From f699cf3dad2cbf9efb481f1b0ad7ab2fdc458380 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:50:43 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/1xxx/CVE-2004-1086.json | 160 ++++++++--------- 2004/1xxx/CVE-2004-1088.json | 160 ++++++++--------- 2004/1xxx/CVE-2004-1171.json | 270 ++++++++++++++--------------- 2004/1xxx/CVE-2004-1256.json | 140 +++++++-------- 2004/1xxx/CVE-2004-1762.json | 150 ++++++++-------- 2004/1xxx/CVE-2004-1789.json | 180 +++++++++---------- 2008/2xxx/CVE-2008-2272.json | 170 +++++++++--------- 2008/3xxx/CVE-2008-3447.json | 180 +++++++++---------- 2008/3xxx/CVE-2008-3624.json | 180 +++++++++---------- 2008/3xxx/CVE-2008-3740.json | 200 ++++++++++----------- 2008/3xxx/CVE-2008-3929.json | 210 +++++++++++----------- 2008/4xxx/CVE-2008-4651.json | 140 +++++++-------- 2008/4xxx/CVE-2008-4673.json | 170 +++++++++--------- 2008/4xxx/CVE-2008-4918.json | 260 +++++++++++++-------------- 2008/6xxx/CVE-2008-6451.json | 130 +++++++------- 2008/6xxx/CVE-2008-6657.json | 170 +++++++++--------- 2008/6xxx/CVE-2008-6756.json | 130 +++++++------- 2013/2xxx/CVE-2013-2165.json | 200 ++++++++++----------- 2013/2xxx/CVE-2013-2258.json | 34 ++-- 2013/2xxx/CVE-2013-2337.json | 130 +++++++------- 2013/2xxx/CVE-2013-2739.json | 34 ++-- 2013/6xxx/CVE-2013-6208.json | 130 +++++++------- 2017/10xxx/CVE-2017-10713.json | 34 ++-- 2017/11xxx/CVE-2017-11127.json | 120 ++++++------- 2017/11xxx/CVE-2017-11399.json | 140 +++++++-------- 2017/14xxx/CVE-2017-14521.json | 130 +++++++------- 2017/14xxx/CVE-2017-14714.json | 120 ++++++------- 2017/15xxx/CVE-2017-15135.json | 152 ++++++++-------- 2017/15xxx/CVE-2017-15218.json | 140 +++++++-------- 2017/15xxx/CVE-2017-15550.json | 140 +++++++-------- 2017/15xxx/CVE-2017-15727.json | 130 +++++++------- 2017/15xxx/CVE-2017-15850.json | 122 ++++++------- 2017/9xxx/CVE-2017-9095.json | 130 +++++++------- 2017/9xxx/CVE-2017-9358.json | 150 ++++++++-------- 2017/9xxx/CVE-2017-9510.json | 122 ++++++------- 2017/9xxx/CVE-2017-9761.json | 140 +++++++-------- 2018/0xxx/CVE-2018-0094.json | 140 +++++++-------- 2018/0xxx/CVE-2018-0208.json | 130 +++++++------- 2018/0xxx/CVE-2018-0396.json | 150 ++++++++-------- 2018/1000xxx/CVE-2018-1000013.json | 134 +++++++------- 2018/1000xxx/CVE-2018-1000200.json | 216 +++++++++++------------ 2018/1000xxx/CVE-2018-1000808.json | 146 ++++++++-------- 2018/12xxx/CVE-2018-12141.json | 34 ++-- 2018/12xxx/CVE-2018-12347.json | 34 ++-- 2018/12xxx/CVE-2018-12592.json | 130 +++++++------- 2018/16xxx/CVE-2018-16177.json | 130 +++++++------- 2018/16xxx/CVE-2018-16332.json | 120 ++++++------- 2018/16xxx/CVE-2018-16560.json | 34 ++-- 2018/16xxx/CVE-2018-16890.json | 190 ++++++++++---------- 2018/4xxx/CVE-2018-4142.json | 170 +++++++++--------- 2018/4xxx/CVE-2018-4262.json | 170 +++++++++--------- 2018/4xxx/CVE-2018-4955.json | 140 +++++++-------- 2019/8xxx/CVE-2019-8938.json | 58 ++++++- 53 files changed, 3739 insertions(+), 3685 deletions(-) diff --git a/2004/1xxx/CVE-2004-1086.json b/2004/1xxx/CVE-2004-1086.json index 245dbdf4e78..91fdb2c0d4d 100644 --- a/2004/1xxx/CVE-2004-1086.json +++ b/2004/1xxx/CVE-2004-1086.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows remote attackers to execute arbitrary code via a crafted PostScript input file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2004-12-02", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html" - }, - { - "name" : "P-049", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-049.shtml" - }, - { - "name" : "11802", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11802" - }, - { - "name" : "13362", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13362/" - }, - { - "name" : "macos-psnormalizer-bo(18354)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18354" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows remote attackers to execute arbitrary code via a crafted PostScript input file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11802", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11802" + }, + { + "name": "13362", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13362/" + }, + { + "name": "macos-psnormalizer-bo(18354)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18354" + }, + { + "name": "APPLE-SA-2004-12-02", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html" + }, + { + "name": "P-049", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-049.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1088.json b/2004/1xxx/CVE-2004-1088.json index 3920c6d1b04..ae8b462a5c7 100644 --- a/2004/1xxx/CVE-2004-1088.json +++ b/2004/1xxx/CVE-2004-1088.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2004-12-02", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html" - }, - { - "name" : "P-049", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-049.shtml" - }, - { - "name" : "11802", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11802" - }, - { - "name" : "13362", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13362/" - }, - { - "name" : "postfix-crammd5-auth-replay(18353)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11802", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11802" + }, + { + "name": "13362", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13362/" + }, + { + "name": "APPLE-SA-2004-12-02", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html" + }, + { + "name": "postfix-crammd5-auth-replay(18353)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18353" + }, + { + "name": "P-049", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-049.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1171.json b/2004/1xxx/CVE-2004-1171.json index b5f12adb612..d15ace373fd 100644 --- a/2004/1xxx/CVE-2004-1171.json +++ b/2004/1xxx/CVE-2004-1171.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041129 Password Disclosure for SMB Shares in KDE's Konqueror", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110178786809694&w=2" - }, - { - "name" : "20041129 Password Disclosure for SMB Shares in KDE's Konqueror", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html" - }, - { - "name" : "http://www.sec-consult.com/index.php?id=118", - "refsource" : "MISC", - "url" : "http://www.sec-consult.com/index.php?id=118" - }, - { - "name" : "20041209 KDE Security Advisory: plain text password exposure", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110261063201488&w=2" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20041209-1.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20041209-1.txt" - }, - { - "name" : "GLSA-200412-16", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml" - }, - { - "name" : "MDKSA-2004:150", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:150" - }, - { - "name" : "VU#305294", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/305294" - }, - { - "name" : "P-051", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-051.shtml" - }, - { - "name" : "11866", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11866" - }, - { - "name" : "12248", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/12248" - }, - { - "name" : "1012471", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012471" - }, - { - "name" : "13560", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13560" - }, - { - "name" : "13477", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13477" - }, - { - "name" : "13486", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13486" - }, - { - "name" : "kde-smb-password-plaintext(18267)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18267" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13486", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13486" + }, + { + "name": "VU#305294", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/305294" + }, + { + "name": "11866", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11866" + }, + { + "name": "1012471", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012471" + }, + { + "name": "P-051", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-051.shtml" + }, + { + "name": "20041129 Password Disclosure for SMB Shares in KDE's Konqueror", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html" + }, + { + "name": "13560", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13560" + }, + { + "name": "kde-smb-password-plaintext(18267)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18267" + }, + { + "name": "MDKSA-2004:150", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:150" + }, + { + "name": "20041209 KDE Security Advisory: plain text password exposure", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110261063201488&w=2" + }, + { + "name": "12248", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/12248" + }, + { + "name": "http://www.sec-consult.com/index.php?id=118", + "refsource": "MISC", + "url": "http://www.sec-consult.com/index.php?id=118" + }, + { + "name": "GLSA-200412-16", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml" + }, + { + "name": "20041129 Password Disclosure for SMB Shares in KDE's Konqueror", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110178786809694&w=2" + }, + { + "name": "13477", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13477" + }, + { + "name": "http://www.kde.org/info/security/advisory-20041209-1.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20041209-1.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1256.json b/2004/1xxx/CVE-2004-1256.json index b46fda601ea..0e86557d3e4 100644 --- a/2004/1xxx/CVE-2004-1256.json +++ b/2004/1xxx/CVE-2004-1256.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the (1) event_text and (2) event_specific functions in abc2midi 2004.12.04 allow remote attackers to execute arbitrary code via crafted ABC files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tigger.uic.edu/~jlongs2/holes/abc2midi.txt", - "refsource" : "MISC", - "url" : "http://tigger.uic.edu/~jlongs2/holes/abc2midi.txt" - }, - { - "name" : "abc2midi-eventspecific-bo(18574)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18574" - }, - { - "name" : "abc2midi-eventtext-bo(18573)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18573" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the (1) event_text and (2) event_specific functions in abc2midi 2004.12.04 allow remote attackers to execute arbitrary code via crafted ABC files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "abc2midi-eventtext-bo(18573)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18573" + }, + { + "name": "abc2midi-eventspecific-bo(18574)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18574" + }, + { + "name": "http://tigger.uic.edu/~jlongs2/holes/abc2midi.txt", + "refsource": "MISC", + "url": "http://tigger.uic.edu/~jlongs2/holes/abc2midi.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1762.json b/2004/1xxx/CVE-2004-1762.json index cc8de7f476f..291cb9fdd16 100644 --- a/2004/1xxx/CVE-2004-1762.json +++ b/2004/1xxx/CVE-2004-1762.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux before Hotfix 3 allows the Sober.D worm to bypass FASV." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-linux-hotfixes.shtml", - "refsource" : "CONFIRM", - "url" : "http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-linux-hotfixes.shtml" - }, - { - "name" : "VU#415734", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/415734" - }, - { - "name" : "11089", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11089" - }, - { - "name" : "fsecure-antivirus-protection-bypass(15432)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux before Hotfix 3 allows the Sober.D worm to bypass FASV." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "fsecure-antivirus-protection-bypass(15432)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15432" + }, + { + "name": "http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-linux-hotfixes.shtml", + "refsource": "CONFIRM", + "url": "http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-linux-hotfixes.shtml" + }, + { + "name": "VU#415734", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/415734" + }, + { + "name": "11089", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11089" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1789.json b/2004/1xxx/CVE-2004-1789.json index 3c38f298ffb..67ad88b3868 100644 --- a/2004/1xxx/CVE-2004-1789.json +++ b/2004/1xxx/CVE-2004-1789.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web management interface in ZyWALL 10 4.07 allows remote attackers to inject arbitrary web script or HTML via the rpAuth_1 page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040106 ZyXEL10 OF ZyWALL Series Router Cross Site Scripting Vulnerabillity", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/349085" - }, - { - "name" : "9373", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9373" - }, - { - "name" : "3443", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3443" - }, - { - "name" : "12793", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/12793" - }, - { - "name" : "1008644", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1008644" - }, - { - "name" : "10574", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10574" - }, - { - "name" : "zywall-xss(14163)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web management interface in ZyWALL 10 4.07 allows remote attackers to inject arbitrary web script or HTML via the rpAuth_1 page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "zywall-xss(14163)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14163" + }, + { + "name": "1008644", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1008644" + }, + { + "name": "9373", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9373" + }, + { + "name": "3443", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3443" + }, + { + "name": "10574", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10574" + }, + { + "name": "12793", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/12793" + }, + { + "name": "20040106 ZyXEL10 OF ZyWALL Series Router Cross Site Scripting Vulnerabillity", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/349085" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2272.json b/2008/2xxx/CVE-2008-2272.json index 9c0ded1e062..4c14bf479ad 100644 --- a/2008/2xxx/CVE-2008-2272.json +++ b/2008/2xxx/CVE-2008-2272.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.5.x, 2.5.6.x, 3.1.1.x, 3.2.0.x, and 3.3.1.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080515 Aruba Mobility Controller TACACS User Authentication and Cross Site Scripting Vulnerabilities (Aruba Advisory ID: AID-051408)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492113/100/0/threaded" - }, - { - "name" : "http://www.arubanetworks.com/support/alerts/aid-051408.asc", - "refsource" : "CONFIRM", - "url" : "http://www.arubanetworks.com/support/alerts/aid-051408.asc" - }, - { - "name" : "29240", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29240" - }, - { - "name" : "1020033", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020033" - }, - { - "name" : "30262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30262" - }, - { - "name" : "aruba-webui-xss(42433)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.5.x, 2.5.6.x, 3.1.1.x, 3.2.0.x, and 3.3.1.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.arubanetworks.com/support/alerts/aid-051408.asc", + "refsource": "CONFIRM", + "url": "http://www.arubanetworks.com/support/alerts/aid-051408.asc" + }, + { + "name": "1020033", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020033" + }, + { + "name": "20080515 Aruba Mobility Controller TACACS User Authentication and Cross Site Scripting Vulnerabilities (Aruba Advisory ID: AID-051408)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492113/100/0/threaded" + }, + { + "name": "aruba-webui-xss(42433)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42433" + }, + { + "name": "29240", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29240" + }, + { + "name": "30262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30262" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3447.json b/2008/3xxx/CVE-2008-3447.json index c247138c0b5..4c036bff852 100644 --- a/2008/3xxx/CVE-2008-3447.json +++ b/2008/3xxx/CVE-2008-3447.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The scanning engine in F-Prot Antivirus 6.2.1 4252 allows remote attackers to cause a denial of service (infinite loop) via a malformed ZIP archive, probably related to invalid offsets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080731 F-PROT antivirus 6.2.1.4252 infinite loop denial of service via malformed archive", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2008/Jul/0569.html" - }, - { - "name" : "6174", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6174" - }, - { - "name" : "30461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30461" - }, - { - "name" : "ADV-2008-2283", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2283" - }, - { - "name" : "1020612", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020612" - }, - { - "name" : "31313", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31313" - }, - { - "name" : "fprotantivirus-infiniteloop-dos(44134)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The scanning engine in F-Prot Antivirus 6.2.1 4252 allows remote attackers to cause a denial of service (infinite loop) via a malformed ZIP archive, probably related to invalid offsets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080731 F-PROT antivirus 6.2.1.4252 infinite loop denial of service via malformed archive", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2008/Jul/0569.html" + }, + { + "name": "1020612", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020612" + }, + { + "name": "6174", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6174" + }, + { + "name": "ADV-2008-2283", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2283" + }, + { + "name": "31313", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31313" + }, + { + "name": "fprotantivirus-infiniteloop-dos(44134)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44134" + }, + { + "name": "30461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30461" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3624.json b/2008/3xxx/CVE-2008-3624.json index 27df9a9e98d..8a841579106 100644 --- a/2008/3xxx/CVE-2008-3624.json +++ b/2008/3xxx/CVE-2008-3624.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3027", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3027" - }, - { - "name" : "APPLE-SA-2008-09-09", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html" - }, - { - "name" : "31086", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31086" - }, - { - "name" : "oval:org.mitre.oval:def:16124", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16124" - }, - { - "name" : "ADV-2008-2527", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2527" - }, - { - "name" : "1020841", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020841" - }, - { - "name" : "31821", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31821" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31086", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31086" + }, + { + "name": "ADV-2008-2527", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2527" + }, + { + "name": "APPLE-SA-2008-09-09", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html" + }, + { + "name": "1020841", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020841" + }, + { + "name": "oval:org.mitre.oval:def:16124", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16124" + }, + { + "name": "http://support.apple.com/kb/HT3027", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3027" + }, + { + "name": "31821", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31821" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3740.json b/2008/3xxx/CVE-2008-3740.json index a9b1de831e9..10d3d1af29e 100644 --- a/2008/3xxx/CVE-2008-3740.json +++ b/2008/3xxx/CVE-2008-3740.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3740", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the output filter in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/295053", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/295053" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=459108", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=459108" - }, - { - "name" : "FEDORA-2008-7467", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00259.html" - }, - { - "name" : "FEDORA-2008-7626", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00508.html" - }, - { - "name" : "30689", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30689" - }, - { - "name" : "31462", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31462" - }, - { - "name" : "ADV-2008-2392", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2392" - }, - { - "name" : "31825", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31825" - }, - { - "name" : "drupal-unspecified-parameter-xss(44445)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the output filter in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=459108", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=459108" + }, + { + "name": "30689", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30689" + }, + { + "name": "31825", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31825" + }, + { + "name": "ADV-2008-2392", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2392" + }, + { + "name": "FEDORA-2008-7626", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00508.html" + }, + { + "name": "http://drupal.org/node/295053", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/295053" + }, + { + "name": "FEDORA-2008-7467", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00259.html" + }, + { + "name": "31462", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31462" + }, + { + "name": "drupal-unspecified-parameter-xss(44445)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44445" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3929.json b/2008/3xxx/CVE-2008-3929.json index 675c410c27d..c28e0e18e9a 100644 --- a/2008/3xxx/CVE-2008-3929.json +++ b/2008/3xxx/CVE-2008-3929.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496369", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496369" - }, - { - "name" : "http://dev.gentoo.org/~rbu/security/debiantemp/ampache", - "refsource" : "CONFIRM", - "url" : "http://dev.gentoo.org/~rbu/security/debiantemp/ampache" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770" - }, - { - "name" : "http://freshmeat.net/projects/ampache/releases/283935", - "refsource" : "CONFIRM", - "url" : "http://freshmeat.net/projects/ampache/releases/283935" - }, - { - "name" : "GLSA-200812-22", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200812-22.xml" - }, - { - "name" : "30875", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30875" - }, - { - "name" : "31657", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31657" - }, - { - "name" : "33316", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33316" - }, - { - "name" : "ampache-gathermessages-symlink(44739)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44739" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200812-22", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200812-22.xml" + }, + { + "name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2" + }, + { + "name": "http://dev.gentoo.org/~rbu/security/debiantemp/ampache", + "refsource": "CONFIRM", + "url": "http://dev.gentoo.org/~rbu/security/debiantemp/ampache" + }, + { + "name": "33316", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33316" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=235770", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770" + }, + { + "name": "31657", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31657" + }, + { + "name": "30875", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30875" + }, + { + "name": "ampache-gathermessages-symlink(44739)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44739" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496369", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496369" + }, + { + "name": "http://freshmeat.net/projects/ampache/releases/283935", + "refsource": "CONFIRM", + "url": "http://freshmeat.net/projects/ampache/releases/283935" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4651.json b/2008/4xxx/CVE-2008-4651.json index 853f7267777..5ab21d2cd4f 100644 --- a/2008/4xxx/CVE-2008-4651.json +++ b/2008/4xxx/CVE-2008-4651.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby parameter to admin/cms/images.php and the (2) nav_id parameter in an editrecord action to admin/cms/nav.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.digitrustgroup.com/advisories/web-application-security-jetbox", - "refsource" : "MISC", - "url" : "http://www.digitrustgroup.com/advisories/web-application-security-jetbox" - }, - { - "name" : "31824", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31824" - }, - { - "name" : "jetboxcms-images-nav-sql-injection(45986)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby parameter to admin/cms/images.php and the (2) nav_id parameter in an editrecord action to admin/cms/nav.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jetboxcms-images-nav-sql-injection(45986)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45986" + }, + { + "name": "http://www.digitrustgroup.com/advisories/web-application-security-jetbox", + "refsource": "MISC", + "url": "http://www.digitrustgroup.com/advisories/web-application-security-jetbox" + }, + { + "name": "31824", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31824" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4673.json b/2008/4xxx/CVE-2008-4673.json index 2f81b5ccf7e..df44b4cec2c 100644 --- a/2008/4xxx/CVE-2008-4673.json +++ b/2008/4xxx/CVE-2008-4673.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in panel/common/theme/default/header_setup.php in WebBiscuits Software Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the (1) path[docroot] and (2) component parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6623", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6623" - }, - { - "name" : "31471", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31471" - }, - { - "name" : "ADV-2008-2701", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2701" - }, - { - "name" : "32053", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32053" - }, - { - "name" : "4461", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4461" - }, - { - "name" : "eventscalendar-headersetup-file-include(45500)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in panel/common/theme/default/header_setup.php in WebBiscuits Software Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the (1) path[docroot] and (2) component parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-2701", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2701" + }, + { + "name": "32053", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32053" + }, + { + "name": "eventscalendar-headersetup-file-include(45500)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45500" + }, + { + "name": "31471", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31471" + }, + { + "name": "6623", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6623" + }, + { + "name": "4461", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4461" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4918.json b/2008/4xxx/CVE-2008-4918.json index 0558a0afd0e..4127ca6e0ea 100644 --- a/2008/4xxx/CVE-2008-4918.json +++ b/2008/4xxx/CVE-2008-4918.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka \"universal website hijacking.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081031 Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497958/100/0/threaded" - }, - { - "name" : "20081101 Re: Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497989/100/0/threaded" - }, - { - "name" : "20081030 ZDI-08-070: SonicWALL Content-Filtering Universal Script Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497948/100/0/threaded" - }, - { - "name" : "20081031 Re: Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497968/100/0/threaded" - }, - { - "name" : "20081104 Re: Re: [Full-disclosure] Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498043/100/0/threaded" - }, - { - "name" : "20081105 Re: Re: Re: [Full-disclosure] Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498073/100/0/threaded" - }, - { - "name" : "http://www.gnucitizen.org/blog/new-technique-to-perform-universal-website-hijacking/", - "refsource" : "MISC", - "url" : "http://www.gnucitizen.org/blog/new-technique-to-perform-universal-website-hijacking/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-070/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-070/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-070", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-070" - }, - { - "name" : "http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf" - }, - { - "name" : "31998", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31998" - }, - { - "name" : "ADV-2008-2970", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2970" - }, - { - "name" : "32498", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32498" - }, - { - "name" : "4556", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4556" - }, - { - "name" : "sonicwall-content-filtering-xss(46232)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46232" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka \"universal website hijacking.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20081104 Re: Re: [Full-disclosure] Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498043/100/0/threaded" + }, + { + "name": "20081031 Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497958/100/0/threaded" + }, + { + "name": "ADV-2008-2970", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2970" + }, + { + "name": "20081030 ZDI-08-070: SonicWALL Content-Filtering Universal Script Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497948/100/0/threaded" + }, + { + "name": "31998", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31998" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-070/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-070/" + }, + { + "name": "32498", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32498" + }, + { + "name": "20081031 Re: Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497968/100/0/threaded" + }, + { + "name": "20081105 Re: Re: Re: [Full-disclosure] Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498073/100/0/threaded" + }, + { + "name": "4556", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4556" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-070", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-070" + }, + { + "name": "http://www.gnucitizen.org/blog/new-technique-to-perform-universal-website-hijacking/", + "refsource": "MISC", + "url": "http://www.gnucitizen.org/blog/new-technique-to-perform-universal-website-hijacking/" + }, + { + "name": "http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf", + "refsource": "CONFIRM", + "url": "http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf" + }, + { + "name": "sonicwall-content-filtering-xss(46232)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46232" + }, + { + "name": "20081101 Re: Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497989/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6451.json b/2008/6xxx/CVE-2008-6451.json index fe46693b08f..498ac85dfa3 100644 --- a/2008/6xxx/CVE-2008-6451.json +++ b/2008/6xxx/CVE-2008-6451.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in humor.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2004-2036 or CVE-2005-3509." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6505", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6505" - }, - { - "name" : "31274", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31274" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in humor.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2004-2036 or CVE-2005-3509." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31274", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31274" + }, + { + "name": "6505", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6505" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6657.json b/2008/6xxx/CVE-2008-6657.json index 40c437c3f87..3bd777adc6e 100644 --- a/2008/6xxx/CVE-2008-6657.json +++ b/2008/6xxx/CVE-2008-6657.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6993", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6993" - }, - { - "name" : "http://www.simplemachines.org/community/index.php?topic=272861.0", - "refsource" : "CONFIRM", - "url" : "http://www.simplemachines.org/community/index.php?topic=272861.0" - }, - { - "name" : "32119", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32119" - }, - { - "name" : "50071", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50071" - }, - { - "name" : "32516", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32516" - }, - { - "name" : "smf-unspecified-csrf(46343)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46343" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32119", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32119" + }, + { + "name": "32516", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32516" + }, + { + "name": "http://www.simplemachines.org/community/index.php?topic=272861.0", + "refsource": "CONFIRM", + "url": "http://www.simplemachines.org/community/index.php?topic=272861.0" + }, + { + "name": "6993", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6993" + }, + { + "name": "smf-unspecified-csrf(46343)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46343" + }, + { + "name": "50071", + "refsource": "OSVDB", + "url": "http://osvdb.org/50071" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6756.json b/2008/6xxx/CVE-2008-6756.json index 00d5fea70e9..64f668cf720 100644 --- a/2008/6xxx/CVE-2008-6756.json +++ b/2008/6xxx/CVE-2008-6756.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=250715", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=250715" - }, - { - "name" : "zoneminder-etczmconf-info-disclosure(50325)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50325" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=250715", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=250715" + }, + { + "name": "zoneminder-etczmconf-info-disclosure(50325)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50325" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2165.json b/2013/2xxx/CVE-2013-2165.json index 63a6a04bbf3..c7d72627895 100644 --- a/2013/2xxx/CVE-2013-2165.json +++ b/2013/2xxx/CVE-2013-2165.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://access.redhat.com/security/cve/CVE-2013-2165", - "refsource" : "CONFIRM", - "url" : "https://access.redhat.com/security/cve/CVE-2013-2165" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=973570", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=973570" - }, - { - "name" : "RHSA-2013:1041", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1041.html" - }, - { - "name" : "RHSA-2013:1042", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1042.html" - }, - { - "name" : "RHSA-2013:1043", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1043.html" - }, - { - "name" : "RHSA-2013:1044", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1044.html" - }, - { - "name" : "RHSA-2013:1045", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1045.html" - }, - { - "name" : "JVN#38787103", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN38787103/index.html" - }, - { - "name" : "JVNDB-2013-000072", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#38787103", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN38787103/index.html" + }, + { + "name": "https://access.redhat.com/security/cve/CVE-2013-2165", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/security/cve/CVE-2013-2165" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=973570", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=973570" + }, + { + "name": "RHSA-2013:1045", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1045.html" + }, + { + "name": "RHSA-2013:1041", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1041.html" + }, + { + "name": "RHSA-2013:1043", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1043.html" + }, + { + "name": "RHSA-2013:1044", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1044.html" + }, + { + "name": "JVNDB-2013-000072", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000072" + }, + { + "name": "RHSA-2013:1042", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1042.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2258.json b/2013/2xxx/CVE-2013-2258.json index 3269174b5df..6d01cc491a7 100644 --- a/2013/2xxx/CVE-2013-2258.json +++ b/2013/2xxx/CVE-2013-2258.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2258", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2258", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2337.json b/2013/2xxx/CVE-2013-2337.json index 515c81ce273..0a6f0a1ecb9 100644 --- a/2013/2xxx/CVE-2013-2337.json +++ b/2013/2xxx/CVE-2013-2337.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-2337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02884", - "refsource" : "HP", - "url" : "http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03784101" - }, - { - "name" : "SSRT101208", - "refsource" : "HP", - "url" : "http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03784101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101208", + "refsource": "HP", + "url": "http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03784101" + }, + { + "name": "HPSBMU02884", + "refsource": "HP", + "url": "http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03784101" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2739.json b/2013/2xxx/CVE-2013-2739.json index 682fd753592..16d4e6b1f9d 100644 --- a/2013/2xxx/CVE-2013-2739.json +++ b/2013/2xxx/CVE-2013-2739.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2739", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2739", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6208.json b/2013/6xxx/CVE-2013-6208.json index 7ba6f520c36..79f259af9ea 100644 --- a/2013/6xxx/CVE-2013-6208.json +++ b/2013/6xxx/CVE-2013-6208.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Smart Update Manager 5.3.5 before build 70 on Linux allows local users to gain privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-6208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02975", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04000397" - }, - { - "name" : "SSRT101366", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04000397" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Smart Update Manager 5.3.5 before build 70 on Linux allows local users to gain privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101366", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04000397" + }, + { + "name": "HPSBMU02975", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04000397" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10713.json b/2017/10xxx/CVE-2017-10713.json index 6ca1d501411..d9f603aebcd 100644 --- a/2017/10xxx/CVE-2017-10713.json +++ b/2017/10xxx/CVE-2017-10713.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10713", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10713", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11127.json b/2017/11xxx/CVE-2017-11127.json index 0a0612e646d..0eb202bb87d 100644 --- a/2017/11xxx/CVE-2017-11127.json +++ b/2017/11xxx/CVE-2017-11127.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a \"Content-Type: image/svg+xml\" header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://websecnerd.blogspot.in/2017/07/bolt-cms-3.html", - "refsource" : "MISC", - "url" : "https://websecnerd.blogspot.in/2017/07/bolt-cms-3.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a \"Content-Type: image/svg+xml\" header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://websecnerd.blogspot.in/2017/07/bolt-cms-3.html", + "refsource": "MISC", + "url": "https://websecnerd.blogspot.in/2017/07/bolt-cms-3.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11399.json b/2017/11xxx/CVE-2017-11399.json index cf363960a7e..354f590e8cb 100644 --- a/2017/11xxx/CVE-2017-11399.json +++ b/2017/11xxx/CVE-2017-11399.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11399", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11399", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/FFmpeg/FFmpeg/commit/ba4beaf6149f7241c8bd85fe853318c2f6837ad0", - "refsource" : "CONFIRM", - "url" : "https://github.com/FFmpeg/FFmpeg/commit/ba4beaf6149f7241c8bd85fe853318c2f6837ad0" - }, - { - "name" : "DSA-3957", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3957" - }, - { - "name" : "100019", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100019", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100019" + }, + { + "name": "DSA-3957", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3957" + }, + { + "name": "https://github.com/FFmpeg/FFmpeg/commit/ba4beaf6149f7241c8bd85fe853318c2f6837ad0", + "refsource": "CONFIRM", + "url": "https://github.com/FFmpeg/FFmpeg/commit/ba4beaf6149f7241c8bd85fe853318c2f6837ad0" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14521.json b/2017/14xxx/CVE-2017-14521.json index e64470839db..e0247774da1 100644 --- a/2017/14xxx/CVE-2017-14521.json +++ b/2017/14xxx/CVE-2017-14521.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43963", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43963/" - }, - { - "name" : "https://securitywarrior9.blogspot.in/2018/01/vulnerability-in-wonder-cms-leading-to.html", - "refsource" : "MISC", - "url" : "https://securitywarrior9.blogspot.in/2018/01/vulnerability-in-wonder-cms-leading-to.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://securitywarrior9.blogspot.in/2018/01/vulnerability-in-wonder-cms-leading-to.html", + "refsource": "MISC", + "url": "https://securitywarrior9.blogspot.in/2018/01/vulnerability-in-wonder-cms-leading-to.html" + }, + { + "name": "43963", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43963/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14714.json b/2017/14xxx/CVE-2017-14714.json index eb97d0937eb..1999f294c1c 100644 --- a/2017/14xxx/CVE-2017-14714.json +++ b/2017/14xxx/CVE-2017-14714.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://forum.epesibim.com/d/4956-security-issue-multiple-stored-xss-in-epesi-version-1-8-2-rev20170830", - "refsource" : "MISC", - "url" : "https://forum.epesibim.com/d/4956-security-issue-multiple-stored-xss-in-epesi-version-1-8-2-rev20170830" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://forum.epesibim.com/d/4956-security-issue-multiple-stored-xss-in-epesi-version-1-8-2-rev20170830", + "refsource": "MISC", + "url": "https://forum.epesibim.com/d/4956-security-issue-multiple-stored-xss-in-epesi-version-1-8-2-rev20170830" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15135.json b/2017/15xxx/CVE-2017-15135.json index e985224cc3a..b3c9351d7b8 100644 --- a/2017/15xxx/CVE-2017-15135.json +++ b/2017/15xxx/CVE-2017-15135.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2017-12-13T00:00:00", - "ID" : "CVE-2017-15135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "389-ds-base", - "version" : { - "version_data" : [ - { - "version_value" : "since 1.3.6.1 up to and including 1.4.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-287" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2017-12-13T00:00:00", + "ID": "CVE-2017-15135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "389-ds-base", + "version": { + "version_data": [ + { + "version_value": "since 1.3.6.1 up to and including 1.4.0.3" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1525628", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1525628" - }, - { - "name" : "RHSA-2018:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0414" - }, - { - "name" : "RHSA-2018:0515", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0515" - }, - { - "name" : "102811", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102811", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102811" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1525628", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525628" + }, + { + "name": "RHSA-2018:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0414" + }, + { + "name": "RHSA-2018:0515", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0515" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15218.json b/2017/15xxx/CVE-2017-15218.json index 6717f35365f..7af26aea010 100644 --- a/2017/15xxx/CVE-2017-15218.json +++ b/2017/15xxx/CVE-2017-15218.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/760", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/760" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - }, - { - "name" : "101233", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101233" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + }, + { + "name": "101233", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101233" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/760", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/760" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15550.json b/2017/15xxx/CVE-2017-15550.json index d6d14b4436e..d91e2216251 100644 --- a/2017/15xxx/CVE-2017-15550.json +++ b/2017/15xxx/CVE-2017-15550.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-15550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0", - "version" : { - "version_data" : [ - { - "version_value" : "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path traversal vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-15550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0", + "version": { + "version_data": [ + { + "version_value": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2018/Jan/17", - "refsource" : "CONFIRM", - "url" : "http://seclists.org/fulldisclosure/2018/Jan/17" - }, - { - "name" : "102358", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102358" - }, - { - "name" : "1040070", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path traversal vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040070", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040070" + }, + { + "name": "http://seclists.org/fulldisclosure/2018/Jan/17", + "refsource": "CONFIRM", + "url": "http://seclists.org/fulldisclosure/2018/Jan/17" + }, + { + "name": "102358", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102358" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15727.json b/2017/15xxx/CVE-2017-15727.json index b4374e8a945..5e0d033edac 100644 --- a/2017/15xxx/CVE-2017-15727.json +++ b/2017/15xxx/CVE-2017-15727.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15727", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15727", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43063", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43063/" - }, - { - "name" : "https://github.com/thorsten/phpMyFAQ/commit/5c3e4f96ff0ef6b91a3f0aa64eb28197c5cf5435", - "refsource" : "CONFIRM", - "url" : "https://github.com/thorsten/phpMyFAQ/commit/5c3e4f96ff0ef6b91a3f0aa64eb28197c5cf5435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43063", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43063/" + }, + { + "name": "https://github.com/thorsten/phpMyFAQ/commit/5c3e4f96ff0ef6b91a3f0aa64eb28197c5cf5435", + "refsource": "CONFIRM", + "url": "https://github.com/thorsten/phpMyFAQ/commit/5c3e4f96ff0ef6b91a3f0aa64eb28197c5cf5435" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15850.json b/2017/15xxx/CVE-2017-15850.json index 5ae1000165e..a3123a40d69 100644 --- a/2017/15xxx/CVE-2017-15850.json +++ b/2017/15xxx/CVE-2017-15850.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-01-02T00:00:00", - "ID" : "CVE-2017-15850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, userspace can read values from audio codec registers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure in Audio" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-01-02T00:00:00", + "ID": "CVE-2017-15850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, userspace can read values from audio codec registers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure in Audio" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9095.json b/2017/9xxx/CVE-2017-9095.json index 5197f317c13..30fe36b61d0 100644 --- a/2017/9xxx/CVE-2017-9095.json +++ b/2017/9xxx/CVE-2017-9095.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43187", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43187/" - }, - { - "name" : "https://thenopsled.com/divinglog.txt", - "refsource" : "MISC", - "url" : "https://thenopsled.com/divinglog.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://thenopsled.com/divinglog.txt", + "refsource": "MISC", + "url": "https://thenopsled.com/divinglog.txt" + }, + { + "name": "43187", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43187/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9358.json b/2017/9xxx/CVE-2017-9358.json index 437bca12279..1e2af7f916b 100644 --- a/2017/9xxx/CVE-2017-9358.json +++ b/2017/9xxx/CVE-2017-9358.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2017-004.txt", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2017-004.txt" - }, - { - "name" : "https://bugs.debian.org/863906", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/863906" - }, - { - "name" : "98573", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98573" - }, - { - "name" : "1038531", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038531", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038531" + }, + { + "name": "98573", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98573" + }, + { + "name": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt" + }, + { + "name": "https://bugs.debian.org/863906", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/863906" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9510.json b/2017/9xxx/CVE-2017-9510.json index 5e270dde872..45e0f147cd9 100644 --- a/2017/9xxx/CVE-2017-9510.json +++ b/2017/9xxx/CVE-2017-9510.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2017-07-17T00:00:00", - "ID" : "CVE-2017-9510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Atlassian FishEye", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version 4.4.1" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The repository changelog resource in Atlassian FishEye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2017-07-17T00:00:00", + "ID": "CVE-2017-9510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Atlassian FishEye", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 4.4.1" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/FE-6890", - "refsource" : "MISC", - "url" : "https://jira.atlassian.com/browse/FE-6890" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The repository changelog resource in Atlassian FishEye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.atlassian.com/browse/FE-6890", + "refsource": "MISC", + "url": "https://jira.atlassian.com/browse/FE-6890" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9761.json b/2017/9xxx/CVE-2017-9761.json index d058cfe951d..a1de9a26207 100644 --- a/2017/9xxx/CVE-2017-9761.json +++ b/2017/9xxx/CVE-2017-9761.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/radare/radare2/commit/00e8f205475332d7842d0f0d1481eeab4e83017c", - "refsource" : "CONFIRM", - "url" : "https://github.com/radare/radare2/commit/00e8f205475332d7842d0f0d1481eeab4e83017c" - }, - { - "name" : "https://github.com/radare/radare2/issues/7727", - "refsource" : "CONFIRM", - "url" : "https://github.com/radare/radare2/issues/7727" - }, - { - "name" : "99138", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/radare/radare2/commit/00e8f205475332d7842d0f0d1481eeab4e83017c", + "refsource": "CONFIRM", + "url": "https://github.com/radare/radare2/commit/00e8f205475332d7842d0f0d1481eeab4e83017c" + }, + { + "name": "https://github.com/radare/radare2/issues/7727", + "refsource": "CONFIRM", + "url": "https://github.com/radare/radare2/issues/7727" + }, + { + "name": "99138", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99138" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0094.json b/2018/0xxx/CVE-2018-0094.json index 34bf48011d7..fe0112d05a7 100644 --- a/2018/0xxx/CVE-2018-0094.json +++ b/2018/0xxx/CVE-2018-0094.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco UCS Central Software", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco UCS Central Software" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate limiting protection for IPv6 ingress traffic. An attacker could exploit this vulnerability by sending the affected device a high rate of IPv6 packets. Successful exploitation could allow the attacker to cause a DoS condition due to CPU and resource constraints. Cisco Bug IDs: CSCuv34544." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-693" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco UCS Central Software", + "version": { + "version_data": [ + { + "version_value": "Cisco UCS Central Software" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucs", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucs" - }, - { - "name" : "102787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102787" - }, - { - "name" : "1040249", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate limiting protection for IPv6 ingress traffic. An attacker could exploit this vulnerability by sending the affected device a high rate of IPv6 packets. Successful exploitation could allow the attacker to cause a DoS condition due to CPU and resource constraints. Cisco Bug IDs: CSCuv34544." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-693" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040249", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040249" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucs", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucs" + }, + { + "name": "102787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102787" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0208.json b/2018/0xxx/CVE-2018-0208.json index fddb6470719..7abb903b2bc 100644 --- a/2018/0xxx/CVE-2018-0208.json +++ b/2018/0xxx/CVE-2018-0208.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Registered Envelope Service", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Registered Envelope Service" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of the (cloud based) Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. Cisco Bug IDs: CSCvg74126." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Registered Envelope Service", + "version": { + "version_data": [ + { + "version_value": "Cisco Registered Envelope Service" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-res", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-res" - }, - { - "name" : "103337", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103337" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of the (cloud based) Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. Cisco Bug IDs: CSCvg74126." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103337", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103337" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-res", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-res" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0396.json b/2018/0xxx/CVE-2018-0396.json index d08df6578b8..97639711fae 100644 --- a/2018/0xxx/CVE-2018-0396.json +++ b/2018/0xxx/CVE-2018-0396.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Unified Communications Manager IM And Presence Service unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Unified Communications Manager IM And Presence Service unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting certain malicious code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve25985." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Unified Communications Manager IM And Presence Service unknown", + "version": { + "version_data": [ + { + "version_value": "Cisco Unified Communications Manager IM And Presence Service unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ucmim-ps-xss", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ucmim-ps-xss" - }, - { - "name" : "104872", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104872" - }, - { - "name" : "1041349", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041349" - }, - { - "name" : "1041350", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041350" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting certain malicious code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve25985." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104872", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104872" + }, + { + "name": "1041350", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041350" + }, + { + "name": "1041349", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041349" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ucmim-ps-xss", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ucmim-ps-xss" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000013.json b/2018/1000xxx/CVE-2018-1000013.json index aea8c6da628..0254b31de7e 100644 --- a/2018/1000xxx/CVE-2018-1000013.json +++ b/2018/1000xxx/CVE-2018-1000013.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2018-01-22", - "ID" : "CVE-2018-1000013", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Release Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "2.9 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins Release Plugin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Request Forgery" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-01-22", + "ID": "CVE-2018-1000013", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-01-22/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-01-22/" - }, - { - "name" : "102834", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102834" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102834", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102834" + }, + { + "name": "https://jenkins.io/security/advisory/2018-01-22/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-01-22/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000200.json b/2018/1000xxx/CVE-2018-1000200.json index 5d90db14c8d..1c6f0fc1bdc 100644 --- a/2018/1000xxx/CVE-2018-1000200.json +++ b/2018/1000xxx/CVE-2018-1000200.json @@ -1,110 +1,110 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-04-17T12:00:00", - "DATE_REQUESTED" : "2018-04-17T14:00:00", - "ID" : "CVE-2018-1000200", - "REQUESTER" : "rientjes@google.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Linux Kernel", - "version" : { - "version_data" : [ - { - "version_value" : "4.14, 4.15, and 4.16" - } - ] - } - } - ] - }, - "vendor_name" : "Linux Kernel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked vmas.This can happen synchronously with the oom reaper's unmap_page_range() since the vma's VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are mlocked)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "NULL Pointer Dereference" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-04-17T12:00:00", + "DATE_REQUESTED": "2018-04-17T14:00:00", + "ID": "CVE-2018-1000200", + "REQUESTER": "rientjes@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20180417 [patch] mm, oom: fix concurrent munlock and oom reaper unmap", - "refsource" : "MLIST", - "url" : "https://marc.info/?l=linux-kernel&m=152400522806945" - }, - { - "name" : "[linux-kernel] 20180424 [patch v3 for-4.17] mm, oom: fix concurrent munlock and oom reaper unmap", - "refsource" : "MLIST", - "url" : "https://marc.info/?l=linux-kernel&m=152460926619256" - }, - { - "name" : "[oss-security] 20180424 CVE-2018-1000200 (Linux): Bad memory access on oom kill of large mlocked process", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2018/q2/67" - }, - { - "name" : "https://access.redhat.com/security/cve/cve-2018-1000200", - "refsource" : "CONFIRM", - "url" : "https://access.redhat.com/security/cve/cve-2018-1000200" - }, - { - "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27ae357fa82be5ab73b2ef8d39dcb8ca2563483a", - "refsource" : "CONFIRM", - "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27ae357fa82be5ab73b2ef8d39dcb8ca2563483a" - }, - { - "name" : "RHSA-2018:2948", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2948" - }, - { - "name" : "USN-3752-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3752-1/" - }, - { - "name" : "USN-3752-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3752-2/" - }, - { - "name" : "USN-3752-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3752-3/" - }, - { - "name" : "104397", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104397" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked vmas.This can happen synchronously with the oom reaper's unmap_page_range() since the vma's VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are mlocked)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3752-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3752-2/" + }, + { + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27ae357fa82be5ab73b2ef8d39dcb8ca2563483a", + "refsource": "CONFIRM", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27ae357fa82be5ab73b2ef8d39dcb8ca2563483a" + }, + { + "name": "USN-3752-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3752-3/" + }, + { + "name": "https://access.redhat.com/security/cve/cve-2018-1000200", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/security/cve/cve-2018-1000200" + }, + { + "name": "[linux-kernel] 20180424 [patch v3 for-4.17] mm, oom: fix concurrent munlock and oom reaper unmap", + "refsource": "MLIST", + "url": "https://marc.info/?l=linux-kernel&m=152460926619256" + }, + { + "name": "RHSA-2018:2948", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2948" + }, + { + "name": "104397", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104397" + }, + { + "name": "[linux-kernel] 20180417 [patch] mm, oom: fix concurrent munlock and oom reaper unmap", + "refsource": "MLIST", + "url": "https://marc.info/?l=linux-kernel&m=152400522806945" + }, + { + "name": "USN-3752-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3752-1/" + }, + { + "name": "[oss-security] 20180424 CVE-2018-1000200 (Linux): Bad memory access on oom kill of large mlocked process", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2018/q2/67" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000808.json b/2018/1000xxx/CVE-2018-1000808.json index f948967a13e..20ff4b19f3d 100644 --- a/2018/1000xxx/CVE-2018-1000808.json +++ b/2018/1000xxx/CVE-2018-1000808.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-10-05T22:22:07.612676", - "DATE_REQUESTED" : "2018-09-20T17:05:57", - "ID" : "CVE-2018-1000808", - "REQUESTER" : "secure@veritas.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "pyopenssl", - "version" : { - "version_data" : [ - { - "version_value" : "Before 17.5.0" - } - ] - } - } - ] - }, - "vendor_name" : "Python Cryptographic Authority " - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This vulnerability appears to have been fixed in 17.5.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE - 401 : Failure to Release Memory Before Removing Last Reference" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-10-05T22:22:07.612676", + "DATE_REQUESTED": "2018-09-20T17:05:57", + "ID": "CVE-2018-1000808", + "REQUESTER": "secure@veritas.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/pyca/pyopenssl/pull/723", - "refsource" : "CONFIRM", - "url" : "https://github.com/pyca/pyopenssl/pull/723" - }, - { - "name" : "RHSA-2019:0085", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0085" - }, - { - "name" : "USN-3813-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3813-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This vulnerability appears to have been fixed in 17.5.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/pyca/pyopenssl/pull/723", + "refsource": "CONFIRM", + "url": "https://github.com/pyca/pyopenssl/pull/723" + }, + { + "name": "RHSA-2019:0085", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0085" + }, + { + "name": "USN-3813-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3813-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12141.json b/2018/12xxx/CVE-2018-12141.json index c31c22868d7..2bbc95965e7 100644 --- a/2018/12xxx/CVE-2018-12141.json +++ b/2018/12xxx/CVE-2018-12141.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12141", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12141", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12347.json b/2018/12xxx/CVE-2018-12347.json index 24fda48c87c..f1a5ceade7f 100644 --- a/2018/12xxx/CVE-2018-12347.json +++ b/2018/12xxx/CVE-2018-12347.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12347", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12347", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12592.json b/2018/12xxx/CVE-2018-12592.json index 487afd13db3..a47818a9cfe 100644 --- a/2018/12xxx/CVE-2018-12592.json +++ b/2018/12xxx/CVE-2018-12592.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the user has explicitly chosen to turn off the video using a specific option). During those seconds, a meeting invitee may unknowingly be on camera with other participants able to view." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-vulnerability-on-polycom-realpresence-web-suite-v-1-0.pdf", - "refsource" : "CONFIRM", - "url" : "https://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-vulnerability-on-polycom-realpresence-web-suite-v-1-0.pdf" - }, - { - "name" : "104524", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the user has explicitly chosen to turn off the video using a specific option). During those seconds, a meeting invitee may unknowingly be on camera with other participants able to view." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104524", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104524" + }, + { + "name": "https://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-vulnerability-on-polycom-realpresence-web-suite-v-1-0.pdf", + "refsource": "CONFIRM", + "url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-vulnerability-on-polycom-realpresence-web-suite-v-1-0.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16177.json b/2018/16xxx/CVE-2018-16177.json index 9c72d7340a5..063f71c6b26 100644 --- a/2018/16xxx/CVE-2018-16177.json +++ b/2018/16xxx/CVE-2018-16177.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-16177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "The installer of Windows10 Fall Creators Update Modify module for Security Measures tool", - "version" : { - "version_data" : [ - { - "version_value" : "Windows10 Fall Creators Update Modify module for Security Measures tool" - } - ] - } - } - ] - }, - "vendor_name" : "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in The installer of Windows10 Fall Creators Update Modify module for Security Measures tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "The installer of Windows10 Fall Creators Update Modify module for Security Measures tool", + "version": { + "version_data": [ + { + "version_value": "Windows10 Fall Creators Update Modify module for Security Measures tool" + } + ] + } + } + ] + }, + "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://f-security.jp/v6/support/information/100193.html", - "refsource" : "MISC", - "url" : "https://f-security.jp/v6/support/information/100193.html" - }, - { - "name" : "JVN#15709478", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN15709478/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in The installer of Windows10 Fall Creators Update Modify module for Security Measures tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://f-security.jp/v6/support/information/100193.html", + "refsource": "MISC", + "url": "https://f-security.jp/v6/support/information/100193.html" + }, + { + "name": "JVN#15709478", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN15709478/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16332.json b/2018/16xxx/CVE-2018-16332.json index 8904e8f2575..2ddffdba82f 100644 --- a/2018/16xxx/CVE-2018-16332.json +++ b/2018/16xxx/CVE-2018-16332.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16332", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16332", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/idreamsoft/iCMS/issues/31", - "refsource" : "MISC", - "url" : "https://github.com/idreamsoft/iCMS/issues/31" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/idreamsoft/iCMS/issues/31", + "refsource": "MISC", + "url": "https://github.com/idreamsoft/iCMS/issues/31" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16560.json b/2018/16xxx/CVE-2018-16560.json index 65022545ec9..60382aea91b 100644 --- a/2018/16xxx/CVE-2018-16560.json +++ b/2018/16xxx/CVE-2018-16560.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16560", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16560", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16890.json b/2018/16xxx/CVE-2018-16890.json index 7fc1a6acd6a..656c636eec4 100644 --- a/2018/16xxx/CVE-2018-16890.json +++ b/2018/16xxx/CVE-2018-16890.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psampaio@redhat.com", - "ID" : "CVE-2018-16890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "curl", - "version" : { - "version_data" : [ - { - "version_value" : "7.64.0" - } - ] - } - } - ] - }, - "vendor_name" : "The curl Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.4/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-16890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "curl", + "version": { + "version_data": [ + { + "version_value": "7.64.0" + } + ] + } + } + ] + }, + "vendor_name": "The curl Project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://curl.haxx.se/docs/CVE-2018-16890.html", - "refsource" : "MISC", - "url" : "https://curl.haxx.se/docs/CVE-2018-16890.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190315-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190315-0001/" - }, - { - "name" : "DSA-4386", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4386" - }, - { - "name" : "USN-3882-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3882-1/" - }, - { - "name" : "106947", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106947" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.4/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4386", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4386" + }, + { + "name": "106947", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106947" + }, + { + "name": "https://curl.haxx.se/docs/CVE-2018-16890.html", + "refsource": "MISC", + "url": "https://curl.haxx.se/docs/CVE-2018-16890.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190315-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190315-0001/" + }, + { + "name": "USN-3882-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3882-1/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4142.json b/2018/4xxx/CVE-2018-4142.json index d3a59efab5d..d0a0d2be727 100644 --- a/2018/4xxx/CVE-2018-4142.json +++ b/2018/4xxx/CVE-2018-4142.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"CoreText\" component. It allows remote attackers to cause a denial of service (application crash) via a crafted string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208692", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208692" - }, - { - "name" : "https://support.apple.com/HT208693", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208693" - }, - { - "name" : "https://support.apple.com/HT208696", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208696" - }, - { - "name" : "https://support.apple.com/HT208698", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208698" - }, - { - "name" : "1040604", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040604" - }, - { - "name" : "1040608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"CoreText\" component. It allows remote attackers to cause a denial of service (application crash) via a crafted string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208692", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208692" + }, + { + "name": "1040604", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040604" + }, + { + "name": "https://support.apple.com/HT208698", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208698" + }, + { + "name": "https://support.apple.com/HT208696", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208696" + }, + { + "name": "https://support.apple.com/HT208693", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208693" + }, + { + "name": "1040608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040608" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4262.json b/2018/4xxx/CVE-2018-4262.json index 48f793804ae..564b0fe4f18 100644 --- a/2018/4xxx/CVE-2018-4262.json +++ b/2018/4xxx/CVE-2018-4262.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208934,", - "refsource" : "MISC", - "url" : "https://support.apple.com/HT208934," - }, - { - "name" : "https://support.apple.com/HT208938,", - "refsource" : "MISC", - "url" : "https://support.apple.com/HT208938," - }, - { - "name" : "https://support.apple.com/HT208935", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208935" - }, - { - "name" : "GLSA-201808-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201808-04" - }, - { - "name" : "USN-3743-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3743-1/" - }, - { - "name" : "1041232", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041232" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208934,", + "refsource": "MISC", + "url": "https://support.apple.com/HT208934," + }, + { + "name": "USN-3743-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3743-1/" + }, + { + "name": "GLSA-201808-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201808-04" + }, + { + "name": "https://support.apple.com/HT208935", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208935" + }, + { + "name": "https://support.apple.com/HT208938,", + "refsource": "MISC", + "url": "https://support.apple.com/HT208938," + }, + { + "name": "1041232", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041232" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4955.json b/2018/4xxx/CVE-2018-4955.json index c546ae8f0ff..25ef728a1b3 100644 --- a/2018/4xxx/CVE-2018-4955.json +++ b/2018/4xxx/CVE-2018-4955.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" - }, - { - "name" : "104175", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104175" - }, - { - "name" : "1040920", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" + }, + { + "name": "1040920", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040920" + }, + { + "name": "104175", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104175" + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8938.json b/2019/8xxx/CVE-2019-8938.json index ce9104a2674..e53330288f5 100644 --- a/2019/8xxx/CVE-2019-8938.json +++ b/2019/8xxx/CVE-2019-8938.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-8938", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151800/VertrigoServ-2.17-Cross-Site-Scripting.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151800/VertrigoServ-2.17-Cross-Site-Scripting.html" + }, + { + "url": "http://seclists.org/fulldisclosure/2019/Feb/47", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/Feb/47" + }, + { + "refsource": "MISC", + "name": "https://sourceforge.net/p/vertrigo/news/", + "url": "https://sourceforge.net/p/vertrigo/news/" } ] }