diff --git a/2004/0xxx/CVE-2004-0541.json b/2004/0xxx/CVE-2004-0541.json index 72a6b1c8ef8..66ad1a99de4 100644 --- a/2004/0xxx/CVE-2004-0541.json +++ b/2004/0xxx/CVE-2004-0541.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password (\"pass\" variable)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities", - "refsource" : "MISC", - "url" : "http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities" - }, - { - "name" : "FLSA-2006:152809", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/updates/FEDORA--.shtml" - }, - { - "name" : "GLSA-200406-13", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200406-13.xml" - }, - { - "name" : "RHSA-2004:242", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-242.html" - }, - { - "name" : "MDKSA-2004:059", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:059" - }, - { - "name" : "2004-0033", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.net/errata/2004/0033/" - }, - { - "name" : "20040604-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc" - }, - { - "name" : "10500", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10500" - }, - { - "name" : "oval:org.mitre.oval:def:10722", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10722" - }, - { - "name" : "squid-ntlm-bo(16360)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16360" - }, - { - "name" : "oval:org.mitre.oval:def:980", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A980" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password (\"pass\" variable)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:10722", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10722" + }, + { + "name": "RHSA-2004:242", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-242.html" + }, + { + "name": "GLSA-200406-13", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-13.xml" + }, + { + "name": "MDKSA-2004:059", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:059" + }, + { + "name": "FLSA-2006:152809", + "refsource": "FEDORA", + "url": "http://fedoranews.org/updates/FEDORA--.shtml" + }, + { + "name": "http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities", + "refsource": "MISC", + "url": "http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities" + }, + { + "name": "squid-ntlm-bo(16360)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16360" + }, + { + "name": "10500", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10500" + }, + { + "name": "20040604-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc" + }, + { + "name": "2004-0033", + "refsource": "TRUSTIX", + "url": "http://www.trustix.net/errata/2004/0033/" + }, + { + "name": "oval:org.mitre.oval:def:980", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A980" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0588.json b/2004/0xxx/CVE-2004-0588.json index 3e30cc8f17a..5dc6a6dcee8 100644 --- a/2004/0xxx/CVE-2004-0588.json +++ b/2004/0xxx/CVE-2004-0588.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0588", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0588", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040611 [SNS Advisory No.73] Usermin Cross-site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108781564518287&w=2" - }, - { - "name" : "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html", - "refsource" : "MISC", - "url" : "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html" - }, - { - "name" : "GLSA-200406-15", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml" - }, - { - "name" : "10521", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10521" - }, - { - "name" : "usermin-email-xss(16494)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16494" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200406-15", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml" + }, + { + "name": "20040611 [SNS Advisory No.73] Usermin Cross-site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108781564518287&w=2" + }, + { + "name": "10521", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10521" + }, + { + "name": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html", + "refsource": "MISC", + "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html" + }, + { + "name": "usermin-email-xss(16494)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16494" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1512.json b/2004/1xxx/CVE-2004-1512.json index 478d1ba140c..ebd4899da55 100644 --- a/2004/1xxx/CVE-2004-1512.json +++ b/2004/1xxx/CVE-2004-1512.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Response_default.html in 04WebServer 1.42 allows remote attackers to execute arbitrary web script or HTML via script code in the URL, which is not quoted in the resulting default error page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041110 04WebServer Three Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110012542615484&w=2" - }, - { - "name" : "20041115 Re: 04WebServer Three Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110054395311823&w=2" - }, - { - "name" : "http://www.security.org.sg/vuln/04webserver142.html", - "refsource" : "MISC", - "url" : "http://www.security.org.sg/vuln/04webserver142.html" - }, - { - "name" : "http://www.soft3304.net/04WebServer/Security.html", - "refsource" : "CONFIRM", - "url" : "http://www.soft3304.net/04WebServer/Security.html" - }, - { - "name" : "11652", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11652" - }, - { - "name" : "13159", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13159/" - }, - { - "name" : "04webserver-error-xss(18033)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18033" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Response_default.html in 04WebServer 1.42 allows remote attackers to execute arbitrary web script or HTML via script code in the URL, which is not quoted in the resulting default error page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11652", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11652" + }, + { + "name": "04webserver-error-xss(18033)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18033" + }, + { + "name": "20041110 04WebServer Three Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110012542615484&w=2" + }, + { + "name": "http://www.soft3304.net/04WebServer/Security.html", + "refsource": "CONFIRM", + "url": "http://www.soft3304.net/04WebServer/Security.html" + }, + { + "name": "http://www.security.org.sg/vuln/04webserver142.html", + "refsource": "MISC", + "url": "http://www.security.org.sg/vuln/04webserver142.html" + }, + { + "name": "20041115 Re: 04WebServer Three Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110054395311823&w=2" + }, + { + "name": "13159", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13159/" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1674.json b/2004/1xxx/CVE-2004-1674.json index f2252f135e5..25cd2c69bb0 100644 --- a/2004/1xxx/CVE-2004-1674.json +++ b/2004/1xxx/CVE-2004-1674.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to (1) delete arbitrary files via the originalfolder parameter or (2) move arbitrary files via the messageid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040910 Multiple vulnerabilities in Icewarp Web Mail 5.2.7", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109483971420067&w=2" - }, - { - "name" : "11371", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11371" - }, - { - "name" : "12789", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12789" - }, - { - "name" : "merak-icewarp-file-deletion(17976)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17976" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to (1) delete arbitrary files via the originalfolder parameter or (2) move arbitrary files via the messageid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "merak-icewarp-file-deletion(17976)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17976" + }, + { + "name": "20040910 Multiple vulnerabilities in Icewarp Web Mail 5.2.7", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109483971420067&w=2" + }, + { + "name": "12789", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12789" + }, + { + "name": "11371", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11371" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1714.json b/2004/1xxx/CVE-2004-1714.json index 2b77f10106a..968fa460f88 100644 --- a/2004/1xxx/CVE-2004-1714.json +++ b/2004/1xxx/CVE-2004-1714.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040811 BlackICE unprivileged local user attack", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109223751031166&w=2" - }, - { - "name" : "20040811 ISS BlackIce Server Protect Unprivileged User Attack", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025112.html" - }, - { - "name" : "10915", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10915" - }, - { - "name" : "blackice-firewall-dos(16959)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16959" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040811 ISS BlackIce Server Protect Unprivileged User Attack", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025112.html" + }, + { + "name": "10915", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10915" + }, + { + "name": "20040811 BlackICE unprivileged local user attack", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109223751031166&w=2" + }, + { + "name": "blackice-firewall-dos(16959)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16959" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3039.json b/2008/3xxx/CVE-2008-3039.json index 58c55d78e87..f0619b23007 100644 --- a/2008/3xxx/CVE-2008-3039.json +++ b/2008/3xxx/CVE-2008-3039.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080701-1/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080701-1/" - }, - { - "name" : "30054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30054" - }, - { - "name" : "damfrontend-sql-injection(43477)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-20080701-1/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080701-1/" + }, + { + "name": "30054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30054" + }, + { + "name": "damfrontend-sql-injection(43477)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43477" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3415.json b/2008/3xxx/CVE-2008-3415.json index 908ec17cdd6..f4ed5fea062 100644 --- a/2008/3xxx/CVE-2008-3415.json +++ b/2008/3xxx/CVE-2008-3415.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in common.php in CMScout 2.05, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bit parameter, as demonstrated by an upload to avatar/ of a .jpg file containing PHP sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6142", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6142" - }, - { - "name" : "http://www.cmscout.co.za/index.php?page=news&id=29", - "refsource" : "CONFIRM", - "url" : "http://www.cmscout.co.za/index.php?page=news&id=29" - }, - { - "name" : "30385", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30385" - }, - { - "name" : "ADV-2008-2218", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2218/references" - }, - { - "name" : "31243", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31243" - }, - { - "name" : "4093", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4093" - }, - { - "name" : "cmscout-common-file-include(44017)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in common.php in CMScout 2.05, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bit parameter, as demonstrated by an upload to avatar/ of a .jpg file containing PHP sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31243", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31243" + }, + { + "name": "http://www.cmscout.co.za/index.php?page=news&id=29", + "refsource": "CONFIRM", + "url": "http://www.cmscout.co.za/index.php?page=news&id=29" + }, + { + "name": "4093", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4093" + }, + { + "name": "cmscout-common-file-include(44017)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44017" + }, + { + "name": "ADV-2008-2218", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2218/references" + }, + { + "name": "30385", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30385" + }, + { + "name": "6142", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6142" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3498.json b/2008/3xxx/CVE-2008-3498.json index 300e48fc271..b6f97b2a61e 100644 --- a/2008/3xxx/CVE-2008-3498.json +++ b/2008/3xxx/CVE-2008-3498.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5939", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5939" - }, - { - "name" : "http://www.nbill.co.uk/forum-smf/index.php/topic,716.0.html", - "refsource" : "MISC", - "url" : "http://www.nbill.co.uk/forum-smf/index.php/topic,716.0.html" - }, - { - "name" : "29951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29951" - }, - { - "name" : "30752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30752" - }, - { - "name" : "4114", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4114" - }, - { - "name" : "ADV-2008-1948", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1948/references" - }, - { - "name" : "nbill-index-sql-injection(43369)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43369" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30752" + }, + { + "name": "5939", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5939" + }, + { + "name": "29951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29951" + }, + { + "name": "4114", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4114" + }, + { + "name": "http://www.nbill.co.uk/forum-smf/index.php/topic,716.0.html", + "refsource": "MISC", + "url": "http://www.nbill.co.uk/forum-smf/index.php/topic,716.0.html" + }, + { + "name": "ADV-2008-1948", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1948/references" + }, + { + "name": "nbill-index-sql-injection(43369)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43369" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4193.json b/2008/4xxx/CVE-2008-4193.json index 62862372825..710d42ea8f3 100644 --- a/2008/4xxx/CVE-2008-4193.json +++ b/2008/4xxx/CVE-2008-4193.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologies SecurityGateway 1.0.1 allows remote attackers to execute arbitrary code via a long username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5718", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5718" - }, - { - "name" : "5827", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5827" - }, - { - "name" : "http://files.altn.com/securitygateway/release/relnotes_en.htm", - "refsource" : "CONFIRM", - "url" : "http://files.altn.com/securitygateway/release/relnotes_en.htm" - }, - { - "name" : "29457", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29457" - }, - { - "name" : "1020156", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020156" - }, - { - "name" : "30497", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30497" - }, - { - "name" : "4302", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4302" - }, - { - "name" : "ADV-2008-1717", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1717/references" - }, - { - "name" : "securitygateway-webinterface-bo(42769)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologies SecurityGateway 1.0.1 allows remote attackers to execute arbitrary code via a long username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5827", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5827" + }, + { + "name": "5718", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5718" + }, + { + "name": "securitygateway-webinterface-bo(42769)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42769" + }, + { + "name": "http://files.altn.com/securitygateway/release/relnotes_en.htm", + "refsource": "CONFIRM", + "url": "http://files.altn.com/securitygateway/release/relnotes_en.htm" + }, + { + "name": "ADV-2008-1717", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1717/references" + }, + { + "name": "30497", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30497" + }, + { + "name": "29457", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29457" + }, + { + "name": "1020156", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020156" + }, + { + "name": "4302", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4302" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4274.json b/2008/4xxx/CVE-2008-4274.json index ec6bf9a15f2..88fe8cbbdf0 100644 --- a/2008/4xxx/CVE-2008-4274.json +++ b/2008/4xxx/CVE-2008-4274.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4274", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-4274", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4320.json b/2008/4xxx/CVE-2008-4320.json index d0b81ec0458..d2a8909d530 100644 --- a/2008/4xxx/CVE-2008-4320.json +++ b/2008/4xxx/CVE-2008-4320.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, (2) the username parameter to notification/list.jsp, and (3) the filter parameter to event/list." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.opennms.org/show_bug.cgi?id=2631", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.opennms.org/show_bug.cgi?id=2631" - }, - { - "name" : "http://bugzilla.opennms.org/show_bug.cgi?id=2633", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.opennms.org/show_bug.cgi?id=2633" - }, - { - "name" : "http://bugzilla.opennms.org/show_bug.cgi?id=2634", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.opennms.org/show_bug.cgi?id=2634" - }, - { - "name" : "http://www.opennms.org/documentation/ReleaseNotesUnStable.html#d788e257", - "refsource" : "CONFIRM", - "url" : "http://www.opennms.org/documentation/ReleaseNotesUnStable.html#d788e257" - }, - { - "name" : "31410", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31410" - }, - { - "name" : "32019", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32019" - }, - { - "name" : "opennms-jacegisecuritycheck-xss(45417)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, (2) the username parameter to notification/list.jsp, and (3) the filter parameter to event/list." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugzilla.opennms.org/show_bug.cgi?id=2633", + "refsource": "CONFIRM", + "url": "http://bugzilla.opennms.org/show_bug.cgi?id=2633" + }, + { + "name": "http://bugzilla.opennms.org/show_bug.cgi?id=2634", + "refsource": "CONFIRM", + "url": "http://bugzilla.opennms.org/show_bug.cgi?id=2634" + }, + { + "name": "31410", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31410" + }, + { + "name": "32019", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32019" + }, + { + "name": "http://bugzilla.opennms.org/show_bug.cgi?id=2631", + "refsource": "CONFIRM", + "url": "http://bugzilla.opennms.org/show_bug.cgi?id=2631" + }, + { + "name": "opennms-jacegisecuritycheck-xss(45417)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45417" + }, + { + "name": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html#d788e257", + "refsource": "CONFIRM", + "url": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html#d788e257" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4546.json b/2008/4xxx/CVE-2008-4546.json index 527e49bcc72..1d85e12dd69 100644 --- a/2008/4xxx/CVE-2008-4546.json +++ b/2008/4xxx/CVE-2008-4546.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081002 Adobe Flash Player plug-in null pointer dereference and browser crash", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496929/100/0/threaded" - }, - { - "name" : "http://www.mochimedia.com/~matthew/flashcrash/", - "refsource" : "MISC", - "url" : "http://www.mochimedia.com/~matthew/flashcrash/" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-14.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-14.html" - }, - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "GLSA-201101-09", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201101-09.xml" - }, - { - "name" : "HPSBMA02547", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" - }, - { - "name" : "SSRT100179", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" - }, - { - "name" : "RHSA-2010:0464", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0464.html" - }, - { - "name" : "RHSA-2010:0470", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0470.html" - }, - { - "name" : "SUSE-SR:2008:025", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html" - }, - { - "name" : "SUSE-SA:2010:024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html" - }, - { - "name" : "SUSE-SR:2010:013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" - }, - { - "name" : "TLSA-2010-19", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt" - }, - { - "name" : "TA10-162A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-162A.html" - }, - { - "name" : "31537", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31537" - }, - { - "name" : "oval:org.mitre.oval:def:7187", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7187" - }, - { - "name" : "oval:org.mitre.oval:def:16302", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16302" - }, - { - "name" : "1024085", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024085" - }, - { - "name" : "1024086", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024086" - }, - { - "name" : "32759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32759" - }, - { - "name" : "40545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40545" - }, - { - "name" : "43026", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43026" - }, - { - "name" : "4401", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4401" - }, - { - "name" : "ADV-2010-1453", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1453" - }, - { - "name" : "ADV-2010-1421", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1421" - }, - { - "name" : "ADV-2010-1432", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1432" - }, - { - "name" : "ADV-2010-1434", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1434" - }, - { - "name" : "ADV-2010-1482", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1482" - }, - { - "name" : "ADV-2010-1522", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1522" - }, - { - "name" : "ADV-2010-1793", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1793" - }, - { - "name" : "ADV-2011-0192", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0192" - }, - { - "name" : "adobe-flash-version-dos(45630)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45630" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4401", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4401" + }, + { + "name": "ADV-2011-0192", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0192" + }, + { + "name": "ADV-2010-1421", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1421" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "40545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40545" + }, + { + "name": "RHSA-2010:0464", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html" + }, + { + "name": "ADV-2010-1793", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1793" + }, + { + "name": "43026", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43026" + }, + { + "name": "ADV-2010-1432", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1432" + }, + { + "name": "GLSA-201101-09", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml" + }, + { + "name": "TA10-162A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html" + }, + { + "name": "oval:org.mitre.oval:def:7187", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7187" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "1024085", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024085" + }, + { + "name": "SUSE-SR:2010:013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" + }, + { + "name": "1024086", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024086" + }, + { + "name": "20081002 Adobe Flash Player plug-in null pointer dereference and browser crash", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496929/100/0/threaded" + }, + { + "name": "ADV-2010-1434", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1434" + }, + { + "name": "adobe-flash-version-dos(45630)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45630" + }, + { + "name": "TLSA-2010-19", + "refsource": "TURBO", + "url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt" + }, + { + "name": "http://www.mochimedia.com/~matthew/flashcrash/", + "refsource": "MISC", + "url": "http://www.mochimedia.com/~matthew/flashcrash/" + }, + { + "name": "SSRT100179", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" + }, + { + "name": "SUSE-SA:2010:024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-14.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html" + }, + { + "name": "32759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32759" + }, + { + "name": "RHSA-2010:0470", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html" + }, + { + "name": "ADV-2010-1482", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1482" + }, + { + "name": "oval:org.mitre.oval:def:16302", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16302" + }, + { + "name": "HPSBMA02547", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" + }, + { + "name": "ADV-2010-1522", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1522" + }, + { + "name": "31537", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31537" + }, + { + "name": "SUSE-SR:2008:025", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html" + }, + { + "name": "ADV-2010-1453", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1453" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4790.json b/2008/4xxx/CVE-2008-4790.json index 7ec0c892073..4dbeb27e6e9 100644 --- a/2008/4xxx/CVE-2008-4790.json +++ b/2008/4xxx/CVE-2008-4790.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read \"files attached to content\" via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081021 CVE req: drupal < 5.11/6.5", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/21/7" - }, - { - "name" : "http://drupal.org/node/318706", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/318706" - }, - { - "name" : "32200", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32200" - }, - { - "name" : "32198", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32198" - }, - { - "name" : "drupal-uploadmodule-security-bypass(45758)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45758" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read \"files attached to content\" via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32198", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32198" + }, + { + "name": "http://drupal.org/node/318706", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/318706" + }, + { + "name": "32200", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32200" + }, + { + "name": "drupal-uploadmodule-security-bypass(45758)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45758" + }, + { + "name": "[oss-security] 20081021 CVE req: drupal < 5.11/6.5", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/21/7" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6309.json b/2008/6xxx/CVE-2008-6309.json index ae73fffe127..d74ef4b1497 100644 --- a/2008/6xxx/CVE-2008-6309.json +++ b/2008/6xxx/CVE-2008-6309.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in W3matter AskPert allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7166", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7166" - }, - { - "name" : "32368", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32368" - }, - { - "name" : "32783", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32783" - }, - { - "name" : "ADV-2008-3217", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3217" - }, - { - "name" : "askpert-index-sql-injection(46732)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in W3matter AskPert allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32783", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32783" + }, + { + "name": "32368", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32368" + }, + { + "name": "ADV-2008-3217", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3217" + }, + { + "name": "7166", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7166" + }, + { + "name": "askpert-index-sql-injection(46732)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46732" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6370.json b/2008/6xxx/CVE-2008-6370.json index 3d0072aed7a..0dd4fa8a24b 100644 --- a/2008/6xxx/CVE-2008-6370.json +++ b/2008/6xxx/CVE-2008-6370.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6370", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to inject arbitrary web script or HTML via the DisplayFormat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6370", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7244", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7244" - }, - { - "name" : "32503", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32503" - }, - { - "name" : "50317", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50317" - }, - { - "name" : "32903", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32903" - }, - { - "name" : "contactmanager-default-xss(46962)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46962" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to inject arbitrary web script or HTML via the DisplayFormat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32903", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32903" + }, + { + "name": "7244", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7244" + }, + { + "name": "32503", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32503" + }, + { + "name": "contactmanager-default-xss(46962)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46962" + }, + { + "name": "50317", + "refsource": "OSVDB", + "url": "http://osvdb.org/50317" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6814.json b/2008/6xxx/CVE-2008-6814.json index 3c8b2ece2ec..482eea41675 100644 --- a/2008/6xxx/CVE-2008-6814.json +++ b/2008/6xxx/CVE-2008-6814.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6868", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6868" - }, - { - "name" : "31981", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31981" - }, - { - "name" : "simpleboard-imageupload-file-upload(46223)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46223" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "simpleboard-imageupload-file-upload(46223)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46223" + }, + { + "name": "6868", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6868" + }, + { + "name": "31981", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31981" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6908.json b/2008/6xxx/CVE-2008-6908.json index adbf59074ae..dea2c7cdecd 100644 --- a/2008/6xxx/CVE-2008-6908.json +++ b/2008/6xxx/CVE-2008-6908.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6908", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6908", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/348295", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/348295" - }, - { - "name" : "32894", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32894" - }, - { - "name" : "50743", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50743" - }, - { - "name" : "services-insecure-hash-weak-security(47458)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50743", + "refsource": "OSVDB", + "url": "http://osvdb.org/50743" + }, + { + "name": "32894", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32894" + }, + { + "name": "http://drupal.org/node/348295", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/348295" + }, + { + "name": "services-insecure-hash-weak-security(47458)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47458" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7039.json b/2008/7xxx/CVE-2008-7039.json index adb7b1b6601..66413d6d8e8 100644 --- a/2008/7xxx/CVE-2008-7039.json +++ b/2008/7xxx/CVE-2008-7039.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin/comments.php in Gelato CMS 0.95 allows remote attackers to inject arbitrary web script or HTML via the content parameter in a comment. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://osvdb.org/ref/44/gelato-cms-xss.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/44/gelato-cms-xss.txt" - }, - { - "name" : "27587", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27587" - }, - { - "name" : "44310", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/44310" - }, - { - "name" : "gelato-comments-xss(40264)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40264" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin/comments.php in Gelato CMS 0.95 allows remote attackers to inject arbitrary web script or HTML via the content parameter in a comment. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44310", + "refsource": "OSVDB", + "url": "http://osvdb.org/44310" + }, + { + "name": "27587", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27587" + }, + { + "name": "gelato-comments-xss(40264)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40264" + }, + { + "name": "http://osvdb.org/ref/44/gelato-cms-xss.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/44/gelato-cms-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7143.json b/2008/7xxx/CVE-2008-7143.json index a3c67817d17..e7f56cc5fe7 100644 --- a/2008/7xxx/CVE-2008-7143.json +++ b/2008/7xxx/CVE-2008-7143.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080318 phpBB 2.0.23 Session Hijacking Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489815/100/0/threaded" - }, - { - "name" : "51121", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51121", + "refsource": "OSVDB", + "url": "http://osvdb.org/51121" + }, + { + "name": "20080318 phpBB 2.0.23 Session Hijacking Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489815/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7268.json b/2008/7xxx/CVE-2008-7268.json index 7f7851ede6e..aa81a5a1c71 100644 --- a/2008/7xxx/CVE-2008-7268.json +++ b/2008/7xxx/CVE-2008-7268.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The phpinfo function in SiteEngine 5.x allows remote attackers to obtain system information by setting the action parameter to php_info in misc.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081023 SiteEngine 5.x Multiple Remote Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497747/100/0/threaded" - }, - { - "name" : "6823", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6823" - }, - { - "name" : "32404", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32404" - }, - { - "name" : "siteengine-misc-information-disclosure(46180)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The phpinfo function in SiteEngine 5.x allows remote attackers to obtain system information by setting the action parameter to php_info in misc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6823", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6823" + }, + { + "name": "siteengine-misc-information-disclosure(46180)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46180" + }, + { + "name": "32404", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32404" + }, + { + "name": "20081023 SiteEngine 5.x Multiple Remote Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497747/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2428.json b/2013/2xxx/CVE-2013-2428.json index 185fea46314..10c7273a91f 100644 --- a/2013/2xxx/CVE-2013-2428.json +++ b/2013/2xxx/CVE-2013-2428.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX, a different vulnerability than CVE-2013-0402, CVE-2013-2414, and CVE-2013-2427." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-2428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" - }, - { - "name" : "RHSA-2013:0757", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0757.html" - }, - { - "name" : "TA13-107A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-107A" - }, - { - "name" : "oval:org.mitre.oval:def:16416", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16416" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX, a different vulnerability than CVE-2013-0402, CVE-2013-2414, and CVE-2013-2427." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16416", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16416" + }, + { + "name": "TA13-107A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-107A" + }, + { + "name": "RHSA-2013:0757", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2489.json b/2013/2xxx/CVE-2013-2489.json index b87d35909d1..b3f3cdf2f16 100644 --- a/2013/2xxx/CVE-2013-2489.json +++ b/2013/2xxx/CVE-2013-2489.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2489", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2489", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2548.json b/2013/2xxx/CVE-2013-2548.json index b1532e3e6b5..20c5421bd5b 100644 --- a/2013/2xxx/CVE-2013-2548.json +++ b/2013/2xxx/CVE-2013-2548.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/05/13" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6" - }, - { - "name" : "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6" - }, - { - "name" : "MDVSA-2013:176", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" - }, - { - "name" : "openSUSE-SU-2013:1971", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html" - }, - { - "name" : "USN-1793-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1793-1" - }, - { - "name" : "USN-1794-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1794-1" - }, - { - "name" : "USN-1795-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1795-1" - }, - { - "name" : "USN-1796-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1796-1" - }, - { - "name" : "USN-1797-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1797-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1796-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1796-1" + }, + { + "name": "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6" + }, + { + "name": "MDVSA-2013:176", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" + }, + { + "name": "USN-1797-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1797-1" + }, + { + "name": "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/05/13" + }, + { + "name": "USN-1793-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1793-1" + }, + { + "name": "openSUSE-SU-2013:1971", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html" + }, + { + "name": "USN-1794-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1794-1" + }, + { + "name": "USN-1795-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1795-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2766.json b/2013/2xxx/CVE-2013-2766.json index 4b9ec134aae..b8a5087933e 100644 --- a/2013/2xxx/CVE-2013-2766.json +++ b/2013/2xxx/CVE-2013-2766.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 through 4.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.splunk.com/view/SP-CAAAHSQ", - "refsource" : "CONFIRM", - "url" : "http://www.splunk.com/view/SP-CAAAHSQ" - }, - { - "name" : "59038", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59038" - }, - { - "name" : "1028371", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028371" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 through 4.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.splunk.com/view/SP-CAAAHSQ", + "refsource": "CONFIRM", + "url": "http://www.splunk.com/view/SP-CAAAHSQ" + }, + { + "name": "1028371", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028371" + }, + { + "name": "59038", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59038" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6397.json b/2013/6xxx/CVE-2013-6397.json index a0e0e84eaa9..ff97dbe7dcf 100644 --- a/2013/6xxx/CVE-2013-6397.json +++ b/2013/6xxx/CVE-2013-6397.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131126 Re: CVE request: Apache Solr 4.6.0", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/11/27/1" - }, - { - "name" : "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html", - "refsource" : "MISC", - "url" : "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html" - }, - { - "name" : "http://lucene.apache.org/solr/4_6_0/changes/Changes.html", - "refsource" : "CONFIRM", - "url" : "http://lucene.apache.org/solr/4_6_0/changes/Changes.html" - }, - { - "name" : "https://issues.apache.org/jira/browse/SOLR-4882", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/SOLR-4882" - }, - { - "name" : "RHSA-2013:1844", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1844.html" - }, - { - "name" : "RHSA-2014:0029", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0029.html" - }, - { - "name" : "63935", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63935" - }, - { - "name" : "55730", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55730" - }, - { - "name" : "59372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "63935", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63935" + }, + { + "name": "RHSA-2014:0029", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html" + }, + { + "name": "https://issues.apache.org/jira/browse/SOLR-4882", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/SOLR-4882" + }, + { + "name": "[oss-security] 20131126 Re: CVE request: Apache Solr 4.6.0", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/11/27/1" + }, + { + "name": "55730", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55730" + }, + { + "name": "RHSA-2013:1844", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1844.html" + }, + { + "name": "http://lucene.apache.org/solr/4_6_0/changes/Changes.html", + "refsource": "CONFIRM", + "url": "http://lucene.apache.org/solr/4_6_0/changes/Changes.html" + }, + { + "name": "59372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59372" + }, + { + "name": "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html", + "refsource": "MISC", + "url": "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6528.json b/2013/6xxx/CVE-2013-6528.json index 13dc225f536..c3776245ca5 100644 --- a/2013/6xxx/CVE-2013-6528.json +++ b/2013/6xxx/CVE-2013-6528.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6528", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6528", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10969.json b/2017/10xxx/CVE-2017-10969.json index 4bc24efcfaf..c42c699cfb0 100644 --- a/2017/10xxx/CVE-2017-10969.json +++ b/2017/10xxx/CVE-2017-10969.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10969", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10969", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11225.json b/2017/11xxx/CVE-2017-11225.json index d80f71f54a0..3f6520e6fa0 100644 --- a/2017/11xxx/CVE-2017-11225.json +++ b/2017/11xxx/CVE-2017-11225.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-11225", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 27.0.0.183 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 27.0.0.183 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-11225", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 27.0.0.183 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 27.0.0.183 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-33.html" - }, - { - "name" : "GLSA-201711-13", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201711-13" - }, - { - "name" : "RHSA-2017:3222", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3222" - }, - { - "name" : "101837", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101837" - }, - { - "name" : "1039778", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-33.html" + }, + { + "name": "RHSA-2017:3222", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3222" + }, + { + "name": "GLSA-201711-13", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201711-13" + }, + { + "name": "101837", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101837" + }, + { + "name": "1039778", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039778" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11275.json b/2017/11xxx/CVE-2017-11275.json index 748229f04c5..bfd592d947c 100644 --- a/2017/11xxx/CVE-2017-11275.json +++ b/2017/11xxx/CVE-2017-11275.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-11275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Digital Editions", - "version" : { - "version_data" : [ - { - "version_value" : "4.5.4 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "Adobe Systems Incorporated" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Digital Editions 4.5.4 and earlier has an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-11275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Digital Editions", + "version": { + "version_data": [ + { + "version_value": "4.5.4 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "Adobe Systems Incorporated" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-27.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-27.html" - }, - { - "name" : "100244", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100244" - }, - { - "name" : "1039100", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039100" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Digital Editions 4.5.4 and earlier has an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039100", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039100" + }, + { + "name": "100244", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100244" + }, + { + "name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-27.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-27.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11739.json b/2017/11xxx/CVE-2017-11739.json index 65e423d1eab..ec4f822f64d 100644 --- a/2017/11xxx/CVE-2017-11739.json +++ b/2017/11xxx/CVE-2017-11739.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11739", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11739", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14146.json b/2017/14xxx/CVE-2017-14146.json index 09d2008a5c6..679783a4577 100644 --- a/2017/14xxx/CVE-2017-14146.json +++ b/2017/14xxx/CVE-2017-14146.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\\app\\uploads\\helpdezk\\attachments\\ directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/M4ple/vulnerability/blob/master/helpdezk_file_upload/helpdezk_file_upload.md", - "refsource" : "MISC", - "url" : "https://github.com/M4ple/vulnerability/blob/master/helpdezk_file_upload/helpdezk_file_upload.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\\app\\uploads\\helpdezk\\attachments\\ directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/M4ple/vulnerability/blob/master/helpdezk_file_upload/helpdezk_file_upload.md", + "refsource": "MISC", + "url": "https://github.com/M4ple/vulnerability/blob/master/helpdezk_file_upload/helpdezk_file_upload.md" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14680.json b/2017/14xxx/CVE-2017-14680.json index 38f7d1fb052..08abbc95d71 100644 --- a/2017/14xxx/CVE-2017-14680.json +++ b/2017/14xxx/CVE-2017-14680.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14680", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/bugtraq/2017/Sep/20", - "refsource" : "MISC", - "url" : "http://seclists.org/bugtraq/2017/Sep/20" - }, - { - "name" : "http://seclists.org/fulldisclosure/2017/Sep/39", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Sep/39" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/bugtraq/2017/Sep/20", + "refsource": "MISC", + "url": "http://seclists.org/bugtraq/2017/Sep/20" + }, + { + "name": "http://seclists.org/fulldisclosure/2017/Sep/39", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Sep/39" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14800.json b/2017/14xxx/CVE-2017-14800.json index 4a0cf19e280..c0b55c97592 100644 --- a/2017/14xxx/CVE-2017-14800.json +++ b/2017/14xxx/CVE-2017-14800.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "DATE_PUBLIC" : "2017-11-20T00:00:00.000Z", - "ID" : "CVE-2017-14800", - "STATE" : "PUBLIC", - "TITLE" : "Reflected xss on Access Manager iManager UI" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Access Manager", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "4.3", - "version_value" : "4.3.3" - } - ] - } - } - ] - }, - "vendor_name" : "NetIQ" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the \"typecontainerid\" parameter of the policy editor could allowed code injection into pages of authenticated users." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 5.4, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "LOW", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "reflected cross site scripting attack" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2017-11-20T00:00:00.000Z", + "ID": "CVE-2017-14800", + "STATE": "PUBLIC", + "TITLE": "Reflected xss on Access Manager iManager UI" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Access Manager", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "4.3", + "version_value": "4.3.3" + } + ] + } + } + ] + }, + "vendor_name": "NetIQ" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.novell.com/support/kb/doc.php?id=7022356", - "refsource" : "CONFIRM", - "url" : "https://www.novell.com/support/kb/doc.php?id=7022356" - } - ] - }, - "source" : { - "advisory" : "7022356", - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the \"typecontainerid\" parameter of the policy editor could allowed code injection into pages of authenticated users." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "reflected cross site scripting attack" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.novell.com/support/kb/doc.php?id=7022356", + "refsource": "CONFIRM", + "url": "https://www.novell.com/support/kb/doc.php?id=7022356" + } + ] + }, + "source": { + "advisory": "7022356", + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14947.json b/2017/14xxx/CVE-2017-14947.json index 987386df10d..2009a0d189c 100644 --- a/2017/14xxx/CVE-2017-14947.json +++ b/2017/14xxx/CVE-2017-14947.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a \"Read Access Violation on Block Data Move starting at mupdfnet64!mIncrementalSaveFile+0x0000000000193359.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=698551", - "refsource" : "CONFIRM", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=698551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a \"Read Access Violation on Block Data Move starting at mupdfnet64!mIncrementalSaveFile+0x0000000000193359.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=698551", + "refsource": "CONFIRM", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=698551" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15000.json b/2017/15xxx/CVE-2017-15000.json index 206040dac34..c4e2c982782 100644 --- a/2017/15xxx/CVE-2017-15000.json +++ b/2017/15xxx/CVE-2017-15000.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15000", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15000", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15127.json b/2017/15xxx/CVE-2017-15127.json index 3aa0a4fec8d..ae77d9e8b6e 100644 --- a/2017/15xxx/CVE-2017-15127.json +++ b/2017/15xxx/CVE-2017-15127.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2017-15127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Linux kernel before 4.13", - "version" : { - "version_data" : [ - { - "version_value" : "Linux kernel before 4.13" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-460" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-15127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Linux kernel before 4.13", + "version": { + "version_data": [ + { + "version_value": "Linux kernel before 4.13" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995" - }, - { - "name" : "https://access.redhat.com/security/cve/CVE-2017-15127", - "refsource" : "MISC", - "url" : "https://access.redhat.com/security/cve/CVE-2017-15127" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1525218", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1525218" - }, - { - "name" : "https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995" - }, - { - "name" : "RHSA-2018:0676", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0676" - }, - { - "name" : "RHSA-2018:1062", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1062" - }, - { - "name" : "102517", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-460" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995" + }, + { + "name": "RHSA-2018:1062", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1062" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1525218", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525218" + }, + { + "name": "RHSA-2018:0676", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0676" + }, + { + "name": "https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995" + }, + { + "name": "https://access.redhat.com/security/cve/CVE-2017-15127", + "refsource": "MISC", + "url": "https://access.redhat.com/security/cve/CVE-2017-15127" + }, + { + "name": "102517", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102517" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15861.json b/2017/15xxx/CVE-2017-15861.json index d2527c59520..6f7624ac6d4 100644 --- a/2017/15xxx/CVE-2017-15861.json +++ b/2017/15xxx/CVE-2017-15861.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-02-05T00:00:00", - "ID" : "CVE-2017-15861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without validation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-02-05T00:00:00", + "ID": "CVE-2017-15861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-02-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-02-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-02-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-02-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15895.json b/2017/15xxx/CVE-2017-15895.json index 4d098cc2753..b4d65d6a35a 100644 --- a/2017/15xxx/CVE-2017-15895.json +++ b/2017/15xxx/CVE-2017-15895.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@synology.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-15895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Synology Router Manager (SRM)", - "version" : { - "version_data" : [ - { - "version_value" : "before 1.1.5-6542-4" - } - ] - } - } - ] - }, - "vendor_name" : "Synology" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Limitation of a Pathname to a Restricted Directory (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "security@synology.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-15895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Synology Router Manager (SRM)", + "version": { + "version_data": [ + { + "version_value": "before 1.1.5-6542-4" + } + ] + } + } + ] + }, + "vendor_name": "Synology" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.synology.com/en-global/support/security/Synology_SA_17_71_SRM", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/en-global/support/security/Synology_SA_17_71_SRM" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Limitation of a Pathname to a Restricted Directory (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.synology.com/en-global/support/security/Synology_SA_17_71_SRM", + "refsource": "CONFIRM", + "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_71_SRM" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9241.json b/2017/9xxx/CVE-2017-9241.json index d0be6957547..208550d7b76 100644 --- a/2017/9xxx/CVE-2017-9241.json +++ b/2017/9xxx/CVE-2017-9241.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9241", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9241", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9606.json b/2017/9xxx/CVE-2017-9606.json index c20e59f9902..d63657fe484 100644 --- a/2017/9xxx/CVE-2017-9606.json +++ b/2017/9xxx/CVE-2017-9606.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Houl777/CVE-2017-9606", - "refsource" : "MISC", - "url" : "https://github.com/Houl777/CVE-2017-9606" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Houl777/CVE-2017-9606", + "refsource": "MISC", + "url": "https://github.com/Houl777/CVE-2017-9606" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9673.json b/2017/9xxx/CVE-2017-9673.json index 9aebdd7e887..c8a701e3fd2 100644 --- a/2017/9xxx/CVE-2017-9673.json +++ b/2017/9xxx/CVE-2017-9673.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account (via the index.php/user/new URI) or change its settings (via the index.php/user/1 URI), including its password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://packetstormsecurity.com/files/142944/SimpleCE-2.3.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/142944/SimpleCE-2.3.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account (via the index.php/user/new URI) or change its settings (via the index.php/user/1 URI), including its password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/142944/SimpleCE-2.3.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/142944/SimpleCE-2.3.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9989.json b/2017/9xxx/CVE-2017-9989.json index 7bb605d790d..948b0ca428d 100644 --- a/2017/9xxx/CVE-2017-9989.json +++ b/2017/9xxx/CVE-2017-9989.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171118 [SECURITY] [DLA 1176-1] ming security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00022.html" - }, - { - "name" : "https://github.com/libming/libming/issues/86", - "refsource" : "MISC", - "url" : "https://github.com/libming/libming/issues/86" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1176-1] ming security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00022.html" + }, + { + "name": "https://github.com/libming/libming/issues/86", + "refsource": "MISC", + "url": "https://github.com/libming/libming/issues/86" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0184.json b/2018/0xxx/CVE-2018-0184.json index dd0328d9545..a8d9d1df6fd 100644 --- a/2018/0xxx/CVE-2018-0184.json +++ b/2018/0xxx/CVE-2018-0184.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS XE", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS XE" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCve74432." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-264" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS XE" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc2", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc2" - }, - { - "name" : "103550", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103550" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCve74432." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc2", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc2" + }, + { + "name": "103550", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103550" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0347.json b/2018/0xxx/CVE-2018-0347.json index 669b2a3ed7d..70e3991529f 100644 --- a/2018/0xxx/CVE-2018-0347.json +++ b/2018/0xxx/CVE-2018-0347.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco SD-WAN Solution unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco SD-WAN Solution unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the affected parameter. The attacker must be authenticated to access the affected parameter. A successful exploit could allow an attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers. Cisco Bug IDs: CSCvi69906." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-77" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco SD-WAN Solution unknown", + "version": { + "version_data": [ + { + "version_value": "Cisco SD-WAN Solution unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-ci", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-ci" - }, - { - "name" : "104862", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the affected parameter. The attacker must be authenticated to access the affected parameter. A successful exploit could allow an attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers. Cisco Bug IDs: CSCvi69906." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104862", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104862" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-ci", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-ci" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0415.json b/2018/0xxx/CVE-2018-0415.json index 445a13912b0..a85bf2d87bd 100644 --- a/2018/0xxx/CVE-2018-0415.json +++ b/2018/0xxx/CVE-2018-0415.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-08-15T00:00:00", - "ID" : "CVE-2018-0415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Small Business 100 Series Wireless Access Points", - "version" : { - "version_data" : [ - { - "version_value" : "unspecified" - } - ] - } - }, - { - "product_name" : "Small Business 300 Series Wireless Access Points", - "version" : { - "version_data" : [ - { - "version_value" : "unspecified" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco Systems, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper processing of certain EAPOL frames. An attacker could exploit this vulnerability by sending a stream of crafted EAPOL frames to an affected device. A successful exploit could allow the attacker to force the access point (AP) to disassociate all the associated stations (STAs) and to disallow future, new association requests. Cisco Bug IDs: CSCvj97472." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-388" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-08-15T00:00:00", + "ID": "CVE-2018-0415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Small Business 100 Series Wireless Access Points", + "version": { + "version_data": [ + { + "version_value": "unspecified" + } + ] + } + }, + { + "product_name": "Small Business 300 Series Wireless Access Points", + "version": { + "version_data": [ + { + "version_value": "unspecified" + } + ] + } + } + ] + }, + "vendor_name": "Cisco Systems, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180815 Cisco Small Business 100 Series and 300 Series Wireless Access Points Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-csb-wap-dos" - }, - { - "name" : "105116", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper processing of certain EAPOL frames. An attacker could exploit this vulnerability by sending a stream of crafted EAPOL frames to an affected device. A successful exploit could allow the attacker to force the access point (AP) to disassociate all the associated stations (STAs) and to disallow future, new association requests. Cisco Bug IDs: CSCvj97472." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-388" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180815 Cisco Small Business 100 Series and 300 Series Wireless Access Points Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-csb-wap-dos" + }, + { + "name": "105116", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105116" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0522.json b/2018/0xxx/CVE-2018-0522.json index 9e07b2bbc89..17f2c7fa363 100644 --- a/2018/0xxx/CVE-2018-0522.json +++ b/2018/0xxx/CVE-2018-0522.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WXR-1900DHP2", - "version" : { - "version_data" : [ - { - "version_value" : "firmware Ver.2.48 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "BUFFALO INC." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary code via a specially crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WXR-1900DHP2", + "version": { + "version_data": [ + { + "version_value": "firmware Ver.2.48 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "BUFFALO INC." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://buffalo.jp/support_s/s20180223.html", - "refsource" : "CONFIRM", - "url" : "http://buffalo.jp/support_s/s20180223.html" - }, - { - "name" : "JVN#97144273", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN97144273/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary code via a specially crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://buffalo.jp/support_s/s20180223.html", + "refsource": "CONFIRM", + "url": "http://buffalo.jp/support_s/s20180223.html" + }, + { + "name": "JVN#97144273", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN97144273/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12792.json b/2018/12xxx/CVE-2018-12792.json index 04460260db6..a935e3ce9b7 100644 --- a/2018/12xxx/CVE-2018-12792.json +++ b/2018/12xxx/CVE-2018-12792.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" - }, - { - "name" : "104701", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104701" - }, - { - "name" : "1041250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" + }, + { + "name": "1041250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041250" + }, + { + "name": "104701", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104701" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12885.json b/2018/12xxx/CVE-2018-12885.json index 8967b721dae..3dc24c1da4f 100644 --- a/2018/12xxx/CVE-2018-12885.json +++ b/2018/12xxx/CVE-2018-12885.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The randMod() function of the smart contract implementation for MyCryptoChamp, an Ethereum game, generates a random value with publicly readable variables such as the current block information and a private variable, (which can be read with a getStorageAt call). Therefore, attackers can get powerful champs/items and get rewards." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://etherscan.io/address/0x689FB61845488297dfE7586E5f7956475955d2Dc", - "refsource" : "MISC", - "url" : "https://etherscan.io/address/0x689FB61845488297dfE7586E5f7956475955d2Dc" - }, - { - "name" : "https://etherscan.io/address/0xa44e464b13280340904ffef0a65b8a0033460430", - "refsource" : "MISC", - "url" : "https://etherscan.io/address/0xa44e464b13280340904ffef0a65b8a0033460430" - }, - { - "name" : "https://medium.com/coinmonks/get-legendary-items-by-breaking-pnrg-of-mycyptochamp-an-ethereum-online-game-cve-2018-12855-6e6beb41b8df", - "refsource" : "MISC", - "url" : "https://medium.com/coinmonks/get-legendary-items-by-breaking-pnrg-of-mycyptochamp-an-ethereum-online-game-cve-2018-12855-6e6beb41b8df" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The randMod() function of the smart contract implementation for MyCryptoChamp, an Ethereum game, generates a random value with publicly readable variables such as the current block information and a private variable, (which can be read with a getStorageAt call). Therefore, attackers can get powerful champs/items and get rewards." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://etherscan.io/address/0xa44e464b13280340904ffef0a65b8a0033460430", + "refsource": "MISC", + "url": "https://etherscan.io/address/0xa44e464b13280340904ffef0a65b8a0033460430" + }, + { + "name": "https://medium.com/coinmonks/get-legendary-items-by-breaking-pnrg-of-mycyptochamp-an-ethereum-online-game-cve-2018-12855-6e6beb41b8df", + "refsource": "MISC", + "url": "https://medium.com/coinmonks/get-legendary-items-by-breaking-pnrg-of-mycyptochamp-an-ethereum-online-game-cve-2018-12855-6e6beb41b8df" + }, + { + "name": "https://etherscan.io/address/0x689FB61845488297dfE7586E5f7956475955d2Dc", + "refsource": "MISC", + "url": "https://etherscan.io/address/0x689FB61845488297dfE7586E5f7956475955d2Dc" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12975.json b/2018/12xxx/CVE-2018-12975.json index 3cac6d8b57f..c5d839cdb30 100644 --- a/2018/12xxx/CVE-2018-12975.json +++ b/2018/12xxx/CVE-2018-12975.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The random() function of the smart contract implementation for CryptoSaga, an Ethereum game, generates a random value with publicly readable variables such as timestamp, the current block's blockhash, and a private variable (which can be read with a getStorageAt call). Therefore, attackers can precompute the random number and manipulate the game (e.g., get powerful characters or get critical damages)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@jonghyk.song/create-legendary-champs-by-breaking-prng-of-cryptosaga-an-ethereum-rpg-game-cve-2018-12975-8de733ff8255", - "refsource" : "MISC", - "url" : "https://medium.com/@jonghyk.song/create-legendary-champs-by-breaking-prng-of-cryptosaga-an-ethereum-rpg-game-cve-2018-12975-8de733ff8255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The random() function of the smart contract implementation for CryptoSaga, an Ethereum game, generates a random value with publicly readable variables such as timestamp, the current block's blockhash, and a private variable (which can be read with a getStorageAt call). Therefore, attackers can precompute the random number and manipulate the game (e.g., get powerful characters or get critical damages)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@jonghyk.song/create-legendary-champs-by-breaking-prng-of-cryptosaga-an-ethereum-rpg-game-cve-2018-12975-8de733ff8255", + "refsource": "MISC", + "url": "https://medium.com/@jonghyk.song/create-legendary-champs-by-breaking-prng-of-cryptosaga-an-ethereum-rpg-game-cve-2018-12975-8de733ff8255" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16198.json b/2018/16xxx/CVE-2018-16198.json index 41cd5ee0b71..f6ea14f428e 100644 --- a/2018/16xxx/CVE-2018-16198.json +++ b/2018/16xxx/CVE-2018-16198.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-16198", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A", - "version" : { - "version_data" : [ - { - "version_value" : "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Toshiba Lighting & Technology Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Hidden Functionality" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A", + "version": { + "version_data": [ + { + "version_value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Toshiba Lighting & Technology Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm", - "refsource" : "MISC", - "url" : "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm" - }, - { - "name" : "JVN#99810718", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN99810718/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Hidden Functionality" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#99810718", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN99810718/index.html" + }, + { + "name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm", + "refsource": "MISC", + "url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16450.json b/2018/16xxx/CVE-2018-16450.json index b713720fd9b..bce049a2f15 100644 --- a/2018/16xxx/CVE-2018-16450.json +++ b/2018/16xxx/CVE-2018-16450.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CraftedWeb through 2013-09-24 has reflected XSS via the p parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/FuryKangaroo/8dc2ba91a5d63d6560d0088d0d265137", - "refsource" : "MISC", - "url" : "https://gist.github.com/FuryKangaroo/8dc2ba91a5d63d6560d0088d0d265137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CraftedWeb through 2013-09-24 has reflected XSS via the p parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/FuryKangaroo/8dc2ba91a5d63d6560d0088d0d265137", + "refsource": "MISC", + "url": "https://gist.github.com/FuryKangaroo/8dc2ba91a5d63d6560d0088d0d265137" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16735.json b/2018/16xxx/CVE-2018-16735.json index 3b26c6c96ed..81df6911ff3 100644 --- a/2018/16xxx/CVE-2018-16735.json +++ b/2018/16xxx/CVE-2018-16735.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16735", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16735", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16820.json b/2018/16xxx/CVE-2018-16820.json index 6848a622f18..f7f7c7c6997 100644 --- a/2018/16xxx/CVE-2018-16820.json +++ b/2018/16xxx/CVE-2018-16820.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.51cto.com/13770310/2173957", - "refsource" : "MISC", - "url" : "http://blog.51cto.com/13770310/2173957" - }, - { - "name" : "https://github.com/monstra-cms/monstra/issues/457", - "refsource" : "MISC", - "url" : "https://github.com/monstra-cms/monstra/issues/457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.51cto.com/13770310/2173957", + "refsource": "MISC", + "url": "http://blog.51cto.com/13770310/2173957" + }, + { + "name": "https://github.com/monstra-cms/monstra/issues/457", + "refsource": "MISC", + "url": "https://github.com/monstra-cms/monstra/issues/457" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4058.json b/2018/4xxx/CVE-2018-4058.json index aa2c0928d96..625e901ea62 100644 --- a/2018/4xxx/CVE-2018-4058.json +++ b/2018/4xxx/CVE-2018-4058.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4058", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4058", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4118.json b/2018/4xxx/CVE-2018-4118.json index 6d86155471e..7f34ac6cd72 100644 --- a/2018/4xxx/CVE-2018-4118.json +++ b/2018/4xxx/CVE-2018-4118.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208693", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208693" - }, - { - "name" : "https://support.apple.com/HT208694", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208694" - }, - { - "name" : "https://support.apple.com/HT208695", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208695" - }, - { - "name" : "https://support.apple.com/HT208697", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208697" - }, - { - "name" : "https://support.apple.com/HT208698", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208698" - }, - { - "name" : "GLSA-201808-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201808-04" - }, - { - "name" : "USN-3635-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3635-1/" - }, - { - "name" : "1040604", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040604", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040604" + }, + { + "name": "https://support.apple.com/HT208698", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208698" + }, + { + "name": "GLSA-201808-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201808-04" + }, + { + "name": "https://support.apple.com/HT208693", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208693" + }, + { + "name": "https://support.apple.com/HT208694", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208694" + }, + { + "name": "https://support.apple.com/HT208697", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208697" + }, + { + "name": "USN-3635-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3635-1/" + }, + { + "name": "https://support.apple.com/HT208695", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208695" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4245.json b/2018/4xxx/CVE-2018-4245.json index 37d0968aa81..7035ffd0b27 100644 --- a/2018/4xxx/CVE-2018-4245.json +++ b/2018/4xxx/CVE-2018-4245.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4245", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4245", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4545.json b/2018/4xxx/CVE-2018-4545.json index a7659f1ae99..14a70ea4063 100644 --- a/2018/4xxx/CVE-2018-4545.json +++ b/2018/4xxx/CVE-2018-4545.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4545", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4545", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6716.json b/2019/6xxx/CVE-2019-6716.json index e95c8a312df..186664c95bb 100644 --- a/2019/6xxx/CVE-2019-6716.json +++ b/2019/6xxx/CVE-2019-6716.json @@ -1,18 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6716", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6716", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs (backup and synchronization jobs), which could allow for the possibility of a Denial of Service attack via a modified jobId parameter in a runJob.html GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151373/LongBox-Limited-Access-Manager-Insecure-Direct-Object-Reference.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151373/LongBox-Limited-Access-Manager-Insecure-Direct-Object-Reference.html" + }, + { + "refsource": "EXPLOIT-DB", + "name": "46254", + "url": "https://www.exploit-db.com/exploits/46254/" + }, + { + "url": "https://www.logonbox.com/en/", + "refsource": "MISC", + "name": "https://www.logonbox.com/en/" + } + ] + } +} \ No newline at end of file