diff --git a/2001/0xxx/CVE-2001-0146.json b/2001/0xxx/CVE-2001-0146.json index 270f93d0ec1..8100bbeda7e 100644 --- a/2001/0xxx/CVE-2001-0146.json +++ b/2001/0xxx/CVE-2001-0146.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS01-014", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-014" - }, - { - "name" : "VU#796584", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/796584" - }, - { - "name" : "2440", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2440" - }, - { - "name" : "2441", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2441" - }, - { - "name" : "iis-malformed-url-dos(6171)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6171" - }, - { - "name" : "exchange-malformed-url-dos(6172)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS01-014", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-014" + }, + { + "name": "exchange-malformed-url-dos(6172)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6172" + }, + { + "name": "2440", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2440" + }, + { + "name": "iis-malformed-url-dos(6171)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6171" + }, + { + "name": "2441", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2441" + }, + { + "name": "VU#796584", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/796584" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0304.json b/2001/0xxx/CVE-2001-0304.json index 2ec089108b0..84561f9424c 100644 --- a/2001/0xxx/CVE-2001-0304.json +++ b/2001/0xxx/CVE-2001-0304.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote attackers to read arbitrary files via a \"\\..\" (dot dot) in a URL request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010216 Vulnerability in Resin Webserver", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98229372610440&w=2" - }, - { - "name" : "2384", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2384" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote attackers to read arbitrary files via a \"\\..\" (dot dot) in a URL request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010216 Vulnerability in Resin Webserver", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98229372610440&w=2" + }, + { + "name": "2384", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2384" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0321.json b/2001/0xxx/CVE-2001-0321.json index c1d733bc327..82562f674e3 100644 --- a/2001/0xxx/CVE-2001-0321.json +++ b/2001/0xxx/CVE-2001-0321.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010212 Fwd: Re: phpnuke, security problem...", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0214.html" - }, - { - "name" : "phpnuke-opendir-read-files(6512)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6512" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010212 Fwd: Re: phpnuke, security problem...", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0214.html" + }, + { + "name": "phpnuke-opendir-read-files(6512)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6512" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0517.json b/2001/0xxx/CVE-2001-0517.json index f53079c8403..f9733181dc1 100644 --- a/2001/0xxx/CVE-2001-0517.json +++ b/2001/0xxx/CVE-2001-0517.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Oracle listener in Oracle 8i on Solaris allows remote attackers to cause a denial of service via a malformed connection packet with a maximum transport data size that is set to 0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010515 Multiple Oracle Listener Denial of Service Vulnerabilities", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/alerts/advise82.php" - }, - { - "name" : "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf", - "refsource" : "CONFIRM", - "url" : "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf" - }, - { - "name" : "oracle-listener-data-transport-dos(6715)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6715" - }, - { - "name" : "5590", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5590" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Oracle listener in Oracle 8i on Solaris allows remote attackers to cause a denial of service via a malformed connection packet with a maximum transport data size that is set to 0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010515 Multiple Oracle Listener Denial of Service Vulnerabilities", + "refsource": "ISS", + "url": "http://xforce.iss.net/alerts/advise82.php" + }, + { + "name": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf", + "refsource": "CONFIRM", + "url": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf" + }, + { + "name": "5590", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5590" + }, + { + "name": "oracle-listener-data-transport-dos(6715)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6715" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0603.json b/2001/0xxx/CVE-2001-0603.json index c8a5e11ce93..d08d6dce1a1 100644 --- a/2001/0xxx/CVE-2001-0603.json +++ b/2001/0xxx/CVE-2001-0603.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0603", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeatedly sending large (> 10Kb) amounts of data to the DIIOP - CORBA service on TCP port 63148." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010411 def-2001-20: Lotus Domino Multiple DoS ", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0174.html" - }, - { - "name" : "lotus-domino-corba-dos(6350)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6350" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeatedly sending large (> 10Kb) amounts of data to the DIIOP - CORBA service on TCP port 63148." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "lotus-domino-corba-dos(6350)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6350" + }, + { + "refsource": "BUGTRAQ", + "name": "20010411 def-2001-20: Lotus Domino Multiple DoS", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0174.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0322.json b/2008/0xxx/CVE-2008-0322.json index 065c16932f4..077707e82f6 100644 --- a/2008/0xxx/CVE-2008-0322.json +++ b/2008/0xxx/CVE-2008-0322.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the \"\\\\.\\I2OExc\" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080512 Microsoft Windows I2O Filter Utility Driver (i2omgmt.sys) Local Privilege Escalation Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=699" - }, - { - "name" : "29171", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29171" - }, - { - "name" : "ADV-2008-1476", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1476/references" - }, - { - "name" : "1020006", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020006" - }, - { - "name" : "30203", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30203" - }, - { - "name" : "win-i2omgmt-code-execution(42358)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42358" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the \"\\\\.\\I2OExc\" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1020006", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020006" + }, + { + "name": "ADV-2008-1476", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1476/references" + }, + { + "name": "win-i2omgmt-code-execution(42358)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42358" + }, + { + "name": "20080512 Microsoft Windows I2O Filter Utility Driver (i2omgmt.sys) Local Privilege Escalation Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=699" + }, + { + "name": "30203", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30203" + }, + { + "name": "29171", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29171" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0408.json b/2008/0xxx/CVE-2008-0408.json index 57539cb91f0..59e4b08ef14 100644 --- a/2008/0xxx/CVE-2008-0408.json +++ b/2008/0xxx/CVE-2008-0408.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080123 Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/486874/100/0/threaded" - }, - { - "name" : "http://www.rejetto.com/hfs/?f=wn", - "refsource" : "MISC", - "url" : "http://www.rejetto.com/hfs/?f=wn" - }, - { - "name" : "http://www.syhunt.com/advisories/hfs-1-username.txt", - "refsource" : "MISC", - "url" : "http://www.syhunt.com/advisories/hfs-1-username.txt" - }, - { - "name" : "http://www.syhunt.com/advisories/hfshack.txt", - "refsource" : "MISC", - "url" : "http://www.syhunt.com/advisories/hfshack.txt" - }, - { - "name" : "27423", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27423" - }, - { - "name" : "28631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28631" - }, - { - "name" : "3582", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3582" - }, - { - "name" : "hfs-unspecified-log-injection(39876)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39876" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hfs-unspecified-log-injection(39876)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39876" + }, + { + "name": "20080123 Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/486874/100/0/threaded" + }, + { + "name": "http://www.rejetto.com/hfs/?f=wn", + "refsource": "MISC", + "url": "http://www.rejetto.com/hfs/?f=wn" + }, + { + "name": "27423", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27423" + }, + { + "name": "http://www.syhunt.com/advisories/hfs-1-username.txt", + "refsource": "MISC", + "url": "http://www.syhunt.com/advisories/hfs-1-username.txt" + }, + { + "name": "http://www.syhunt.com/advisories/hfshack.txt", + "refsource": "MISC", + "url": "http://www.syhunt.com/advisories/hfshack.txt" + }, + { + "name": "28631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28631" + }, + { + "name": "3582", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3582" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0951.json b/2008/0xxx/CVE-2008-0951.json index b6481172ecb..479e00f2ea0 100644 --- a/2008/0xxx/CVE-2008-0951.json +++ b/2008/0xxx/CVE-2008-0951.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled USB device containing a filesystem with an Autorun.inf file, and possibly other vectors related to (a) AutoRun and (b) AutoPlay actions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2008-0951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS08-038", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-038" - }, - { - "name" : "VU#889747", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/889747" - }, - { - "name" : "28360", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28360" - }, - { - "name" : "ADV-2008-0954", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0954/references" - }, - { - "name" : "1020446", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020446" - }, - { - "name" : "29458", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29458" - }, - { - "name" : "vista-nodrivetypeautorun-weak-security(41349)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41349" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled USB device containing a filesystem with an Autorun.inf file, and possibly other vectors related to (a) AutoRun and (b) AutoPlay actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vista-nodrivetypeautorun-weak-security(41349)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41349" + }, + { + "name": "28360", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28360" + }, + { + "name": "VU#889747", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/889747" + }, + { + "name": "1020446", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020446" + }, + { + "name": "MS08-038", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-038" + }, + { + "name": "ADV-2008-0954", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0954/references" + }, + { + "name": "29458", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29458" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1207.json b/2008/1xxx/CVE-2008-1207.json index 519ee63d005..0eb88a9b935 100644 --- a/2008/1xxx/CVE-2008-1207.json +++ b/2008/1xxx/CVE-2008-1207.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Fujitsu Interstage Smart Repository, as used in multiple Fujitsu Interstage products, allow remote attackers to cause a denial of service (daemon crash) via (1) an invalid request or (2) a large amount of data sent to the registered attribute value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-sr-200801e.html", - "refsource" : "CONFIRM", - "url" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-sr-200801e.html" - }, - { - "name" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-sr-200802e.html", - "refsource" : "CONFIRM", - "url" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-sr-200802e.html" - }, - { - "name" : "28114", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28114" - }, - { - "name" : "ADV-2008-0786", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0786" - }, - { - "name" : "29250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29250" - }, - { - "name" : "interstage-smartrepository-update-dos(41041)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41041" - }, - { - "name" : "interstage-smart-repository-dos(41039)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41039" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Fujitsu Interstage Smart Repository, as used in multiple Fujitsu Interstage products, allow remote attackers to cause a denial of service (daemon crash) via (1) an invalid request or (2) a large amount of data sent to the registered attribute value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "interstage-smart-repository-dos(41039)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41039" + }, + { + "name": "interstage-smartrepository-update-dos(41041)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41041" + }, + { + "name": "29250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29250" + }, + { + "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-sr-200801e.html", + "refsource": "CONFIRM", + "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-sr-200801e.html" + }, + { + "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-sr-200802e.html", + "refsource": "CONFIRM", + "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-sr-200802e.html" + }, + { + "name": "ADV-2008-0786", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0786" + }, + { + "name": "28114", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28114" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1318.json b/2008/1xxx/CVE-2008-1318.json index fd3f275c355..932430ae8db 100644 --- a/2008/1xxx/CVE-2008-1318.json +++ b/2008/1xxx/CVE-2008-1318.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive \"cross-site\" information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20080307 MediaWiki 1.11.2 released (security)", - "refsource" : "MLIST", - "url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-March/000070.html" - }, - { - "name" : "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_11_2/phase3/RELEASE-NOTES", - "refsource" : "CONFIRM", - "url" : "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_11_2/phase3/RELEASE-NOTES" - }, - { - "name" : "28070", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28070" - }, - { - "name" : "ADV-2008-0732", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0732/references" - }, - { - "name" : "1019535", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019535" - }, - { - "name" : "29216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29216" - }, - { - "name" : "mediawiki-jsoncallbacks-info-disclosure(40960)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40960" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive \"cross-site\" information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28070", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28070" + }, + { + "name": "29216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29216" + }, + { + "name": "[MediaWiki-announce] 20080307 MediaWiki 1.11.2 released (security)", + "refsource": "MLIST", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-March/000070.html" + }, + { + "name": "mediawiki-jsoncallbacks-info-disclosure(40960)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40960" + }, + { + "name": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_11_2/phase3/RELEASE-NOTES", + "refsource": "CONFIRM", + "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_11_2/phase3/RELEASE-NOTES" + }, + { + "name": "1019535", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019535" + }, + { + "name": "ADV-2008-0732", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0732/references" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1803.json b/2008/1xxx/CVE-2008-1803.json index caf0fd5cc03..e4bccc85d9b 100644 --- a/2008/1xxx/CVE-2008-1803.json +++ b/2008/1xxx/CVE-2008-1803.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original researcher." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080507 Multiple Vendor rdesktop channel_process() Integer Signedness Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=698" - }, - { - "name" : "http://rdesktop.cvs.sourceforge.net/rdesktop/rdesktop/rdesktop.c?r1=1.161&r2=1.162&pathrev=HEAD", - "refsource" : "CONFIRM", - "url" : "http://rdesktop.cvs.sourceforge.net/rdesktop/rdesktop/rdesktop.c?r1=1.161&r2=1.162&pathrev=HEAD" - }, - { - "name" : "http://sourceforge.net/mailarchive/message.php?msg_name=20080511065217.GA24455%40cse.unsw.EDU.AU", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/mailarchive/message.php?msg_name=20080511065217.GA24455%40cse.unsw.EDU.AU" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-360.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-360.htm" - }, - { - "name" : "DSA-1573", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1573" - }, - { - "name" : "FEDORA-2008-3886", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-package-announce/2008-May/msg00244.html" - }, - { - "name" : "FEDORA-2008-3917", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-package-announce/2008-May/msg00270.html" - }, - { - "name" : "FEDORA-2008-3985", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-package-announce/2008-May/msg00296.html" - }, - { - "name" : "GLSA-200806-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200806-04.xml" - }, - { - "name" : "MDVSA-2008:101", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:101" - }, - { - "name" : "RHSA-2008:0575", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0575.html" - }, - { - "name" : "240708", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240708-1" - }, - { - "name" : "USN-646-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-646-1" - }, - { - "name" : "29097", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29097" - }, - { - "name" : "oval:org.mitre.oval:def:9800", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9800" - }, - { - "name" : "ADV-2008-1467", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1467/references" - }, - { - "name" : "ADV-2008-2403", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2403" - }, - { - "name" : "1019992", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019992" - }, - { - "name" : "30118", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30118" - }, - { - "name" : "30248", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30248" - }, - { - "name" : "30713", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30713" - }, - { - "name" : "31224", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31224" - }, - { - "name" : "31928", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31928" - }, - { - "name" : "rdesktop-xrealloc-bo(42277)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original researcher." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31224", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31224" + }, + { + "name": "rdesktop-xrealloc-bo(42277)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42277" + }, + { + "name": "30118", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30118" + }, + { + "name": "USN-646-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-646-1" + }, + { + "name": "GLSA-200806-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200806-04.xml" + }, + { + "name": "FEDORA-2008-3917", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-package-announce/2008-May/msg00270.html" + }, + { + "name": "30713", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30713" + }, + { + "name": "DSA-1573", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1573" + }, + { + "name": "1019992", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019992" + }, + { + "name": "FEDORA-2008-3886", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-package-announce/2008-May/msg00244.html" + }, + { + "name": "20080507 Multiple Vendor rdesktop channel_process() Integer Signedness Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=698" + }, + { + "name": "ADV-2008-2403", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2403" + }, + { + "name": "FEDORA-2008-3985", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-package-announce/2008-May/msg00296.html" + }, + { + "name": "http://rdesktop.cvs.sourceforge.net/rdesktop/rdesktop/rdesktop.c?r1=1.161&r2=1.162&pathrev=HEAD", + "refsource": "CONFIRM", + "url": "http://rdesktop.cvs.sourceforge.net/rdesktop/rdesktop/rdesktop.c?r1=1.161&r2=1.162&pathrev=HEAD" + }, + { + "name": "29097", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29097" + }, + { + "name": "240708", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240708-1" + }, + { + "name": "ADV-2008-1467", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1467/references" + }, + { + "name": "oval:org.mitre.oval:def:9800", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9800" + }, + { + "name": "MDVSA-2008:101", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:101" + }, + { + "name": "http://sourceforge.net/mailarchive/message.php?msg_name=20080511065217.GA24455%40cse.unsw.EDU.AU", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/mailarchive/message.php?msg_name=20080511065217.GA24455%40cse.unsw.EDU.AU" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-360.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-360.htm" + }, + { + "name": "RHSA-2008:0575", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0575.html" + }, + { + "name": "30248", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30248" + }, + { + "name": "31928", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31928" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1809.json b/2008/1xxx/CVE-2008-1809.json index ee2a2524aa6..934b80eb345 100644 --- a/2008/1xxx/CVE-2008-1809.json +++ b/2008/1xxx/CVE-2008-1809.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Novell eDirectory 8.7.3 before 8.7.3.10b, and 8.8 before 8.8.2 FTF2, allows remote attackers to execute arbitrary code via an LDAP search request containing \"NULL search parameters.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080709 Novell eDirectory LDAP Search Request Heap Corruption Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=724" - }, - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=3843876", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=3843876" - }, - { - "name" : "30175", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30175" - }, - { - "name" : "ADV-2008-2062", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2062/references" - }, - { - "name" : "1020470", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020470" - }, - { - "name" : "31036", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31036" - }, - { - "name" : "novell-edirectory-ldap-bo(43716)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43716" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Novell eDirectory 8.7.3 before 8.7.3.10b, and 8.8 before 8.8.2 FTF2, allows remote attackers to execute arbitrary code via an LDAP search request containing \"NULL search parameters.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30175", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30175" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=3843876", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=3843876" + }, + { + "name": "1020470", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020470" + }, + { + "name": "ADV-2008-2062", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2062/references" + }, + { + "name": "novell-edirectory-ldap-bo(43716)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43716" + }, + { + "name": "20080709 Novell eDirectory LDAP Search Request Heap Corruption Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=724" + }, + { + "name": "31036", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31036" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1967.json b/2008/1xxx/CVE-2008-1967.json index fb9219dfe1c..1a9610904e8 100644 --- a/2008/1xxx/CVE-2008-1967.json +++ b/2008/1xxx/CVE-2008-1967.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in CFLogon/CFLogon.asp in Cezanne 6.5.1 and 7 allows remote attackers to inject arbitrary web script or HTML via the SleUserName parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080414 S21SEC-041-en:Cezanne SW Cross-Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490842/100/0/threaded" - }, - { - "name" : "http://www.s21sec.com/avisos/s21sec-41-en.txt", - "refsource" : "MISC", - "url" : "http://www.s21sec.com/avisos/s21sec-41-en.txt" - }, - { - "name" : "28774", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28774" - }, - { - "name" : "3828", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3828" - }, - { - "name" : "cezanne-cflogon-xss(41813)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41813" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in CFLogon/CFLogon.asp in Cezanne 6.5.1 and 7 allows remote attackers to inject arbitrary web script or HTML via the SleUserName parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28774", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28774" + }, + { + "name": "20080414 S21SEC-041-en:Cezanne SW Cross-Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490842/100/0/threaded" + }, + { + "name": "http://www.s21sec.com/avisos/s21sec-41-en.txt", + "refsource": "MISC", + "url": "http://www.s21sec.com/avisos/s21sec-41-en.txt" + }, + { + "name": "cezanne-cflogon-xss(41813)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41813" + }, + { + "name": "3828", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3828" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5412.json b/2008/5xxx/CVE-2008-5412.json index b68a0362b2d..4199edc3636 100644 --- a/2008/5xxx/CVE-2008-5412.json +++ b/2008/5xxx/CVE-2008-5412.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5412", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" - }, - { - "name" : "PK75248", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK75248" - }, - { - "name" : "32679", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32679" - }, - { - "name" : "ADV-2008-3370", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3370" - }, - { - "name" : "33022", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33022" - }, - { - "name" : "websphere-jsp-unspecified(47134)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33022", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33022" + }, + { + "name": "PK75248", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK75248" + }, + { + "name": "ADV-2008-3370", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3370" + }, + { + "name": "32679", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32679" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" + }, + { + "name": "websphere-jsp-unspecified(47134)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47134" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5888.json b/2008/5xxx/CVE-2008-5888.json index e42aa9b655c..ece526da4a4 100644 --- a/2008/5xxx/CVE-2008-5888.json +++ b/2008/5xxx/CVE-2008-5888.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Click&Rank allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hitcounter.asp, (2) user_delete.asp, and (3) user_update.asp; (4) the userid parameter to admin_login.asp (aka the USERNAME field in admin.asp); and (5) the PassWord parameter to admin_login.asp (aka the PASSWORD field in admin.asp). NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7486", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7486" - }, - { - "name" : "32854", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32854" - }, - { - "name" : "33154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33154" - }, - { - "name" : "4902", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4902" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Click&Rank allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hitcounter.asp, (2) user_delete.asp, and (3) user_update.asp; (4) the userid parameter to admin_login.asp (aka the USERNAME field in admin.asp); and (5) the PassWord parameter to admin_login.asp (aka the PASSWORD field in admin.asp). NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4902", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4902" + }, + { + "name": "7486", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7486" + }, + { + "name": "33154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33154" + }, + { + "name": "32854", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32854" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0047.json b/2013/0xxx/CVE-2013-0047.json index 8f01989ce7b..ddd37f6870e 100644 --- a/2013/0xxx/CVE-2013-0047.json +++ b/2013/0xxx/CVE-2013-0047.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0047", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-0047", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0112.json b/2013/0xxx/CVE-2013-0112.json index 570927d843b..e5a89e13ed8 100644 --- a/2013/0xxx/CVE-2013-0112.json +++ b/2013/0xxx/CVE-2013-0112.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0112", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0112", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0502.json b/2013/0xxx/CVE-2013-0502.json index 2274692b966..cd8c979bdb7 100644 --- a/2013/0xxx/CVE-2013-0502.json +++ b/2013/0xxx/CVE-2013-0502.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server 8.1, 8.5 through FP3, 8.7 through FP2, and 9.1 allows remote attackers to inject arbitrary web script or HTML via a malformed URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21632556", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21632556" - }, - { - "name" : "JR45274", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR45274" - }, - { - "name" : "infosphere-web-console-xss(82233)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82233" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server 8.1, 8.5 through FP3, 8.7 through FP2, and 9.1 allows remote attackers to inject arbitrary web script or HTML via a malformed URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JR45274", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR45274" + }, + { + "name": "infosphere-web-console-xss(82233)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82233" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21632556", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21632556" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3265.json b/2013/3xxx/CVE-2013-3265.json index 8eca66e267a..933daa48dd3 100644 --- a/2013/3xxx/CVE-2013-3265.json +++ b/2013/3xxx/CVE-2013-3265.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3265", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3265", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3284.json b/2013/3xxx/CVE-2013-3284.json index 523049a4014..3231a350d99 100644 --- a/2013/3xxx/CVE-2013-3284.json +++ b/2013/3xxx/CVE-2013-3284.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3284", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-3284", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4444.json b/2013/4xxx/CVE-2013-4444.json index 995fb8f9372..ccf0566285f 100644 --- a/2013/4xxx/CVE-2013-4444.json +++ b/2013/4xxx/CVE-2013-4444.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140910 CVE-2013-4444 Remote Code Execution in Apache Tomcat", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0075.html" - }, - { - "name" : "[oss-security] 20141024 Re: Duplicate Request: CVE-2013-4444 as a duplicate of CVE-2013-2185", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/10/24/12" - }, - { - "name" : "http://tomcat.apache.org/security-7.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-7.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013" - }, - { - "name" : "DSA-3447", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3447" - }, - { - "name" : "HPSBOV03503", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144498216801440&w=2" - }, - { - "name" : "69728", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69728" - }, - { - "name" : "1030834", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030834" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69728", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69728" + }, + { + "name": "http://tomcat.apache.org/security-7.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-7.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "1030834", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030834" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013" + }, + { + "name": "HPSBOV03503", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144498216801440&w=2" + }, + { + "name": "[oss-security] 20141024 Re: Duplicate Request: CVE-2013-4444 as a duplicate of CVE-2013-2185", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/10/24/12" + }, + { + "name": "20140910 CVE-2013-4444 Remote Code Execution in Apache Tomcat", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0075.html" + }, + { + "name": "DSA-3447", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3447" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4815.json b/2013/4xxx/CVE-2013-4815.json index 53e89f3811a..0157c497c8b 100644 --- a/2013/4xxx/CVE-2013-4815.json +++ b/2013/4xxx/CVE-2013-4815.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4815", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web interface in HP ArcSight Enterprise Security Manager (ESM) before 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-4815", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBGN02923", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03901176" - }, - { - "name" : "SSRT101101", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03901176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web interface in HP ArcSight Enterprise Security Manager (ESM) before 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101101", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03901176" + }, + { + "name": "HPSBGN02923", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03901176" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4894.json b/2013/4xxx/CVE-2013-4894.json index 0dd32190761..3fcc52b639a 100644 --- a/2013/4xxx/CVE-2013-4894.json +++ b/2013/4xxx/CVE-2013-4894.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4894", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4894", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7173.json b/2013/7xxx/CVE-2013-7173.json index 2de9e08b358..6f3e231180c 100644 --- a/2013/7xxx/CVE-2013-7173.json +++ b/2013/7xxx/CVE-2013-7173.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7173", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7173", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10137.json b/2017/10xxx/CVE-2017-10137.json index d8247a960c2..be71d632d2f 100644 --- a/2017/10xxx/CVE-2017-10137.json +++ b/2017/10xxx/CVE-2017-10137.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebLogic Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "10.3.6.0" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JNDI). Supported versions that are affected are 10.3.6.0 and 12.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.3.6.0" + }, + { + "version_affected": "=", + "version_value": "12.1.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99634", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99634" - }, - { - "name" : "1038939", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JNDI). Supported versions that are affected are 10.3.6.0 and 12.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038939", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038939" + }, + { + "name": "99634", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99634" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12055.json b/2017/12xxx/CVE-2017-12055.json index 2513f095841..37157344f6c 100644 --- a/2017/12xxx/CVE-2017-12055.json +++ b/2017/12xxx/CVE-2017-12055.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12055", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12055", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12412.json b/2017/12xxx/CVE-2017-12412.json index 15261ccde71..fee41ed9103 100644 --- a/2017/12xxx/CVE-2017-12412.json +++ b/2017/12xxx/CVE-2017-12412.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12412", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-dependent attackers to have unspecified impact via a crafted file, which triggers infinite recursion and a stack overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/128", - "refsource" : "CONFIRM", - "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/128" - }, - { - "name" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", - "refsource" : "CONFIRM", - "url" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-dependent attackers to have unspecified impact via a crafted file, which triggers infinite recursion and a stack overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", + "refsource": "CONFIRM", + "url": "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0" + }, + { + "name": "https://github.com/cn-uofbasel/ccn-lite/issues/128", + "refsource": "CONFIRM", + "url": "https://github.com/cn-uofbasel/ccn-lite/issues/128" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12570.json b/2017/12xxx/CVE-2017-12570.json index ceb57cc9dea..ece46dea648 100644 --- a/2017/12xxx/CVE-2017-12570.json +++ b/2017/12xxx/CVE-2017-12570.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12570", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12570", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12745.json b/2017/12xxx/CVE-2017-12745.json index 621a91f7662..fe0e50da915 100644 --- a/2017/12xxx/CVE-2017-12745.json +++ b/2017/12xxx/CVE-2017-12745.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12745", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12745", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13029.json b/2017/13xxx/CVE-2017-13029.json index 56196a8b87c..6701e666e0c 100644 --- a/2017/13xxx/CVE-2017-13029.json +++ b/2017/13xxx/CVE-2017-13029.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tcpdump.org/tcpdump-changes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tcpdump.org/tcpdump-changes.txt" - }, - { - "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/7029d15f148ef24bb7c6668bc640f5470d085e5a", - "refsource" : "CONFIRM", - "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/7029d15f148ef24bb7c6668bc640f5470d085e5a" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "DSA-3971", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3971" - }, - { - "name" : "GLSA-201709-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-23" - }, - { - "name" : "RHEA-2018:0705", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHEA-2018:0705" - }, - { - "name" : "1039307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-23" + }, + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "DSA-3971", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3971" + }, + { + "name": "https://github.com/the-tcpdump-group/tcpdump/commit/7029d15f148ef24bb7c6668bc640f5470d085e5a", + "refsource": "CONFIRM", + "url": "https://github.com/the-tcpdump-group/tcpdump/commit/7029d15f148ef24bb7c6668bc640f5470d085e5a" + }, + { + "name": "1039307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039307" + }, + { + "name": "http://www.tcpdump.org/tcpdump-changes.txt", + "refsource": "CONFIRM", + "url": "http://www.tcpdump.org/tcpdump-changes.txt" + }, + { + "name": "RHEA-2018:0705", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHEA-2018:0705" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13256.json b/2017/13xxx/CVE-2017-13256.json index 006ad39a7c5..440163e7b0f 100644 --- a/2017/13xxx/CVE-2017-13256.json +++ b/2017/13xxx/CVE-2017-13256.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-03-05T00:00:00", - "ID" : "CVE-2017-13256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "5.1.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68817966." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-03-05T00:00:00", + "ID": "CVE-2017-13256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "5.1.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-03-01" - }, - { - "name" : "103253", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103253" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68817966." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-03-01" + }, + { + "name": "103253", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103253" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13467.json b/2017/13xxx/CVE-2017-13467.json index 018058caf5f..0a3adafa202 100644 --- a/2017/13xxx/CVE-2017-13467.json +++ b/2017/13xxx/CVE-2017-13467.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13467", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13467", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13916.json b/2017/13xxx/CVE-2017-13916.json index 470b8e60e9e..d7a6068a577 100644 --- a/2017/13xxx/CVE-2017-13916.json +++ b/2017/13xxx/CVE-2017-13916.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13916", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13916", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13991.json b/2017/13xxx/CVE-2017-13991.json index f16b406105e..98af37597b1 100644 --- a/2017/13xxx/CVE-2017-13991.json +++ b/2017/13xxx/CVE-2017-13991.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "ID" : "CVE-2017-13991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2017-13991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://softwaresupport.hpe.com/km/KM02944672", - "refsource" : "CONFIRM", - "url" : "https://softwaresupport.hpe.com/km/KM02944672" - }, - { - "name" : "100935", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100935" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://softwaresupport.hpe.com/km/KM02944672", + "refsource": "CONFIRM", + "url": "https://softwaresupport.hpe.com/km/KM02944672" + }, + { + "name": "100935", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100935" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16233.json b/2017/16xxx/CVE-2017-16233.json index 83a989525ef..12d51e03b08 100644 --- a/2017/16xxx/CVE-2017-16233.json +++ b/2017/16xxx/CVE-2017-16233.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16233", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16233", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16521.json b/2017/16xxx/CVE-2017-16521.json index f263066143e..0b27c569c7c 100644 --- a/2017/16xxx/CVE-2017-16521.json +++ b/2017/16xxx/CVE-2017-16521.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gitlab.com/inedo/buildmaster/commit/4f4c737fefe44c3227535946f535fb7ef468d721", - "refsource" : "MISC", - "url" : "https://gitlab.com/inedo/buildmaster/commit/4f4c737fefe44c3227535946f535fb7ef468d721" - }, - { - "name" : "https://inedo.com/blog/buildmaster-582-released", - "refsource" : "MISC", - "url" : "https://inedo.com/blog/buildmaster-582-released" - }, - { - "name" : "https://inedo.com/buildmaster/versions#v5.8", - "refsource" : "MISC", - "url" : "https://inedo.com/buildmaster/versions#v5.8" - }, - { - "name" : "https://inedo.myjetbrains.com/youtrack/issue/BM-3108", - "refsource" : "MISC", - "url" : "https://inedo.myjetbrains.com/youtrack/issue/BM-3108" - }, - { - "name" : "https://inedo.myjetbrains.com/youtrack/issue/EDO-3334", - "refsource" : "MISC", - "url" : "https://inedo.myjetbrains.com/youtrack/issue/EDO-3334" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://inedo.myjetbrains.com/youtrack/issue/EDO-3334", + "refsource": "MISC", + "url": "https://inedo.myjetbrains.com/youtrack/issue/EDO-3334" + }, + { + "name": "https://gitlab.com/inedo/buildmaster/commit/4f4c737fefe44c3227535946f535fb7ef468d721", + "refsource": "MISC", + "url": "https://gitlab.com/inedo/buildmaster/commit/4f4c737fefe44c3227535946f535fb7ef468d721" + }, + { + "name": "https://inedo.com/buildmaster/versions#v5.8", + "refsource": "MISC", + "url": "https://inedo.com/buildmaster/versions#v5.8" + }, + { + "name": "https://inedo.myjetbrains.com/youtrack/issue/BM-3108", + "refsource": "MISC", + "url": "https://inedo.myjetbrains.com/youtrack/issue/BM-3108" + }, + { + "name": "https://inedo.com/blog/buildmaster-582-released", + "refsource": "MISC", + "url": "https://inedo.com/blog/buildmaster-582-released" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16603.json b/2017/16xxx/CVE-2017-16603.json index 64b537877c9..3c88b94d98c 100644 --- a/2017/16xxx/CVE-2017-16603.json +++ b/2017/16xxx/CVE-2017-16603.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-16603", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NetGain Systems Enterprise Manager", - "version" : { - "version_data" : [ - { - "version_value" : "7.2.730 build 1034" - } - ] - } - } - ] - }, - "vendor_name" : "NetGain Systems" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.settings.upload_005ffile_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate user-supplied data, which can allow for the upload of files. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5194." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-16603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetGain Systems Enterprise Manager", + "version": { + "version_data": [ + { + "version_value": "7.2.730 build 1034" + } + ] + } + } + ] + }, + "vendor_name": "NetGain Systems" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-968", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.settings.upload_005ffile_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate user-supplied data, which can allow for the upload of files. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5194." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-968", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-968" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17091.json b/2017/17xxx/CVE-2017-17091.json index bb8634a820f..a6b7f406c3d 100644 --- a/2017/17xxx/CVE-2017-17091.json +++ b/2017/17xxx/CVE-2017-17091.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171221 [SECURITY] [DLA 1216-1] wordpress security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00019.html" - }, - { - "name" : "https://codex.wordpress.org/Version_4.9.1", - "refsource" : "MISC", - "url" : "https://codex.wordpress.org/Version_4.9.1" - }, - { - "name" : "https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c", - "refsource" : "MISC", - "url" : "https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c" - }, - { - "name" : "https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/", - "refsource" : "MISC", - "url" : "https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8969", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8969" - }, - { - "name" : "DSA-4090", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4090" - }, - { - "name" : "102024", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4090", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4090" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8969", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8969" + }, + { + "name": "[debian-lts-announce] 20171221 [SECURITY] [DLA 1216-1] wordpress security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00019.html" + }, + { + "name": "102024", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102024" + }, + { + "name": "https://codex.wordpress.org/Version_4.9.1", + "refsource": "MISC", + "url": "https://codex.wordpress.org/Version_4.9.1" + }, + { + "name": "https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c", + "refsource": "MISC", + "url": "https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c" + }, + { + "name": "https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/", + "refsource": "MISC", + "url": "https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17247.json b/2017/17xxx/CVE-2017-17247.json index 8d713b70187..143f1276b96 100644 --- a/2017/17xxx/CVE-2017-17247.json +++ b/2017/17xxx/CVE-2017-17247.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17247", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17247", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17306.json b/2017/17xxx/CVE-2017-17306.json index 8a965aeb6ad..fd0afeb2524 100644 --- a/2017/17xxx/CVE-2017-17306.json +++ b/2017/17xxx/CVE-2017-17306.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-17306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VNS-L21", - "version" : { - "version_data" : [ - { - "version_value" : "VNS-L21AUTC555B141, VNS-L21C10B160, VNS-L21C66B160, VNS-L21C703B140" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Some Huawei Smartphones with software of VNS-L21AUTC555B141, VNS-L21C10B160, VNS-L21C66B160, VNS-L21C703B140 have an array out-of-bounds read vulnerability. Due to the lack verification of array, an attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker to read out of bounds of array and possibly cause the device abnormal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "array out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-17306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VNS-L21", + "version": { + "version_data": [ + { + "version_value": "VNS-L21AUTC555B141, VNS-L21C10B160, VNS-L21C66B160, VNS-L21C703B140" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-01-arrayover-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-01-arrayover-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some Huawei Smartphones with software of VNS-L21AUTC555B141, VNS-L21C10B160, VNS-L21C66B160, VNS-L21C703B140 have an array out-of-bounds read vulnerability. Due to the lack verification of array, an attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker to read out of bounds of array and possibly cause the device abnormal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "array out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-01-arrayover-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-01-arrayover-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17521.json b/2017/17xxx/CVE-2017-17521.json index 9d838ab5788..8eec8e6e40c 100644 --- a/2017/17xxx/CVE-2017-17521.json +++ b/2017/17xxx/CVE-2017-17521.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security-tracker.debian.org/tracker/CVE-2017-17521", - "refsource" : "MISC", - "url" : "https://security-tracker.debian.org/tracker/CVE-2017-17521" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security-tracker.debian.org/tracker/CVE-2017-17521", + "refsource": "MISC", + "url": "https://security-tracker.debian.org/tracker/CVE-2017-17521" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17810.json b/2017/17xxx/CVE-2017-17810.json index 8b4cd969004..97fe2561186 100644 --- a/2017/17xxx/CVE-2017-17810.json +++ b/2017/17xxx/CVE-2017-17810.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Netwide Assembler (NASM) 2.14rc0, there is a \"SEGV on unknown address\" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://repo.or.cz/nasm.git/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4", - "refsource" : "MISC", - "url" : "http://repo.or.cz/nasm.git/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4" - }, - { - "name" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392431", - "refsource" : "MISC", - "url" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392431" - }, - { - "name" : "USN-3694-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3694-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Netwide Assembler (NASM) 2.14rc0, there is a \"SEGV on unknown address\" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.nasm.us/show_bug.cgi?id=3392431", + "refsource": "MISC", + "url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392431" + }, + { + "name": "http://repo.or.cz/nasm.git/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4", + "refsource": "MISC", + "url": "http://repo.or.cz/nasm.git/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4" + }, + { + "name": "USN-3694-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3694-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18295.json b/2018/18xxx/CVE-2018-18295.json index f3feac1ac39..8f4b820b4fa 100644 --- a/2018/18xxx/CVE-2018-18295.json +++ b/2018/18xxx/CVE-2018-18295.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18295", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18295", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18665.json b/2018/18xxx/CVE-2018-18665.json index 8e6bd0735ec..a6691d95595 100644 --- a/2018/18xxx/CVE-2018-18665.json +++ b/2018/18xxx/CVE-2018-18665.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of Nexxus (NXX) aka NexxusToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://etherscan.io/address/0x7627de4b93263a6a7570b8dafa64bae812e5c394#code", - "refsource" : "MISC", - "url" : "https://etherscan.io/address/0x7627de4b93263a6a7570b8dafa64bae812e5c394#code" - }, - { - "name" : "https://github.com/NexxusUniversity/nexxuscoin/issues/2", - "refsource" : "MISC", - "url" : "https://github.com/NexxusUniversity/nexxuscoin/issues/2" - }, - { - "name" : "https://github.com/n0pn0pn0p/smart_contract_-vulnerability/blob/master/PolyAi.md", - "refsource" : "MISC", - "url" : "https://github.com/n0pn0pn0p/smart_contract_-vulnerability/blob/master/PolyAi.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of Nexxus (NXX) aka NexxusToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/n0pn0pn0p/smart_contract_-vulnerability/blob/master/PolyAi.md", + "refsource": "MISC", + "url": "https://github.com/n0pn0pn0p/smart_contract_-vulnerability/blob/master/PolyAi.md" + }, + { + "name": "https://etherscan.io/address/0x7627de4b93263a6a7570b8dafa64bae812e5c394#code", + "refsource": "MISC", + "url": "https://etherscan.io/address/0x7627de4b93263a6a7570b8dafa64bae812e5c394#code" + }, + { + "name": "https://github.com/NexxusUniversity/nexxuscoin/issues/2", + "refsource": "MISC", + "url": "https://github.com/NexxusUniversity/nexxuscoin/issues/2" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19002.json b/2018/19xxx/CVE-2018-19002.json index 558c6f24c96..167a8f583d7 100644 --- a/2018/19xxx/CVE-2018-19002.json +++ b/2018/19xxx/CVE-2018-19002.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2019-01-15T00:00:00", - "ID" : "CVE-2018-19002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LCDS Laquis SCADA", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version 4.1.0.4150" - } - ] - } - } - ] - }, - "vendor_name" : "LCDS" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION') CWE-94" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2019-01-15T00:00:00", + "ID": "CVE-2018-19002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LCDS Laquis SCADA", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 4.1.0.4150" + } + ] + } + } + ] + }, + "vendor_name": "LCDS" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01" - }, - { - "name" : "106634", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106634" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION') CWE-94" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01" + }, + { + "name": "106634", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106634" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19463.json b/2018/19xxx/CVE-2018-19463.json index b35b9af52f9..a5d47261c61 100644 --- a/2018/19xxx/CVE-2018-19463.json +++ b/2018/19xxx/CVE-2018-19463.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI. NOTE: The vendor's position is \"We have no dynamic including. No one can run PHP by uploading an image in current version.\" It also requires authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/novysodope/Z-BlogPHP1.5Zero/blob/master/Getshell", - "refsource" : "MISC", - "url" : "https://github.com/novysodope/Z-BlogPHP1.5Zero/blob/master/Getshell" - }, - { - "name" : "https://github.com/zblogcn/zblogphp/issues/205", - "refsource" : "CONFIRM", - "url" : "https://github.com/zblogcn/zblogphp/issues/205" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI. NOTE: The vendor's position is \"We have no dynamic including. No one can run PHP by uploading an image in current version.\" It also requires authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/zblogcn/zblogphp/issues/205", + "refsource": "CONFIRM", + "url": "https://github.com/zblogcn/zblogphp/issues/205" + }, + { + "name": "https://github.com/novysodope/Z-BlogPHP1.5Zero/blob/master/Getshell", + "refsource": "MISC", + "url": "https://github.com/novysodope/Z-BlogPHP1.5Zero/blob/master/Getshell" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19661.json b/2018/19xxx/CVE-2018-19661.json index 97a1a068599..547929ccbc6 100644 --- a/2018/19xxx/CVE-2018-19661.json +++ b/2018/19xxx/CVE-2018-19661.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" - }, - { - "name" : "https://github.com/erikd/libsndfile/issues/429", - "refsource" : "MISC", - "url" : "https://github.com/erikd/libsndfile/issues/429" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" + }, + { + "name": "https://github.com/erikd/libsndfile/issues/429", + "refsource": "MISC", + "url": "https://github.com/erikd/libsndfile/issues/429" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1318.json b/2018/1xxx/CVE-2018-1318.json index b484d46f427..95313e5f3fd 100644 --- a/2018/1xxx/CVE-2018-1318.json +++ b/2018/1xxx/CVE-2018-1318.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-08-28T00:00:00", - "ID" : "CVE-2018-1318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Traffic Server", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.0 to 6.2.2" - }, - { - "version_value" : "7.0.0 to 7.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-08-28T00:00:00", + "ID": "CVE-2018-1318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Traffic Server", + "version": { + "version_data": [ + { + "version_value": "6.0.0 to 6.2.2" + }, + { + "version_value": "7.0.0 to 7.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[trafficserver-users] 20180828 [ANNOUNCE] Apache Traffic Server vulnerability with method ACLs - CVE-2018-1318", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/9357cdfb6352f72944411608b712e37196ad9e4bc0f17c4828a26fb2@%3Cusers.trafficserver.apache.org%3E" - }, - { - "name" : "https://github.com/apache/trafficserver/pull/3195", - "refsource" : "CONFIRM", - "url" : "https://github.com/apache/trafficserver/pull/3195" - }, - { - "name" : "DSA-4282", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4282" - }, - { - "name" : "105176", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/apache/trafficserver/pull/3195", + "refsource": "CONFIRM", + "url": "https://github.com/apache/trafficserver/pull/3195" + }, + { + "name": "105176", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105176" + }, + { + "name": "DSA-4282", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4282" + }, + { + "name": "[trafficserver-users] 20180828 [ANNOUNCE] Apache Traffic Server vulnerability with method ACLs - CVE-2018-1318", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/9357cdfb6352f72944411608b712e37196ad9e4bc0f17c4828a26fb2@%3Cusers.trafficserver.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1602.json b/2018/1xxx/CVE-2018-1602.json index 385ac62b879..36ee32c7bed 100644 --- a/2018/1xxx/CVE-2018-1602.json +++ b/2018/1xxx/CVE-2018-1602.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-10-01T00:00:00", - "ID" : "CVE-2018-1602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Quality Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - }, - { - "version_value" : "6.0.6" - }, - { - "version_value" : "5.01" - }, - { - "version_value" : "5.02" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143792." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-10-01T00:00:00", + "ID": "CVE-2018-1602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Quality Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + }, + { + "version_value": "6.0.6" + }, + { + "version_value": "5.01" + }, + { + "version_value": "5.02" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10733641", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10733641" - }, - { - "name" : "ibm-rqm-cve20181602-xss(143792)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/143792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143792." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10733641", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733641" + }, + { + "name": "ibm-rqm-cve20181602-xss(143792)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143792" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1692.json b/2018/1xxx/CVE-2018-1692.json index d2dcdf0f006..c26f2537dc3 100644 --- a/2018/1xxx/CVE-2018-1692.json +++ b/2018/1xxx/CVE-2018-1692.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-10-01T00:00:00", - "ID" : "CVE-2018-1692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Quality Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - }, - { - "version_value" : "6.0.6" - }, - { - "version_value" : "5.01" - }, - { - "version_value" : "5.02" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145583." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-10-01T00:00:00", + "ID": "CVE-2018-1692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Quality Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + }, + { + "version_value": "6.0.6" + }, + { + "version_value": "5.01" + }, + { + "version_value": "5.02" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10733078", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10733078" - }, - { - "name" : "ibm-rqm-cve20181692-xss(145583)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145583." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10733078", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733078" + }, + { + "name": "ibm-rqm-cve20181692-xss(145583)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145583" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1766.json b/2018/1xxx/CVE-2018-1766.json index a0bd5edbbb8..8a3d5e21036 100644 --- a/2018/1xxx/CVE-2018-1766.json +++ b/2018/1xxx/CVE-2018-1766.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-10-25T00:00:00", - "ID" : "CVE-2018-1766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Team Concert", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - }, - { - "version_value" : "5.01" - }, - { - "version_value" : "5.02" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Team Concert (RTC) 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148620." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-10-25T00:00:00", + "ID": "CVE-2018-1766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Team Concert", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + }, + { + "version_value": "5.01" + }, + { + "version_value": "5.02" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10737301", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10737301" - }, - { - "name" : "ibm-rtc-cve20181766-xss(148620)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Team Concert (RTC) 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148620." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-rtc-cve20181766-xss(148620)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148620" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10737301", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10737301" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5058.json b/2018/5xxx/CVE-2018-5058.json index 85dfd7ade2d..4494b397c9c 100644 --- a/2018/5xxx/CVE-2018-5058.json +++ b/2018/5xxx/CVE-2018-5058.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-5058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-5058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" - }, - { - "name" : "1041250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" + }, + { + "name": "1041250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041250" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5236.json b/2018/5xxx/CVE-2018-5236.json index 0ae00a03844..bf0e7e50b4f 100644 --- a/2018/5xxx/CVE-2018-5236.json +++ b/2018/5xxx/CVE-2018-5236.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@symantec.com", - "DATE_PUBLIC" : "2018-06-20T00:00:00", - "ID" : "CVE-2018-5236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Symantec Endpoint Protection", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to 14 RU1 MP1 or 12.1 RU6 MP10" - } - ] - } - } - ] - }, - "vendor_name" : "Symantec Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). This type of issue occurs in software where the output is dependent on the sequence or timing of other uncontrollable events." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Race condition" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "DATE_PUBLIC": "2018-06-20T00:00:00", + "ID": "CVE-2018-5236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Symantec Endpoint Protection", + "version": { + "version_data": [ + { + "version_value": "Prior to 14 RU1 MP1 or 12.1 RU6 MP10" + } + ] + } + } + ] + }, + "vendor_name": "Symantec Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.symantec.com/en_US/article.SYMSA1454.html", - "refsource" : "CONFIRM", - "url" : "https://support.symantec.com/en_US/article.SYMSA1454.html" - }, - { - "name" : "104198", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104198" - }, - { - "name" : "1041180", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). This type of issue occurs in software where the output is dependent on the sequence or timing of other uncontrollable events." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Race condition" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104198", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104198" + }, + { + "name": "1041180", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041180" + }, + { + "name": "https://support.symantec.com/en_US/article.SYMSA1454.html", + "refsource": "CONFIRM", + "url": "https://support.symantec.com/en_US/article.SYMSA1454.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5413.json b/2018/5xxx/CVE-2018-5413.json index 91e3da6f5f5..0218d70ab75 100644 --- a/2018/5xxx/CVE-2018-5413.json +++ b/2018/5xxx/CVE-2018-5413.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2018-5413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SecureSphere", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "13.0" - } - ] - } - } - ] - }, - "vendor_name" : "Imperva" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-250" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2018-5413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SecureSphere", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "13.0" + } + ] + } + } + ] + }, + "vendor_name": "Imperva" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45130", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-250" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45130", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45130" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5463.json b/2018/5xxx/CVE-2018-5463.json index eed10d57003..6d3d977c7f9 100644 --- a/2018/5xxx/CVE-2018-5463.json +++ b/2018/5xxx/CVE-2018-5463.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-04-05T00:00:00", - "ID" : "CVE-2018-5463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA", - "version" : { - "version_data" : [ - { - "version_value" : "4.1.0.3391 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A structured exception handler overflow vulnerability in Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA 4.1.0.3391 and earlier may allow code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER CHECK OR HANDLING OF EXCEPTIONAL CONDITIONS CWE-703" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-04-05T00:00:00", + "ID": "CVE-2018-5463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA", + "version": { + "version_data": [ + { + "version_value": "4.1.0.3391 and prior" + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-095-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-095-03" - }, - { - "name" : "103724", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103724" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A structured exception handler overflow vulnerability in Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA 4.1.0.3391 and earlier may allow code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER CHECK OR HANDLING OF EXCEPTIONAL CONDITIONS CWE-703" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-095-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-095-03" + }, + { + "name": "103724", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103724" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5532.json b/2018/5xxx/CVE-2018-5532.json index 699fc4af68a..28c935c7017 100644 --- a/2018/5xxx/CVE-2018-5532.json +++ b/2018/5xxx/CVE-2018-5532.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2018-07-18T00:00:00", - "ID" : "CVE-2018-5532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)", - "version" : { - "version_data" : [ - { - "version_value" : "13.0.0" - }, - { - "version_value" : "12.1.0-12.1.2" - }, - { - "version_value" : "11.6.0-11.6.3.1" - }, - { - "version_value" : "11.2.1-11.5.6" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information leakage" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2018-07-18T00:00:00", + "ID": "CVE-2018-5532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)", + "version": { + "version_data": [ + { + "version_value": "13.0.0" + }, + { + "version_value": "12.1.0-12.1.2" + }, + { + "version_value": "11.6.0-11.6.3.1" + }, + { + "version_value": "11.2.1-11.5.6" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K48224824", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K48224824" - }, - { - "name" : "1041345", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information leakage" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041345", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041345" + }, + { + "name": "https://support.f5.com/csp/article/K48224824", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K48224824" + } + ] + } +} \ No newline at end of file