http://puresecurity.com.au/index.php?action=fullnews&id=5", - "refsource" : "MISC", - "url" : "http://puresecurity.com.au/index.php?action=fullnews&id=5" - }, - { - "name" : "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk34579", - "refsource" : "CONFIRM", - "url" : "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk34579" - }, - { - "name" : "VU#992585", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/992585" - }, - { - "name" : "28299", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28299" - }, - { - "name" : "ADV-2008-0953", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0953/references" - }, - { - "name" : "1019666", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019666" - }, - { - "name" : "29394", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29394" - }, - { - "name" : "vpn1-ipaddress-dos(41260)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://puresecurity.com.au/index.php?action=fullnews&id=5", + "refsource": "MISC", + "url": "http://puresecurity.com.au/index.php?action=fullnews&id=5" + }, + { + "name": "28299", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28299" + }, + { + "name": "VU#992585", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/992585" + }, + { + "name": "29394", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29394" + }, + { + "name": "1019666", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019666" + }, + { + "name": "http://www.puresecurity.com.au/files/PureSecurity%20VPN-1%20DoS_Spoofing%20Attack%20against%20VPN%20tunnels.pdf", + "refsource": "MISC", + "url": "http://www.puresecurity.com.au/files/PureSecurity%20VPN-1%20DoS_Spoofing%20Attack%20against%20VPN%20tunnels.pdf" + }, + { + "name": "ADV-2008-0953", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0953/references" + }, + { + "name": "vpn1-ipaddress-dos(41260)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41260" + }, + { + "name": "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk34579", + "refsource": "CONFIRM", + "url": "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk34579" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1608.json b/2008/1xxx/CVE-2008-1608.json index d9d6082637d..eaa497dffab 100644 --- a/2008/1xxx/CVE-2008-1608.json +++ b/2008/1xxx/CVE-2008-1608.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1608", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in postview.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter, a different vector than CVE-2008-0363 and CVE-2006-0583." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5502", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5502" - }, - { - "name" : "http://www.securityfocus.com/bid/28437/exploit", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/bid/28437/exploit" - }, - { - "name" : "28437", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28437" - }, - { - "name" : "clevercopy-postview-sql-injection(41450)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41450" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in postview.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter, a different vector than CVE-2008-0363 and CVE-2006-0583." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28437", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28437" + }, + { + "name": "clevercopy-postview-sql-injection(41450)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41450" + }, + { + "name": "5502", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5502" + }, + { + "name": "http://www.securityfocus.com/bid/28437/exploit", + "refsource": "MISC", + "url": "http://www.securityfocus.com/bid/28437/exploit" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1629.json b/2008/1xxx/CVE-2008-1629.json index db593770cec..47e6407db34 100644 --- a/2008/1xxx/CVE-2008-1629.json +++ b/2008/1xxx/CVE-2008-1629.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in PHPkrm before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://freshmeat.net/projects/phpkrm/?branch_id=58803&release_id=274667", - "refsource" : "CONFIRM", - "url" : "http://freshmeat.net/projects/phpkrm/?branch_id=58803&release_id=274667" - }, - { - "name" : "28510", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28510" - }, - { - "name" : "29579", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29579" - }, - { - "name" : "phpkrm-unspecified-xss(41548)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in PHPkrm before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpkrm-unspecified-xss(41548)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41548" + }, + { + "name": "29579", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29579" + }, + { + "name": "28510", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28510" + }, + { + "name": "http://freshmeat.net/projects/phpkrm/?branch_id=58803&release_id=274667", + "refsource": "CONFIRM", + "url": "http://freshmeat.net/projects/phpkrm/?branch_id=58803&release_id=274667" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5075.json b/2008/5xxx/CVE-2008-5075.json index 670077b6fd3..5f88cbf0043 100644 --- a/2008/5xxx/CVE-2008-5075.json +++ b/2008/5xxx/CVE-2008-5075.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka Uploader PRO), when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) img.php, (b) file.php, (c) mail.php, (d) thumb.php, (e) zip.php, and (f) zipit.php, and (2) the view parameter to (g) browser.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6596", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6596" - }, - { - "name" : "31445", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31445" - }, - { - "name" : "4596", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4596" - }, - { - "name" : "euploaderpro-id-sql-injection(45487)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka Uploader PRO), when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) img.php, (b) file.php, (c) mail.php, (d) thumb.php, (e) zip.php, and (f) zipit.php, and (2) the view parameter to (g) browser.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "euploaderpro-id-sql-injection(45487)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45487" + }, + { + "name": "4596", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4596" + }, + { + "name": "6596", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6596" + }, + { + "name": "31445", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31445" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5670.json b/2008/5xxx/CVE-2008-5670.json index 6b0ef1869a1..1ede6fc5049 100644 --- a/2008/5xxx/CVE-2008-5670.json +++ b/2008/5xxx/CVE-2008-5670.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080204 [DSECRG-08-008] Textpattern 4.0.5 Multiple Security Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487483/100/200/threaded" - }, - { - "name" : "27606", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27606" - }, - { - "name" : "28793", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28793" - }, - { - "name" : "4786", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4786" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28793", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28793" + }, + { + "name": "27606", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27606" + }, + { + "name": "20080204 [DSECRG-08-008] Textpattern 4.0.5 Multiple Security Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487483/100/200/threaded" + }, + { + "name": "4786", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4786" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0090.json b/2013/0xxx/CVE-2013-0090.json index ff10583cf1f..70317783efa 100644 --- a/2013/0xxx/CVE-2013-0090.json +++ b/2013/0xxx/CVE-2013-0090.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Internet Explorer CCaret Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-0090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40935", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40935/" - }, - { - "name" : "http://blog.skylined.nl/20161216001.html", - "refsource" : "MISC", - "url" : "http://blog.skylined.nl/20161216001.html" - }, - { - "name" : "http://packetstormsecurity.com/files/140186/Microsoft-Internet-Explorer-9-IEFRAME-CView-EnsureSize-Use-After-Free.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/140186/Microsoft-Internet-Explorer-9-IEFRAME-CView-EnsureSize-Use-After-Free.html" - }, - { - "name" : "MS13-021", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-021" - }, - { - "name" : "TA13-071A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-071A" - }, - { - "name" : "oval:org.mitre.oval:def:16049", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Internet Explorer CCaret Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40935", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40935/" + }, + { + "name": "http://packetstormsecurity.com/files/140186/Microsoft-Internet-Explorer-9-IEFRAME-CView-EnsureSize-Use-After-Free.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/140186/Microsoft-Internet-Explorer-9-IEFRAME-CView-EnsureSize-Use-After-Free.html" + }, + { + "name": "oval:org.mitre.oval:def:16049", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16049" + }, + { + "name": "TA13-071A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-071A" + }, + { + "name": "MS13-021", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-021" + }, + { + "name": "http://blog.skylined.nl/20161216001.html", + "refsource": "MISC", + "url": "http://blog.skylined.nl/20161216001.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3148.json b/2013/3xxx/CVE-2013-3148.json index 5cbc1e5c8f1..7fe9e05abae 100644 --- a/2013/3xxx/CVE-2013-3148.json +++ b/2013/3xxx/CVE-2013-3148.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3153." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-055", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055" - }, - { - "name" : "TA13-190A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-190A" - }, - { - "name" : "oval:org.mitre.oval:def:17034", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3153." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-055", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055" + }, + { + "name": "TA13-190A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-190A" + }, + { + "name": "oval:org.mitre.oval:def:17034", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17034" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3350.json b/2013/3xxx/CVE-2013-3350.json index 94defb9552f..438889f2886 100644 --- a/2013/3xxx/CVE-2013-3350.json +++ b/2013/3xxx/CVE-2013-3350.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components (CFC) public methods via WebSockets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-3350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://stackoverflow.com/questions/17351214/cf10-websocket-p2p-can-invoke-any-public-functions-in-any-cfc-from-javascript-h", - "refsource" : "MISC", - "url" : "http://stackoverflow.com/questions/17351214/cf10-websocket-p2p-can-invoke-any-public-functions-in-any-cfc-from-javascript-h" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-19.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-19.html" - }, - { - "name" : "1028757", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components (CFC) public methods via WebSockets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-19.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-19.html" + }, + { + "name": "1028757", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028757" + }, + { + "name": "http://stackoverflow.com/questions/17351214/cf10-websocket-p2p-can-invoke-any-public-functions-in-any-cfc-from-javascript-h", + "refsource": "MISC", + "url": "http://stackoverflow.com/questions/17351214/cf10-websocket-p2p-can-invoke-any-public-functions-in-any-cfc-from-javascript-h" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4072.json b/2013/4xxx/CVE-2013-4072.json index 90902b59147..5f293ff241c 100644 --- a/2013/4xxx/CVE-2013-4072.json +++ b/2013/4xxx/CVE-2013-4072.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4072", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4072", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4758.json b/2013/4xxx/CVE-2013-4758.json index fed8b706498..f22fdc7926b 100644 --- a/2013/4xxx/CVE-2013-4758.json +++ b/2013/4xxx/CVE-2013-4758.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130705 LSE Leading Security Experts GmbH - LSE-2013-07-03 - rsyslog ElasticSearch Plugin", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/07/05/2" - }, - { - "name" : "http://www.rsyslog.com/rsyslog-7-4-2-v7-stable-released/", - "refsource" : "CONFIRM", - "url" : "http://www.rsyslog.com/rsyslog-7-4-2-v7-stable-released/" - }, - { - "name" : "http://www.rsyslog.com/rsyslog-7-5-2-v7-devel-released/", - "refsource" : "CONFIRM", - "url" : "http://www.rsyslog.com/rsyslog-7-5-2-v7-devel-released/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130705 LSE Leading Security Experts GmbH - LSE-2013-07-03 - rsyslog ElasticSearch Plugin", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/07/05/2" + }, + { + "name": "http://www.rsyslog.com/rsyslog-7-5-2-v7-devel-released/", + "refsource": "CONFIRM", + "url": "http://www.rsyslog.com/rsyslog-7-5-2-v7-devel-released/" + }, + { + "name": "http://www.rsyslog.com/rsyslog-7-4-2-v7-stable-released/", + "refsource": "CONFIRM", + "url": "http://www.rsyslog.com/rsyslog-7-4-2-v7-stable-released/" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4881.json b/2013/4xxx/CVE-2013-4881.json index 630e51ca714..de9df999eb4 100644 --- a/2013/4xxx/CVE-2013-4881.json +++ b/2013/4xxx/CVE-2013-4881.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an add user action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130807 Multiple Vulnerabilities in BigTree CMS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-08/0039.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23165", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23165" - }, - { - "name" : "https://github.com/bigtreecms/BigTree-CMS/commit/4b0faa90fa8b9e1776c86db716894dcd7e6b4834", - "refsource" : "CONFIRM", - "url" : "https://github.com/bigtreecms/BigTree-CMS/commit/4b0faa90fa8b9e1776c86db716894dcd7e6b4834" - }, - { - "name" : "96009", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/96009" - }, - { - "name" : "bigtreecms-cve20134881-csrf(86286)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an add user action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bigtreecms/BigTree-CMS/commit/4b0faa90fa8b9e1776c86db716894dcd7e6b4834", + "refsource": "CONFIRM", + "url": "https://github.com/bigtreecms/BigTree-CMS/commit/4b0faa90fa8b9e1776c86db716894dcd7e6b4834" + }, + { + "name": "96009", + "refsource": "OSVDB", + "url": "http://osvdb.org/96009" + }, + { + "name": "bigtreecms-cve20134881-csrf(86286)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86286" + }, + { + "name": "20130807 Multiple Vulnerabilities in BigTree CMS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0039.html" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23165", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23165" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4901.json b/2013/4xxx/CVE-2013-4901.json index a249dcefaeb..5a6f77c392d 100644 --- a/2013/4xxx/CVE-2013-4901.json +++ b/2013/4xxx/CVE-2013-4901.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4901", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4901", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6296.json b/2013/6xxx/CVE-2013-6296.json index 68bd4d132f6..d8a7e074b8b 100644 --- a/2013/6xxx/CVE-2013-6296.json +++ b/2013/6xxx/CVE-2013-6296.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6296", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6296", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6634.json b/2013/6xxx/CVE-2013-6634.json index 9b72317c186..d0f3bef8259 100644 --- a/2013/6xxx/CVE-2013-6634.json +++ b/2013/6xxx/CVE-2013-6634.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=307159", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=307159" - }, - { - "name" : "https://src.chromium.org/viewvc/chrome?revision=236563&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/chrome?revision=236563&view=revision" - }, - { - "name" : "DSA-2811", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2811" - }, - { - "name" : "openSUSE-SU-2013:1927", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.html" - }, - { - "name" : "openSUSE-SU-2013:1933", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.html" - }, - { - "name" : "openSUSE-SU-2014:0065", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" - }, - { - "name" : "1029442", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029442" - }, - { - "name" : "56217", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56217", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56217" + }, + { + "name": "openSUSE-SU-2014:0065", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=307159", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=307159" + }, + { + "name": "https://src.chromium.org/viewvc/chrome?revision=236563&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/chrome?revision=236563&view=revision" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html" + }, + { + "name": "openSUSE-SU-2013:1933", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.html" + }, + { + "name": "DSA-2811", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2811" + }, + { + "name": "openSUSE-SU-2013:1927", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.html" + }, + { + "name": "1029442", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029442" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6733.json b/2013/6xxx/CVE-2013-6733.json index c3a073dd92e..3a448801005 100644 --- a/2013/6xxx/CVE-2013-6733.json +++ b/2013/6xxx/CVE-2013-6733.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-6733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21659419", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21659419" - }, - { - "name" : "ibm-sametime-cve20136733-xss(89396)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21659419", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21659419" + }, + { + "name": "ibm-sametime-cve20136733-xss(89396)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89396" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6848.json b/2013/6xxx/CVE-2013-6848.json index 0f36d6959b6..d17089ae75c 100644 --- a/2013/6xxx/CVE-2013-6848.json +++ b/2013/6xxx/CVE-2013-6848.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6848", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6848", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7265.json b/2013/7xxx/CVE-2013-7265.json index 21e93a651d0..cc28cf4372f 100644 --- a/2013/7xxx/CVE-2013-7265.json +++ b/2013/7xxx/CVE-2013-7265.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7265", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131128 Re: CVE Request: Linux kernel: net: uninitialised memory leakage", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/11/28/13" - }, - { - "name" : "[oss-security] 20140107 oss-sec: CVE split and a missed file", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q1/29" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bceaa90240b6019ed73b49965eac7d167610be69", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bceaa90240b6019ed73b49965eac7d167610be69" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1035875", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1035875" - }, - { - "name" : "https://github.com/torvalds/linux/commit/bceaa90240b6019ed73b49965eac7d167610be69", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/bceaa90240b6019ed73b49965eac7d167610be69" - }, - { - "name" : "RHSA-2014:0159", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0159.html" - }, - { - "name" : "SUSE-SU-2014:0459", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html" - }, - { - "name" : "USN-2107-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2107-1" - }, - { - "name" : "USN-2108-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2108-1" - }, - { - "name" : "USN-2113-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2113-1" - }, - { - "name" : "USN-2117-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2117-1" - }, - { - "name" : "USN-2109-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2109-1" - }, - { - "name" : "USN-2110-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2110-1" - }, - { - "name" : "USN-2135-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2135-1" - }, - { - "name" : "USN-2136-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2136-1" - }, - { - "name" : "USN-2138-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2138-1" - }, - { - "name" : "USN-2139-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2139-1" - }, - { - "name" : "USN-2141-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2141-1" - }, - { - "name" : "55882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55882" - }, - { - "name" : "56036", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56036" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2135-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2135-1" + }, + { + "name": "RHSA-2014:0159", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0159.html" + }, + { + "name": "USN-2138-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2138-1" + }, + { + "name": "USN-2108-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2108-1" + }, + { + "name": "USN-2113-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2113-1" + }, + { + "name": "USN-2141-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2141-1" + }, + { + "name": "USN-2110-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2110-1" + }, + { + "name": "[oss-security] 20140107 oss-sec: CVE split and a missed file", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q1/29" + }, + { + "name": "USN-2136-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2136-1" + }, + { + "name": "USN-2139-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2139-1" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4" + }, + { + "name": "https://github.com/torvalds/linux/commit/bceaa90240b6019ed73b49965eac7d167610be69", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/bceaa90240b6019ed73b49965eac7d167610be69" + }, + { + "name": "USN-2117-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2117-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1035875", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035875" + }, + { + "name": "56036", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56036" + }, + { + "name": "USN-2109-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2109-1" + }, + { + "name": "SUSE-SU-2014:0459", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html" + }, + { + "name": "USN-2107-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2107-1" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bceaa90240b6019ed73b49965eac7d167610be69", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bceaa90240b6019ed73b49965eac7d167610be69" + }, + { + "name": "[oss-security] 20131128 Re: CVE Request: Linux kernel: net: uninitialised memory leakage", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/11/28/13" + }, + { + "name": "55882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55882" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7315.json b/2013/7xxx/CVE-2013-7315.json index b81e476b1f2..dce2439e4ed 100644 --- a/2013/7xxx/CVE-2013-7315.json +++ b/2013/7xxx/CVE-2013-7315.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130822 CVE-2013-4152 XML External Entity (XXE) injection in Spring Framework", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2013/Aug/154" - }, - { - "name" : "20131102 XXE Injection in Spring Framework", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Nov/14" - }, - { - "name" : "http://www.gopivotal.com/security/cve-2013-4152", - "refsource" : "CONFIRM", - "url" : "http://www.gopivotal.com/security/cve-2013-4152" - }, - { - "name" : "https://jira.springsource.org/browse/SPR-10806", - "refsource" : "CONFIRM", - "url" : "https://jira.springsource.org/browse/SPR-10806" - }, - { - "name" : "DSA-2842", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2842" - }, - { - "name" : "77998", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77998" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.gopivotal.com/security/cve-2013-4152", + "refsource": "CONFIRM", + "url": "http://www.gopivotal.com/security/cve-2013-4152" + }, + { + "name": "20131102 XXE Injection in Spring Framework", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Nov/14" + }, + { + "name": "20130822 CVE-2013-4152 XML External Entity (XXE) injection in Spring Framework", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2013/Aug/154" + }, + { + "name": "DSA-2842", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2842" + }, + { + "name": "77998", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77998" + }, + { + "name": "https://jira.springsource.org/browse/SPR-10806", + "refsource": "CONFIRM", + "url": "https://jira.springsource.org/browse/SPR-10806" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10145.json b/2017/10xxx/CVE-2017-10145.json index 43390df69af..e095bfbc9c1 100644 --- a/2017/10xxx/CVE-2017-10145.json +++ b/2017/10xxx/CVE-2017-10145.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java Advanced Management Console: 2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java Advanced Management Console. While the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java Advanced Management Console. CVSS 3.0 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java Advanced Management Console. While the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java Advanced Management Console." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java Advanced Management Console: 2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20170720-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20170720-0001/" - }, - { - "name" : "99804", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99804" - }, - { - "name" : "1038931", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038931" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java Advanced Management Console. While the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java Advanced Management Console. CVSS 3.0 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java Advanced Management Console. While the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java Advanced Management Console." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99804", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99804" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" + }, + { + "name": "1038931", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038931" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10789.json b/2017/10xxx/CVE-2017-10789.json index aed7b47ff41..7233bed0213 100644 --- a/2017/10xxx/CVE-2017-10789.json +++ b/2017/10xxx/CVE-2017-10789.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a \"your communication with the server will be encrypted\" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/perl5-dbi/DBD-mysql/issues/110", - "refsource" : "MISC", - "url" : "https://github.com/perl5-dbi/DBD-mysql/issues/110" - }, - { - "name" : "https://github.com/perl5-dbi/DBD-mysql/pull/114", - "refsource" : "MISC", - "url" : "https://github.com/perl5-dbi/DBD-mysql/pull/114" - }, - { - "name" : "https://github.com/perl5-dbi/DBD-mysql/issues/140", - "refsource" : "MISC", - "url" : "https://github.com/perl5-dbi/DBD-mysql/issues/140" - }, - { - "name" : "99364", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a \"your communication with the server will be encrypted\" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99364", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99364" + }, + { + "name": "https://github.com/perl5-dbi/DBD-mysql/issues/140", + "refsource": "MISC", + "url": "https://github.com/perl5-dbi/DBD-mysql/issues/140" + }, + { + "name": "https://github.com/perl5-dbi/DBD-mysql/pull/114", + "refsource": "MISC", + "url": "https://github.com/perl5-dbi/DBD-mysql/pull/114" + }, + { + "name": "https://github.com/perl5-dbi/DBD-mysql/issues/110", + "refsource": "MISC", + "url": "https://github.com/perl5-dbi/DBD-mysql/issues/110" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10820.json b/2017/10xxx/CVE-2017-10820.json index 5dd48d22eb2..76da83843f8 100644 --- a/2017/10xxx/CVE-2017-10820.json +++ b/2017/10xxx/CVE-2017-10820.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-10820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Installer of IP Messenger for Win", - "version" : { - "version_data" : [ - { - "version_value" : "4.60 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "H.Shirouzu / Asahi Net, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Installer of IP Messenger for Win 4.60 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-10820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Installer of IP Messenger for Win", + "version": { + "version_data": [ + { + "version_value": "4.60 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "H.Shirouzu / Asahi Net, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ipmsg.org/ipmsg_dll_vulnerability.html.en", - "refsource" : "MISC", - "url" : "https://ipmsg.org/ipmsg_dll_vulnerability.html.en" - }, - { - "name" : "JVN#86724730", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN86724730/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Installer of IP Messenger for Win 4.60 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ipmsg.org/ipmsg_dll_vulnerability.html.en", + "refsource": "MISC", + "url": "https://ipmsg.org/ipmsg_dll_vulnerability.html.en" + }, + { + "name": "JVN#86724730", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN86724730/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10907.json b/2017/10xxx/CVE-2017-10907.json index 05af2da4286..a354185193d 100644 --- a/2017/10xxx/CVE-2017-10907.json +++ b/2017/10xxx/CVE-2017-10907.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-10907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OneThird CMS", - "version" : { - "version_data" : [ - { - "version_value" : "Show Off v1.85 and earlier" - }, - { - "version_value" : "Show Off v1.85 en and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "SpiQe Software" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory traversal" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-10907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OneThird CMS", + "version": { + "version_data": [ + { + "version_value": "Show Off v1.85 and earlier" + }, + { + "version_value": "Show Off v1.85 en and earlier" + } + ] + } + } + ] + }, + "vendor_name": "SpiQe Software" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://onethird.net/en/p1307.html", - "refsource" : "CONFIRM", - "url" : "https://onethird.net/en/p1307.html" - }, - { - "name" : "JVN#93333702", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN93333702/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#93333702", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN93333702/index.html" + }, + { + "name": "https://onethird.net/en/p1307.html", + "refsource": "CONFIRM", + "url": "https://onethird.net/en/p1307.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12240.json b/2017/12xxx/CVE-2017-12240.json index 1c8f0458f3a..364e4fc5705 100644 --- a/2017/12xxx/CVE-2017-12240.json +++ b/2017/12xxx/CVE-2017-12240.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS and IOS XE", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS and IOS XE" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. Cisco Bug IDs: CSCsm45390, CSCuw77959." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS and IOS XE", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS and IOS XE" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://quickview.cloudapps.cisco.com/quickview/bug/CSCsm45390", - "refsource" : "CONFIRM", - "url" : "https://quickview.cloudapps.cisco.com/quickview/bug/CSCsm45390" - }, - { - "name" : "https://quickview.cloudapps.cisco.com/quickview/bug/CSCuw77959", - "refsource" : "CONFIRM", - "url" : "https://quickview.cloudapps.cisco.com/quickview/bug/CSCuw77959" - }, - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp" - }, - { - "name" : "101034", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101034" - }, - { - "name" : "1039445", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. Cisco Bug IDs: CSCsm45390, CSCuw77959." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCuw77959", + "refsource": "CONFIRM", + "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCuw77959" + }, + { + "name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCsm45390", + "refsource": "CONFIRM", + "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCsm45390" + }, + { + "name": "101034", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101034" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp" + }, + { + "name": "1039445", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039445" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12257.json b/2017/12xxx/CVE-2017-12257.json index 68ccdc06eaa..eb5403415f0 100644 --- a/2017/12xxx/CVE-2017-12257.json +++ b/2017/12xxx/CVE-2017-12257.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco WebEx Meetings Server", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco WebEx Meetings Server" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve96608." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco WebEx Meetings Server", + "version": { + "version_data": [ + { + "version_value": "Cisco WebEx Meetings Server" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-wms", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-wms" - }, - { - "name" : "101167", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101167" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve96608." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-wms", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-wms" + }, + { + "name": "101167", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101167" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12513.json b/2017/12xxx/CVE-2017-12513.json index 983ec4f4c3a..738123e3eee 100644 --- a/2017/12xxx/CVE-2017-12513.json +++ b/2017/12xxx/CVE-2017-12513.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-08-11T00:00:00", - "ID" : "CVE-2017-12513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center (iMC) PLAT", - "version" : { - "version_data" : [ - { - "version_value" : "PLAT 7.3 (E0504)" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-08-11T00:00:00", + "ID": "CVE-2017-12513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center (iMC) PLAT", + "version": { + "version_data": [ + { + "version_value": "PLAT 7.3 (E0504)" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" - }, - { - "name" : "100367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100367" - }, - { - "name" : "1039152", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039152", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039152" + }, + { + "name": "100367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100367" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12772.json b/2017/12xxx/CVE-2017-12772.json index 1b387427481..c36e55147bc 100644 --- a/2017/12xxx/CVE-2017-12772.json +++ b/2017/12xxx/CVE-2017-12772.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12772", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12772", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13056.json b/2017/13xxx/CVE-2017-13056.json index 6305b98a228..653ca5d2f83 100644 --- a/2017/13xxx/CVE-2017-13056.json +++ b/2017/13xxx/CVE-2017-13056.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/143912/PDF-XChange-Viewer-2.5-Build-314.0-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/143912/PDF-XChange-Viewer-2.5-Build-314.0-Code-Execution.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/143912/PDF-XChange-Viewer-2.5-Build-314.0-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/143912/PDF-XChange-Viewer-2.5-Build-314.0-Code-Execution.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13057.json b/2017/13xxx/CVE-2017-13057.json index f466cc805fb..75d3399227b 100644 --- a/2017/13xxx/CVE-2017-13057.json +++ b/2017/13xxx/CVE-2017-13057.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13057", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13057", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13833.json b/2017/13xxx/CVE-2017-13833.json index 09819bcdac7..434a88978b0 100644 --- a/2017/13xxx/CVE-2017-13833.json +++ b/2017/13xxx/CVE-2017-13833.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-13833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"CFNetwork\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-13833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "https://support.apple.com/HT208331", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208331" - }, - { - "name" : "102100", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102100" - }, - { - "name" : "1039952", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039952" - }, - { - "name" : "1039953", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039953" - }, - { - "name" : "1039966", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"CFNetwork\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "https://support.apple.com/HT208331", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208331" + }, + { + "name": "1039966", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039966" + }, + { + "name": "1039953", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039953" + }, + { + "name": "1039952", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039952" + }, + { + "name": "102100", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102100" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17720.json b/2017/17xxx/CVE-2017-17720.json index f3397cb3e41..2869c154c30 100644 --- a/2017/17xxx/CVE-2017-17720.json +++ b/2017/17xxx/CVE-2017-17720.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17720", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17720", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0704.json b/2018/0xxx/CVE-2018-0704.json index a7db6e36082..a069184aa50 100644 --- a/2018/0xxx/CVE-2018-0704.json +++ b/2018/0xxx/CVE-2018-0704.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cybozu Office", - "version" : { - "version_data" : [ - { - "version_value" : "10.0.0 to 10.8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Cybozu, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory traversal" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cybozu Office", + "version": { + "version_data": [ + { + "version_value": "10.0.0 to 10.8.1" + } + ] + } + } + ] + }, + "vendor_name": "Cybozu, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.cybozu.support/article/34091/", - "refsource" : "MISC", - "url" : "https://kb.cybozu.support/article/34091/" - }, - { - "name" : "JVN#15232217", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN15232217/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#15232217", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN15232217/index.html" + }, + { + "name": "https://kb.cybozu.support/article/34091/", + "refsource": "MISC", + "url": "https://kb.cybozu.support/article/34091/" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18252.json b/2018/18xxx/CVE-2018-18252.json index 7842cfa2e85..db957fddd33 100644 --- a/2018/18xxx/CVE-2018-18252.json +++ b/2018/18xxx/CVE-2018-18252.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe provides \"NT AUTHORITY\\SYSTEM\" access to unprivileged users via the --system option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://improsec.com/tech-blog/cam1", - "refsource" : "MISC", - "url" : "https://improsec.com/tech-blog/cam1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe provides \"NT AUTHORITY\\SYSTEM\" access to unprivileged users via the --system option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://improsec.com/tech-blog/cam1", + "refsource": "MISC", + "url": "https://improsec.com/tech-blog/cam1" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18428.json b/2018/18xxx/CVE-2018-18428.json index 526cfc0f7ac..0505412d947 100644 --- a/2018/18xxx/CVE-2018-18428.json +++ b/2018/18xxx/CVE-2018-18428.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45632", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45632/" - }, - { - "name" : "https://packetstormsecurity.com/files/149843", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/149843" - }, - { - "name" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5497.php", - "refsource" : "MISC", - "url" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5497.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5497.php", + "refsource": "MISC", + "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5497.php" + }, + { + "name": "https://packetstormsecurity.com/files/149843", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/149843" + }, + { + "name": "45632", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45632/" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18488.json b/2018/18xxx/CVE-2018-18488.json index 0be148a380a..9b6c6cc0134 100644 --- a/2018/18xxx/CVE-2018-18488.json +++ b/2018/18xxx/CVE-2018-18488.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In \\lib\\admin\\action\\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunu11.com/2018/10/18/glxcms/", - "refsource" : "MISC", - "url" : "http://sunu11.com/2018/10/18/glxcms/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In \\lib\\admin\\action\\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sunu11.com/2018/10/18/glxcms/", + "refsource": "MISC", + "url": "http://sunu11.com/2018/10/18/glxcms/" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18910.json b/2018/18xxx/CVE-2018-18910.json index a4e7ea86533..a6845e95568 100644 --- a/2018/18xxx/CVE-2018-18910.json +++ b/2018/18xxx/CVE-2018-18910.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18910", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18910", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19017.json b/2018/19xxx/CVE-2018-19017.json index d01f80f103f..509febbfda9 100644 --- a/2018/19xxx/CVE-2018-19017.json +++ b/2018/19xxx/CVE-2018-19017.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2019-01-17T00:00:00", - "ID" : "CVE-2018-19017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CX-Supervisor", - "version" : { - "version_data" : [ - { - "version_value" : "Versions 3.42 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Several use after free vulnerabilities have been identified in CX-Supervisor (Versions 3.42 and prior). When processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "USE AFTER FREE CWE-416" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2019-01-17T00:00:00", + "ID": "CVE-2018-19017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CX-Supervisor", + "version": { + "version_data": [ + { + "version_value": "Versions 3.42 and prior" + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01" - }, - { - "name" : "106654", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106654" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Several use after free vulnerabilities have been identified in CX-Supervisor (Versions 3.42 and prior). When processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "USE AFTER FREE CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106654", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106654" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19052.json b/2018/19xxx/CVE-2018-19052.json index cb062bd6044..279a79a9680 100644 --- a/2018/19xxx/CVE-2018-19052.json +++ b/2018/19xxx/CVE-2018-19052.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1", - "refsource" : "MISC", - "url" : "https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1", + "refsource": "MISC", + "url": "https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19933.json b/2018/19xxx/CVE-2018-19933.json index 072aa992d03..bed672bbb95 100644 --- a/2018/19xxx/CVE-2018-19933.json +++ b/2018/19xxx/CVE-2018-19933.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46014", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46014/" - }, - { - "name" : "https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting", - "refsource" : "MISC", - "url" : "https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting" - }, - { - "name" : "https://www.raifberkaydincel.com/bolt-cms-xss-vulnerability.html", - "refsource" : "MISC", - "url" : "https://www.raifberkaydincel.com/bolt-cms-xss-vulnerability.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46014", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46014/" + }, + { + "name": "https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting", + "refsource": "MISC", + "url": "https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting" + }, + { + "name": "https://www.raifberkaydincel.com/bolt-cms-xss-vulnerability.html", + "refsource": "MISC", + "url": "https://www.raifberkaydincel.com/bolt-cms-xss-vulnerability.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1118.json b/2018/1xxx/CVE-2018-1118.json index 8302bf44786..3c7912ec6d5 100644 --- a/2018/1xxx/CVE-2018-1118.json +++ b/2018/1xxx/CVE-2018-1118.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-1118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "vhost", - "version" : { - "version_data" : [ - { - "version_value" : "since 4.8" - } - ] - } - } - ] - }, - "vendor_name" : "kernel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "2.3/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-665" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-1118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "vhost", + "version": { + "version_data": [ + { + "version_value": "since 4.8" + } + ] + } + } + ] + }, + "vendor_name": "kernel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1118", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1118" - }, - { - "name" : "RHSA-2018:2948", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2948" - }, - { - "name" : "RHSA-2018:3083", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3083" - }, - { - "name" : "RHSA-2018:3096", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3096" - }, - { - "name" : "USN-3762-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3762-1/" - }, - { - "name" : "USN-3762-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3762-2/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "2.3/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-665" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:3083", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3083" + }, + { + "name": "USN-3762-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3762-1/" + }, + { + "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html" + }, + { + "name": "RHSA-2018:2948", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2948" + }, + { + "name": "USN-3762-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3762-2/" + }, + { + "name": "RHSA-2018:3096", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3096" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1118", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1118" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1711.json b/2018/1xxx/CVE-2018-1711.json index ab7b4252211..611a4f13f23 100644 --- a/2018/1xxx/CVE-2018-1711.json +++ b/2018/1xxx/CVE-2018-1711.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-09-18T00:00:00", - "ID" : "CVE-2018-1711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DB2 for Linux, UNIX and Windows", - "version" : { - "version_data" : [ - { - "version_value" : "10.5" - }, - { - "version_value" : "10.1" - }, - { - "version_value" : "9.7" - }, - { - "version_value" : "11.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "H", - "AC" : "L", - "AV" : "L", - "C" : "H", - "I" : "H", - "PR" : "N", - "S" : "U", - "SCORE" : "8.400", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-09-18T00:00:00", + "ID": "CVE-2018-1711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DB2 for Linux, UNIX and Windows", + "version": { + "version_data": [ + { + "version_value": "10.5" + }, + { + "version_value": "10.1" + }, + { + "version_value": "9.7" + }, + { + "version_value": "11.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10729983", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10729983" - }, - { - "name" : "105390", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105390" - }, - { - "name" : "1042175", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042175" - }, - { - "name" : "ibm-db2-cve20181711-priv-escalation(146369)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/146369" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "H", + "AC": "L", + "AV": "L", + "C": "H", + "I": "H", + "PR": "N", + "S": "U", + "SCORE": "8.400", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105390", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105390" + }, + { + "name": "1042175", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042175" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10729983", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10729983" + }, + { + "name": "ibm-db2-cve20181711-priv-escalation(146369)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/146369" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5495.json b/2018/5xxx/CVE-2018-5495.json index 433fef07009..c7b3ab0b1c4 100644 --- a/2018/5xxx/CVE-2018-5495.json +++ b/2018/5xxx/CVE-2018-5495.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@netapp.com", - "ID" : "CVE-2018-5495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "StorageGRID Webscale", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "NetApp" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "All StorageGRID Webscale versions are susceptible to a vulnerability which could permit an unauthenticated attacker to communicate with systems on the same network as the StorageGRID Webscale Admin Node via HTTP or to take over services on the Admin Node." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@netapp.com", + "ID": "CVE-2018-5495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "StorageGRID Webscale", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "NetApp" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security.netapp.com/advisory/ntap-20181114-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181114-0001/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All StorageGRID Webscale versions are susceptible to a vulnerability which could permit an unauthenticated attacker to communicate with systems on the same network as the StorageGRID Webscale Admin Node via HTTP or to take over services on the Admin Node." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20181114-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181114-0001/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5763.json b/2018/5xxx/CVE-2018-5763.json index 31648583a16..e3186bd4302 100644 --- a/2018/5xxx/CVE-2018-5763.json +++ b/2018/5xxx/CVE-2018-5763.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5763", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 and 6.x before 6.0.1. By entering specially crafted URLs, an attacker is able to bring the shop server to a standstill and hence, it stops working. This is only valid if OXID High Performance Option is activated and Varnish is used." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://oxidforge.org/en/security-bulletin-2018-001.html", - "refsource" : "CONFIRM", - "url" : "https://oxidforge.org/en/security-bulletin-2018-001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 and 6.x before 6.0.1. By entering specially crafted URLs, an attacker is able to bring the shop server to a standstill and hence, it stops working. This is only valid if OXID High Performance Option is activated and Varnish is used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://oxidforge.org/en/security-bulletin-2018-001.html", + "refsource": "CONFIRM", + "url": "https://oxidforge.org/en/security-bulletin-2018-001.html" + } + ] + } +} \ No newline at end of file