From 08f25bf362543f107bc1d1cc5ba33a89a2ec87fa Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:25:59 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0107.json | 130 +- 2001/0xxx/CVE-2001-0497.json | 140 +-- 2001/0xxx/CVE-2001-0642.json | 130 +- 2008/0xxx/CVE-2008-0038.json | 180 +-- 2008/0xxx/CVE-2008-0248.json | 170 +-- 2008/0xxx/CVE-2008-0625.json | 170 +-- 2008/1xxx/CVE-2008-1124.json | 130 +- 2008/1xxx/CVE-2008-1428.json | 140 +-- 2008/1xxx/CVE-2008-1447.json | 2110 ++++++++++++++++---------------- 2008/5xxx/CVE-2008-5400.json | 190 +-- 2008/5xxx/CVE-2008-5531.json | 150 +-- 2013/0xxx/CVE-2013-0027.json | 140 +-- 2013/0xxx/CVE-2013-0428.json | 410 +++---- 2013/0xxx/CVE-2013-0802.json | 34 +- 2013/0xxx/CVE-2013-0938.json | 120 +- 2013/1xxx/CVE-2013-1740.json | 280 ++--- 2013/1xxx/CVE-2013-1842.json | 190 +-- 2013/3xxx/CVE-2013-3093.json | 34 +- 2013/3xxx/CVE-2013-3306.json | 34 +- 2013/3xxx/CVE-2013-3749.json | 180 +-- 2013/3xxx/CVE-2013-3839.json | 230 ++-- 2013/3xxx/CVE-2013-3896.json | 150 +-- 2013/4xxx/CVE-2013-4200.json | 160 +-- 2013/4xxx/CVE-2013-4428.json | 200 +-- 2013/4xxx/CVE-2013-4755.json | 34 +- 2013/4xxx/CVE-2013-4872.json | 130 +- 2017/10xxx/CVE-2017-10024.json | 142 +-- 2017/12xxx/CVE-2017-12029.json | 34 +- 2017/12xxx/CVE-2017-12098.json | 130 +- 2017/12xxx/CVE-2017-12589.json | 130 +- 2017/12xxx/CVE-2017-12795.json | 34 +- 2017/12xxx/CVE-2017-12806.json | 34 +- 2017/12xxx/CVE-2017-12960.json | 130 +- 2017/13xxx/CVE-2017-13135.json | 130 +- 2017/13xxx/CVE-2017-13438.json | 34 +- 2017/13xxx/CVE-2017-13534.json | 34 +- 2017/13xxx/CVE-2017-13541.json | 34 +- 2017/16xxx/CVE-2017-16730.json | 34 +- 2017/16xxx/CVE-2017-16968.json | 34 +- 2017/17xxx/CVE-2017-17081.json | 150 +-- 2017/17xxx/CVE-2017-17781.json | 34 +- 2017/17xxx/CVE-2017-17997.json | 160 +-- 2018/18xxx/CVE-2018-18050.json | 34 +- 2018/18xxx/CVE-2018-18143.json | 34 +- 2018/18xxx/CVE-2018-18410.json | 34 +- 2018/18xxx/CVE-2018-18432.json | 130 +- 2018/18xxx/CVE-2018-18825.json | 120 +- 2018/19xxx/CVE-2018-19757.json | 120 +- 2018/1xxx/CVE-2018-1283.json | 232 ++-- 2018/1xxx/CVE-2018-1497.json | 34 +- 2018/1xxx/CVE-2018-1518.json | 172 +-- 2018/1xxx/CVE-2018-1786.json | 188 +-- 2018/1xxx/CVE-2018-1836.json | 34 +- 2018/5xxx/CVE-2018-5114.json | 162 +-- 2018/5xxx/CVE-2018-5254.json | 120 +- 2018/5xxx/CVE-2018-5352.json | 34 +- 2018/5xxx/CVE-2018-5623.json | 34 +- 2018/5xxx/CVE-2018-5869.json | 130 +- 58 files changed, 4428 insertions(+), 4428 deletions(-) diff --git a/2001/0xxx/CVE-2001-0107.json b/2001/0xxx/CVE-2001-0107.json index 12f3f1a4d2a..813c7bb40e2 100644 --- a/2001/0xxx/CVE-2001-0107.json +++ b/2001/0xxx/CVE-2001-0107.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0107", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Veritas Backup agent on Linux allows remote attackers to cause a denial of service by establishing a connection without sending any data, which causes the process to hang." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010115 Veritas BackupExec (remote DoS)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97958921407182&w=2" - }, - { - "name" : "2204", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Veritas Backup agent on Linux allows remote attackers to cause a denial of service by establishing a connection without sending any data, which causes the process to hang." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010115 Veritas BackupExec (remote DoS)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97958921407182&w=2" + }, + { + "name": "2204", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2204" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0497.json b/2001/0xxx/CVE-2001-0497.json index 9c545e77d13..a6b4bcefc08 100644 --- a/2001/0xxx/CVE-2001-0497.json +++ b/2001/0xxx/CVE-2001-0497.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0497", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010611 BIND Inadvertent Local Exposure of HMAC-MD5 (TSIG) Keys", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/alerts/advise78.php" - }, - { - "name" : "bind-local-key-exposure(6694)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6694" - }, - { - "name" : "5609", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bind-local-key-exposure(6694)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6694" + }, + { + "name": "5609", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5609" + }, + { + "name": "20010611 BIND Inadvertent Local Exposure of HMAC-MD5 (TSIG) Keys", + "refsource": "ISS", + "url": "http://xforce.iss.net/alerts/advise78.php" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0642.json b/2001/0xxx/CVE-2001-0642.json index 1afac4142c8..94ed2bf5dac 100644 --- a/2001/0xxx/CVE-2001-0642.json +++ b/2001/0xxx/CVE-2001-0642.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in IncrediMail version 1400185 and earlier allows local users to overwrite files on the local hard drive by appending .. (dot dot) sequences to filenames listed in the content.ini file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010511 [eyeonsecurity.net] Incredimail allows automatic over writing offiles on your hard disk", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-05/0078.html" - }, - { - "name" : "incredimail-dot-overwrite-files(6529)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in IncrediMail version 1400185 and earlier allows local users to overwrite files on the local hard drive by appending .. (dot dot) sequences to filenames listed in the content.ini file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010511 [eyeonsecurity.net] Incredimail allows automatic over writing offiles on your hard disk", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0078.html" + }, + { + "name": "incredimail-dot-overwrite-files(6529)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6529" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0038.json b/2008/0xxx/CVE-2008-0038.json index 99c74cb685b..4af7a17b279 100644 --- a/2008/0xxx/CVE-2008-0038.json +++ b/2008/0xxx/CVE-2008-0038.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=307430", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307430" - }, - { - "name" : "APPLE-SA-2008-02-11", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html" - }, - { - "name" : "TA08-043B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-043B.html" - }, - { - "name" : "27736", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27736" - }, - { - "name" : "ADV-2008-0495", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0495/references" - }, - { - "name" : "1019360", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019360" - }, - { - "name" : "28891", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28891" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://docs.info.apple.com/article.html?artnum=307430", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307430" + }, + { + "name": "28891", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28891" + }, + { + "name": "ADV-2008-0495", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0495/references" + }, + { + "name": "27736", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27736" + }, + { + "name": "TA08-043B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html" + }, + { + "name": "1019360", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019360" + }, + { + "name": "APPLE-SA-2008-02-11", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0248.json b/2008/0xxx/CVE-2008-0248.json index cb335ef3956..3da835595d9 100644 --- a/2008/0xxx/CVE-2008-0248.json +++ b/2008/0xxx/CVE-2008-0248.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0248", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in an ActiveX control in ccpm_0237.dll for StreamAudio ChainCast ProxyManager allows remote attackers to execute arbitrary code via a long URL argument to the InternalTuneIn method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080111 StreamAudio ChainCast ProxyManager ccpm_0237.dll Buffer Overflow", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059572.html" - }, - { - "name" : "4894", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4894" - }, - { - "name" : "27247", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27247" - }, - { - "name" : "ADV-2008-0133", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0133" - }, - { - "name" : "28461", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28461" - }, - { - "name" : "streamaudio-chaincastproxymanager-bo(39622)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in an ActiveX control in ccpm_0237.dll for StreamAudio ChainCast ProxyManager allows remote attackers to execute arbitrary code via a long URL argument to the InternalTuneIn method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "streamaudio-chaincastproxymanager-bo(39622)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39622" + }, + { + "name": "4894", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4894" + }, + { + "name": "20080111 StreamAudio ChainCast ProxyManager ccpm_0237.dll Buffer Overflow", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059572.html" + }, + { + "name": "ADV-2008-0133", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0133" + }, + { + "name": "28461", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28461" + }, + { + "name": "27247", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27247" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0625.json b/2008/0xxx/CVE-2008-0625.json index 1a018685353..32628623cee 100644 --- a/2008/0xxx/CVE-2008-0625.json +++ b/2008/0xxx/CVE-2008-0625.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the MediaGrid ActiveX control (mediagrid.dll) in Yahoo! Music Jukebox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddBitmap method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5052", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5052" - }, - { - "name" : "VU#340860", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/340860" - }, - { - "name" : "27578", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27578" - }, - { - "name" : "ADV-2008-0396", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0396/references" - }, - { - "name" : "1019298", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019298" - }, - { - "name" : "28757", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the MediaGrid ActiveX control (mediagrid.dll) in Yahoo! Music Jukebox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddBitmap method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#340860", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/340860" + }, + { + "name": "27578", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27578" + }, + { + "name": "5052", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5052" + }, + { + "name": "28757", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28757" + }, + { + "name": "1019298", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019298" + }, + { + "name": "ADV-2008-0396", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0396/references" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1124.json b/2008/1xxx/CVE-2008-1124.json index ddf17c54537..20dc0cf648f 100644 --- a/2008/1xxx/CVE-2008-1124.json +++ b/2008/1xxx/CVE-2008-1124.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absoluteurl parameter to (1) components/xmlparser/loadparser.php; (2) admin.php, (3) categories.php, (4) categories_add.php, (5) categories_remove.php, (6) edit.php, (7) editdel.php, (8) ftpfeature.php, (9) login.php, (10) pgRSSnews.php, (11) showcat.php, and (12) upload.php in core/admin/; and (13) archive_cat.php, (14) archive_nocat.php, and (15) recent_list.php in core/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5200", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5200" - }, - { - "name" : "28038", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absoluteurl parameter to (1) components/xmlparser/loadparser.php; (2) admin.php, (3) categories.php, (4) categories_add.php, (5) categories_remove.php, (6) edit.php, (7) editdel.php, (8) ftpfeature.php, (9) login.php, (10) pgRSSnews.php, (11) showcat.php, and (12) upload.php in core/admin/; and (13) archive_cat.php, (14) archive_nocat.php, and (15) recent_list.php in core/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28038", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28038" + }, + { + "name": "5200", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5200" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1428.json b/2008/1xxx/CVE-2008-1428.json index 1df322df3e1..e7b975707ac 100644 --- a/2008/1xxx/CVE-2008-1428.json +++ b/2008/1xxx/CVE-2008-1428.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-beta7 module for Drupal allow remote attackers to inject arbitrary web script or HTML via a text attribute value for a product." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/233492", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/233492" - }, - { - "name" : "ADV-2008-0867", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0867/references" - }, - { - "name" : "ubercart-attribute-xss(41184)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-beta7 module for Drupal allow remote attackers to inject arbitrary web script or HTML via a text attribute value for a product." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/233492", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/233492" + }, + { + "name": "ADV-2008-0867", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0867/references" + }, + { + "name": "ubercart-attribute-xss(41184)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41184" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1447.json b/2008/1xxx/CVE-2008-1447.json index 108bd1fcd08..4772460784f 100644 --- a/2008/1xxx/CVE-2008-1447.json +++ b/2008/1xxx/CVE-2008-1447.json @@ -1,1057 +1,1057 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka \"DNS Insufficient Socket Entropy Vulnerability\" or \"the Kaminsky bug.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-1447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495869/100/0/threaded" - }, - { - "name" : "20080808 New paper: An Illustrated Guide to the Kaminsky DNS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495289/100/0/threaded" - }, - { - "name" : "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html" - }, - { - "name" : "6122", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6122" - }, - { - "name" : "6123", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6123" - }, - { - "name" : "6130", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6130" - }, - { - "name" : "http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html", - "refsource" : "MISC", - "url" : "http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html" - }, - { - "name" : "http://www.caughq.org/exploits/CAU-EX-2008-0003.txt", - "refsource" : "MISC", - "url" : "http://www.caughq.org/exploits/CAU-EX-2008-0003.txt" - }, - { - "name" : "http://www.doxpara.com/?p=1176", - "refsource" : "MISC", - "url" : "http://www.doxpara.com/?p=1176" - }, - { - "name" : "http://www.doxpara.com/DMK_BO2K8.ppt", - "refsource" : "MISC", - "url" : "http://www.doxpara.com/DMK_BO2K8.ppt" - }, - { - "name" : "http://www.nominum.com/asset_upload_file741_2661.pdf", - "refsource" : "MISC", - "url" : "http://www.nominum.com/asset_upload_file741_2661.pdf" - }, - { - "name" : "http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html", - "refsource" : "MISC", - "url" : "http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html" - }, - { - "name" : "http://www.caughq.org/exploits/CAU-EX-2008-0002.txt", - "refsource" : "MISC", - "url" : "http://www.caughq.org/exploits/CAU-EX-2008-0002.txt" - }, - { - "name" : "http://www.isc.org/index.pl?/sw/bind/bind-security.php", - "refsource" : "CONFIRM", - "url" : "http://www.isc.org/index.pl?/sw/bind/bind-security.php" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/MIMG-7DWR4J", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/MIMG-7DWR4J" - }, - { - "name" : "http://www.bluecoat.com/support/security-advisories/dns_cache_poisoning", - "refsource" : "CONFIRM", - "url" : "http://www.bluecoat.com/support/security-advisories/dns_cache_poisoning" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0231", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0231" - }, - { - "name" : "http://support.citrix.com/article/CTX117991", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX117991" - }, - { - "name" : "http://www.ipcop.org/index.php?name=News&file=article&sid=40", - "refsource" : "CONFIRM", - "url" : "http://www.ipcop.org/index.php?name=News&file=article&sid=40" - }, - { - "name" : "http://up2date.astaro.com/2008/08/up2date_7202_released.html", - "refsource" : "CONFIRM", - "url" : "http://up2date.astaro.com/2008/08/up2date_7202_released.html" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401" - }, - { - "name" : "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", - "refsource" : "CONFIRM", - "url" : "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/" - }, - { - "name" : "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU800113.html", - "refsource" : "CONFIRM", - "url" : "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU800113.html" - }, - { - "name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=762152", - "refsource" : "CONFIRM", - "url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=762152" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0014.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0014.html" - }, - { - "name" : "http://support.apple.com/kb/HT3129", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3129" - }, - { - "name" : "http://www.phys.uu.nl/~rombouts/pdnsd.html", - "refsource" : "CONFIRM", - "url" : "http://www.phys.uu.nl/~rombouts/pdnsd.html" - }, - { - "name" : "http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog" - }, - { - "name" : "http://support.apple.com/kb/HT3026", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3026" - }, - { - "name" : "http://support.citrix.com/article/CTX118183", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX118183" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/MIMG-7ECL8Q", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/MIMG-7ECL8Q" - }, - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=7000912", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=7000912" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018" - }, - { - "name" : "IZ26667", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ26667" - }, - { - "name" : "IZ26668", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ26668" - }, - { - "name" : "IZ26669", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ26669" - }, - { - "name" : "IZ26670", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ26670" - }, - { - "name" : "IZ26671", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ26671" - }, - { - "name" : "IZ26672", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ26672" - }, - { - "name" : "APPLE-SA-2008-07-31", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html" - }, - { - "name" : "APPLE-SA-2008-09-09", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html" - }, - { - "name" : "APPLE-SA-2008-09-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html" - }, - { - "name" : "APPLE-SA-2008-09-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" - }, - { - "name" : "20080708 Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a00809c2168.shtml" - }, - { - "name" : "DSA-1603", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1603" - }, - { - "name" : "DSA-1604", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1604" - }, - { - "name" : "DSA-1605", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1605" - }, - { - "name" : "DSA-1619", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1619" - }, - { - "name" : "DSA-1623", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1623" - }, - { - "name" : "FEDORA-2008-6256", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00402.html" - }, - { - "name" : "FEDORA-2008-6281", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00458.html" - }, - { - "name" : "FreeBSD-SA-08:06", - "refsource" : "FREEBSD", - "url" : "http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc" - }, - { - "name" : "GLSA-200807-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200807-08.xml" - }, - { - "name" : "GLSA-200812-17", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200812-17.xml" - }, - { - "name" : "GLSA-201209-25", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-25.xml" - }, - { - "name" : "HPSBUX02351", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121630706004256&w=2" - }, - { - "name" : "SSRT080058", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121630706004256&w=2" - }, - { - "name" : "HPSBOV02357", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01523520" - }, - { - "name" : "HPSBTU02358", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121866517322103&w=2" - }, - { - "name" : "HPSBMP02404", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=123324863916385&w=2" - }, - { - "name" : "SSRT090014", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=123324863916385&w=2" - }, - { - "name" : "HPSBNS02405", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01662368" - }, - { - "name" : "SSRT071449", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01662368" - }, - { - "name" : "HPSBOV03226", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141879471518471&w=2" - }, - { - "name" : "SSRT101004", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141879471518471&w=2" - }, - { - "name" : "MDVSA-2008:139", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:139" - }, - { - "name" : "MS08-037", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-037" - }, - { - "name" : "NetBSD-SA2008-009", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-009.txt.asc" - }, - { - "name" : "[4.2] 013: SECURITY FIX: July 23, 2008", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata42.html#013_bind" - }, - { - "name" : "[4.3] 004: SECURITY FIX: July 23, 2008", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata43.html#004_bind" - }, - { - "name" : "RHSA-2008:0533", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-0533.html" - }, - { - "name" : "RHSA-2008:0789", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0789.html" - }, - { - "name" : "SSA:2008-205-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.452680" - }, - { - "name" : "SSA:2008-191", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.539239" - }, - { - "name" : "239392", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239392-1" - }, - { - "name" : "240048", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240048-1" - }, - { - "name" : "SUSE-SA:2008:033", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00003.html" - }, - { - "name" : "SUSE-SR:2008:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" - }, - { - "name" : "USN-622-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-622-1" - }, - { - "name" : "USN-627-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-627-1" - }, - { - "name" : "TA08-190B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-190B.html" - }, - { - "name" : "TA08-190A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-190A.html" - }, - { - "name" : "TA08-260A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" - }, - { - "name" : "VU#800113", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/800113" - }, - { - "name" : "30131", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30131" - }, - { - "name" : "oval:org.mitre.oval:def:5725", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5725" - }, - { - "name" : "oval:org.mitre.oval:def:5761", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5761" - }, - { - "name" : "oval:org.mitre.oval:def:5917", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5917" - }, - { - "name" : "oval:org.mitre.oval:def:9627", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9627" - }, - { - "name" : "oval:org.mitre.oval:def:12117", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12117" - }, - { - "name" : "ADV-2008-2019", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2019/references" - }, - { - "name" : "ADV-2008-2023", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2023/references" - }, - { - "name" : "ADV-2008-2025", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2025/references" - }, - { - "name" : "ADV-2008-2029", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2029/references" - }, - { - "name" : "ADV-2008-2030", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2030/references" - }, - { - "name" : "ADV-2008-2113", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2113/references" - }, - { - "name" : "ADV-2008-2114", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2114/references" - }, - { - "name" : "ADV-2008-2123", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2123/references" - }, - { - "name" : "ADV-2008-2139", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2139/references" - }, - { - "name" : "ADV-2008-2166", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2166/references" - }, - { - "name" : "ADV-2008-2195", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2195/references" - }, - { - "name" : "ADV-2008-2196", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2196/references" - }, - { - "name" : "ADV-2008-2197", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2197/references" - }, - { - "name" : "ADV-2008-2268", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2268" - }, - { - "name" : "ADV-2008-2291", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2291" - }, - { - "name" : "ADV-2008-2342", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2342" - }, - { - "name" : "ADV-2008-2466", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2466" - }, - { - "name" : "ADV-2008-2467", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2467" - }, - { - "name" : "ADV-2008-2558", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2558" - }, - { - "name" : "ADV-2008-2584", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2584" - }, - { - "name" : "ADV-2008-2525", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2525" - }, - { - "name" : "ADV-2008-2582", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2582" - }, - { - "name" : "ADV-2008-2549", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2549" - }, - { - "name" : "ADV-2008-2050", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2050/references" - }, - { - "name" : "ADV-2008-2051", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2051/references" - }, - { - "name" : "ADV-2008-2052", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2052/references" - }, - { - "name" : "ADV-2008-2055", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2055/references" - }, - { - "name" : "ADV-2008-2092", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2092/references" - }, - { - "name" : "ADV-2008-2384", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2384" - }, - { - "name" : "ADV-2008-2482", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2482" - }, - { - "name" : "ADV-2008-2334", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2334" - }, - { - "name" : "ADV-2008-2377", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2377" - }, - { - "name" : "ADV-2008-2383", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2383" - }, - { - "name" : "ADV-2009-0297", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0297" - }, - { - "name" : "ADV-2009-0311", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0311" - }, - { - "name" : "1020438", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020438" - }, - { - "name" : "1020440", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020440" - }, - { - "name" : "1020437", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020437" - }, - { - "name" : "1020558", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020558" - }, - { - "name" : "1020560", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020560" - }, - { - "name" : "1020561", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020561" - }, - { - "name" : "1020575", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020575" - }, - { - "name" : "1020576", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020576" - }, - { - "name" : "1020577", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020577" - }, - { - "name" : "1020578", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020578" - }, - { - "name" : "1020579", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020579" - }, - { - "name" : "1020802", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020802" - }, - { - "name" : "1020651", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020651" - }, - { - "name" : "1020653", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020653" - }, - { - "name" : "1020448", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020448" - }, - { - "name" : "1020449", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020449" - }, - { - "name" : "1020548", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020548" - }, - { - "name" : "1020702", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020702" - }, - { - "name" : "1020804", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020804" - }, - { - "name" : "31019", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31019" - }, - { - "name" : "30925", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30925" - }, - { - "name" : "30973", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30973" - }, - { - "name" : "30977", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30977" - }, - { - "name" : "30979", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30979" - }, - { - "name" : "30980", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30980" - }, - { - "name" : "30988", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30988" - }, - { - "name" : "30989", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30989" - }, - { - "name" : "30998", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30998" - }, - { - "name" : "31011", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31011" - }, - { - "name" : "31014", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31014" - }, - { - "name" : "31031", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31031" - }, - { - "name" : "31052", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31052" - }, - { - "name" : "31033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31033" - }, - { - "name" : "31094", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31094" - }, - { - "name" : "31072", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31072" - }, - { - "name" : "31093", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31093" - }, - { - "name" : "31143", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31143" - }, - { - "name" : "31137", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31137" - }, - { - "name" : "31151", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31151" - }, - { - "name" : "31152", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31152" - }, - { - "name" : "31153", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31153" - }, - { - "name" : "31169", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31169" - }, - { - "name" : "31209", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31209" - }, - { - "name" : "31212", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31212" - }, - { - "name" : "31199", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31199" - }, - { - "name" : "31197", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31197" - }, - { - "name" : "31213", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31213" - }, - { - "name" : "31221", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31221" - }, - { - "name" : "31207", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31207" - }, - { - "name" : "31236", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31236" - }, - { - "name" : "31254", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31254" - }, - { - "name" : "31204", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31204" - }, - { - "name" : "31326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31326" - }, - { - "name" : "31237", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31237" - }, - { - "name" : "31354", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31354" - }, - { - "name" : "31451", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31451" - }, - { - "name" : "31588", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31588" - }, - { - "name" : "31687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31687" - }, - { - "name" : "31900", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31900" - }, - { - "name" : "31882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31882" - }, - { - "name" : "31823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31823" - }, - { - "name" : "31422", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31422" - }, - { - "name" : "31012", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31012" - }, - { - "name" : "31022", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31022" - }, - { - "name" : "31030", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31030" - }, - { - "name" : "31065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31065" - }, - { - "name" : "33178", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33178" - }, - { - "name" : "31430", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31430" - }, - { - "name" : "31482", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31482" - }, - { - "name" : "31495", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31495" - }, - { - "name" : "33714", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33714" - }, - { - "name" : "33786", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33786" - }, - { - "name" : "ADV-2010-0622", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0622" - }, - { - "name" : "win-dns-client-server-spoofing(43334)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43334" - }, - { - "name" : "cisco-multiple-dns-cache-poisoning(43637)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43637" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka \"DNS Insufficient Socket Entropy Vulnerability\" or \"the Kaminsky bug.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1020438", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020438" + }, + { + "name": "FEDORA-2008-6256", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00402.html" + }, + { + "name": "SUSE-SR:2008:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" + }, + { + "name": "VU#800113", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/800113" + }, + { + "name": "31137", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31137" + }, + { + "name": "31430", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31430" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MIMG-7DWR4J", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/MIMG-7DWR4J" + }, + { + "name": "31169", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31169" + }, + { + "name": "http://www.phys.uu.nl/~rombouts/pdnsd.html", + "refsource": "CONFIRM", + "url": "http://www.phys.uu.nl/~rombouts/pdnsd.html" + }, + { + "name": "1020702", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020702" + }, + { + "name": "GLSA-201209-25", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml" + }, + { + "name": "ADV-2008-2052", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2052/references" + }, + { + "name": "1020561", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020561" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html" + }, + { + "name": "HPSBOV03226", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141879471518471&w=2" + }, + { + "name": "1020578", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020578" + }, + { + "name": "FreeBSD-SA-08:06", + "refsource": "FREEBSD", + "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc" + }, + { + "name": "oval:org.mitre.oval:def:9627", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9627" + }, + { + "name": "1020802", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020802" + }, + { + "name": "HPSBMP02404", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=123324863916385&w=2" + }, + { + "name": "30131", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30131" + }, + { + "name": "[4.2] 013: SECURITY FIX: July 23, 2008", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata42.html#013_bind" + }, + { + "name": "31236", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31236" + }, + { + "name": "APPLE-SA-2008-09-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" + }, + { + "name": "1020651", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020651" + }, + { + "name": "1020437", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020437" + }, + { + "name": "31209", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31209" + }, + { + "name": "31012", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31012" + }, + { + "name": "31151", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31151" + }, + { + "name": "ADV-2008-2050", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2050/references" + }, + { + "name": "http://support.citrix.com/article/CTX117991", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX117991" + }, + { + "name": "SSRT101004", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141879471518471&w=2" + }, + { + "name": "31237", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31237" + }, + { + "name": "http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog", + "refsource": "CONFIRM", + "url": "http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog" + }, + { + "name": "APPLE-SA-2008-07-31", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html" + }, + { + "name": "win-dns-client-server-spoofing(43334)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43334" + }, + { + "name": "31495", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31495" + }, + { + "name": "6130", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6130" + }, + { + "name": "20080708 Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809c2168.shtml" + }, + { + "name": "1020579", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020579" + }, + { + "name": "http://www.nominum.com/asset_upload_file741_2661.pdf", + "refsource": "MISC", + "url": "http://www.nominum.com/asset_upload_file741_2661.pdf" + }, + { + "name": "1020653", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020653" + }, + { + "name": "30998", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30998" + }, + { + "name": "DSA-1603", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1603" + }, + { + "name": "ADV-2008-2525", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2525" + }, + { + "name": "SUSE-SA:2008:033", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00003.html" + }, + { + "name": "31094", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31094" + }, + { + "name": "IZ26668", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26668" + }, + { + "name": "31687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31687" + }, + { + "name": "ADV-2008-2025", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2025/references" + }, + { + "name": "239392", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239392-1" + }, + { + "name": "TA08-260A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" + }, + { + "name": "31588", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31588" + }, + { + "name": "31019", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31019" + }, + { + "name": "ADV-2008-2029", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2029/references" + }, + { + "name": "SSRT080058", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121630706004256&w=2" + }, + { + "name": "6123", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6123" + }, + { + "name": "IZ26671", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26671" + }, + { + "name": "FEDORA-2008-6281", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00458.html" + }, + { + "name": "ADV-2008-2268", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2268" + }, + { + "name": "ADV-2009-0297", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0297" + }, + { + "name": "HPSBUX02351", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121630706004256&w=2" + }, + { + "name": "31207", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31207" + }, + { + "name": "31031", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31031" + }, + { + "name": "ADV-2008-2584", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2584" + }, + { + "name": "31451", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31451" + }, + { + "name": "ADV-2008-2051", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2051/references" + }, + { + "name": "30977", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30977" + }, + { + "name": "RHSA-2008:0789", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0789.html" + }, + { + "name": "ADV-2008-2377", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2377" + }, + { + "name": "HPSBNS02405", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01662368" + }, + { + "name": "1020558", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020558" + }, + { + "name": "31221", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31221" + }, + { + "name": "RHSA-2008:0533", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-0533.html" + }, + { + "name": "[4.3] 004: SECURITY FIX: July 23, 2008", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata43.html#004_bind" + }, + { + "name": "1020804", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020804" + }, + { + "name": "31143", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31143" + }, + { + "name": "20080808 New paper: An Illustrated Guide to the Kaminsky DNS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495289/100/0/threaded" + }, + { + "name": "ADV-2008-2195", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2195/references" + }, + { + "name": "ADV-2008-2196", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2196/references" + }, + { + "name": "33714", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33714" + }, + { + "name": "HPSBTU02358", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121866517322103&w=2" + }, + { + "name": "33786", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33786" + }, + { + "name": "1020448", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020448" + }, + { + "name": "31882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31882" + }, + { + "name": "ADV-2008-2384", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2384" + }, + { + "name": "IZ26669", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26669" + }, + { + "name": "http://up2date.astaro.com/2008/08/up2date_7202_released.html", + "refsource": "CONFIRM", + "url": "http://up2date.astaro.com/2008/08/up2date_7202_released.html" + }, + { + "name": "ADV-2008-2123", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2123/references" + }, + { + "name": "http://support.apple.com/kb/HT3026", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3026" + }, + { + "name": "31014", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31014" + }, + { + "name": "30979", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30979" + }, + { + "name": "1020575", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020575" + }, + { + "name": "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", + "refsource": "CONFIRM", + "url": "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/" + }, + { + "name": "ADV-2008-2482", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2482" + }, + { + "name": "IZ26672", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26672" + }, + { + "name": "http://support.apple.com/kb/HT3129", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3129" + }, + { + "name": "DSA-1619", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1619" + }, + { + "name": "ADV-2008-2166", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2166/references" + }, + { + "name": "31072", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31072" + }, + { + "name": "ADV-2008-2139", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2139/references" + }, + { + "name": "oval:org.mitre.oval:def:5761", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5761" + }, + { + "name": "ADV-2008-2092", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2092/references" + }, + { + "name": "31482", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31482" + }, + { + "name": "IZ26670", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26670" + }, + { + "name": "MDVSA-2008:139", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:139" + }, + { + "name": "oval:org.mitre.oval:def:5917", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5917" + }, + { + "name": "30989", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30989" + }, + { + "name": "ADV-2008-2055", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2055/references" + }, + { + "name": "SSRT071449", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01662368" + }, + { + "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=762152", + "refsource": "CONFIRM", + "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=762152" + }, + { + "name": "http://www.ipcop.org/index.php?name=News&file=article&sid=40", + "refsource": "CONFIRM", + "url": "http://www.ipcop.org/index.php?name=News&file=article&sid=40" + }, + { + "name": "31065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31065" + }, + { + "name": "31254", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31254" + }, + { + "name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded" + }, + { + "name": "http://www.doxpara.com/?p=1176", + "refsource": "MISC", + "url": "http://www.doxpara.com/?p=1176" + }, + { + "name": "NetBSD-SA2008-009", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-009.txt.asc" + }, + { + "name": "USN-627-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-627-1" + }, + { + "name": "ADV-2010-0622", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0622" + }, + { + "name": "1020576", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020576" + }, + { + "name": "http://www.isc.org/index.pl?/sw/bind/bind-security.php", + "refsource": "CONFIRM", + "url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php" + }, + { + "name": "HPSBOV02357", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01523520" + }, + { + "name": "31153", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31153" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0231", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0231" + }, + { + "name": "ADV-2008-2549", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2549" + }, + { + "name": "IZ26667", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26667" + }, + { + "name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU800113.html", + "refsource": "CONFIRM", + "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU800113.html" + }, + { + "name": "31213", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31213" + }, + { + "name": "31030", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31030" + }, + { + "name": "USN-622-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-622-1" + }, + { + "name": "31033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31033" + }, + { + "name": "http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html", + "refsource": "MISC", + "url": "http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html" + }, + { + "name": "1020440", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020440" + }, + { + "name": "APPLE-SA-2008-09-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html" + }, + { + "name": "http://www.doxpara.com/DMK_BO2K8.ppt", + "refsource": "MISC", + "url": "http://www.doxpara.com/DMK_BO2K8.ppt" + }, + { + "name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html" + }, + { + "name": "DSA-1604", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1604" + }, + { + "name": "31823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31823" + }, + { + "name": "31326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31326" + }, + { + "name": "ADV-2008-2558", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2558" + }, + { + "name": "6122", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6122" + }, + { + "name": "oval:org.mitre.oval:def:5725", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5725" + }, + { + "name": "http://www.caughq.org/exploits/CAU-EX-2008-0003.txt", + "refsource": "MISC", + "url": "http://www.caughq.org/exploits/CAU-EX-2008-0003.txt" + }, + { + "name": "cisco-multiple-dns-cache-poisoning(43637)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43637" + }, + { + "name": "ADV-2008-2383", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2383" + }, + { + "name": "1020560", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020560" + }, + { + "name": "31900", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31900" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MIMG-7ECL8Q", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/MIMG-7ECL8Q" + }, + { + "name": "http://support.citrix.com/article/CTX118183", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX118183" + }, + { + "name": "30925", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30925" + }, + { + "name": "ADV-2009-0311", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0311" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018" + }, + { + "name": "DSA-1623", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1623" + }, + { + "name": "ADV-2008-2582", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2582" + }, + { + "name": "http://www.caughq.org/exploits/CAU-EX-2008-0002.txt", + "refsource": "MISC", + "url": "http://www.caughq.org/exploits/CAU-EX-2008-0002.txt" + }, + { + "name": "DSA-1605", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1605" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=7000912", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=7000912" + }, + { + "name": "http://www.bluecoat.com/support/security-advisories/dns_cache_poisoning", + "refsource": "CONFIRM", + "url": "http://www.bluecoat.com/support/security-advisories/dns_cache_poisoning" + }, + { + "name": "ADV-2008-2342", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2342" + }, + { + "name": "ADV-2008-2114", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2114/references" + }, + { + "name": "30973", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30973" + }, + { + "name": "31204", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31204" + }, + { + "name": "31354", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31354" + }, + { + "name": "GLSA-200812-17", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml" + }, + { + "name": "oval:org.mitre.oval:def:12117", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12117" + }, + { + "name": "33178", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33178" + }, + { + "name": "30988", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30988" + }, + { + "name": "APPLE-SA-2008-09-09", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html" + }, + { + "name": "31011", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31011" + }, + { + "name": "http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html", + "refsource": "MISC", + "url": "http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html" + }, + { + "name": "ADV-2008-2334", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2334" + }, + { + "name": "1020577", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020577" + }, + { + "name": "31422", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31422" + }, + { + "name": "31197", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31197" + }, + { + "name": "1020548", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020548" + }, + { + "name": "ADV-2008-2467", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2467" + }, + { + "name": "240048", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240048-1" + }, + { + "name": "TA08-190B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-190B.html" + }, + { + "name": "TA08-190A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html" + }, + { + "name": "GLSA-200807-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200807-08.xml" + }, + { + "name": "31022", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31022" + }, + { + "name": "SSA:2008-191", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.539239" + }, + { + "name": "1020449", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020449" + }, + { + "name": "31093", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31093" + }, + { + "name": "31052", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31052" + }, + { + "name": "30980", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30980" + }, + { + "name": "SSA:2008-205-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.452680" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401" + }, + { + "name": "31199", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31199" + }, + { + "name": "ADV-2008-2030", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2030/references" + }, + { + "name": "ADV-2008-2291", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2291" + }, + { + "name": "ADV-2008-2023", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2023/references" + }, + { + "name": "SSRT090014", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=123324863916385&w=2" + }, + { + "name": "ADV-2008-2466", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2466" + }, + { + "name": "MS08-037", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-037" + }, + { + "name": "31212", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31212" + }, + { + "name": "ADV-2008-2113", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2113/references" + }, + { + "name": "31152", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31152" + }, + { + "name": "ADV-2008-2019", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2019/references" + }, + { + "name": "ADV-2008-2197", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2197/references" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5400.json b/2008/5xxx/CVE-2008-5400.json index b6193592387..40a916d0dc0 100644 --- a/2008/5xxx/CVE-2008-5400.json +++ b/2008/5xxx/CVE-2008-5400.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in mvnForum before 1.2.1 GA allow remote attackers to (1) create forums, (2) change account privileges, (3) enable accounts, or (4) disable accounts as a product administrator via unspecified vectors, possibly related to HTTP Referer headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081203 [SVRT-06-08] MULTI SECURITY VULNERABILITIES IN MVNFORUM", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498872/100/0/threaded" - }, - { - "name" : "20081203 [SVRT-06-08] MULTI SECURITY VULNERABILITIES IN MVNFORUM", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0061.html" - }, - { - "name" : "http://security.bkis.vn/?p=286", - "refsource" : "MISC", - "url" : "http://security.bkis.vn/?p=286" - }, - { - "name" : "http://www.mvnforum.com/mvnforum/viewthread_thread,4361", - "refsource" : "CONFIRM", - "url" : "http://www.mvnforum.com/mvnforum/viewthread_thread,4361" - }, - { - "name" : "50404", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50404" - }, - { - "name" : "32931", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32931" - }, - { - "name" : "4699", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4699" - }, - { - "name" : "mvnforum-unspecified-csrf(47027)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in mvnForum before 1.2.1 GA allow remote attackers to (1) create forums, (2) change account privileges, (3) enable accounts, or (4) disable accounts as a product administrator via unspecified vectors, possibly related to HTTP Referer headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mvnforum.com/mvnforum/viewthread_thread,4361", + "refsource": "CONFIRM", + "url": "http://www.mvnforum.com/mvnforum/viewthread_thread,4361" + }, + { + "name": "4699", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4699" + }, + { + "name": "32931", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32931" + }, + { + "name": "mvnforum-unspecified-csrf(47027)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47027" + }, + { + "name": "http://security.bkis.vn/?p=286", + "refsource": "MISC", + "url": "http://security.bkis.vn/?p=286" + }, + { + "name": "50404", + "refsource": "OSVDB", + "url": "http://osvdb.org/50404" + }, + { + "name": "20081203 [SVRT-06-08] MULTI SECURITY VULNERABILITIES IN MVNFORUM", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498872/100/0/threaded" + }, + { + "name": "20081203 [SVRT-06-08] MULTI SECURITY VULNERABILITIES IN MVNFORUM", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0061.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5531.json b/2008/5xxx/CVE-2008-5531.json index 08333de26e3..f8a3e21211b 100644 --- a/2008/5xxx/CVE-2008-5531.json +++ b/2008/5xxx/CVE-2008-5531.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Fortinet Antivirus 3.113.0.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498995/100/0/threaded" - }, - { - "name" : "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499043/100/0/threaded" - }, - { - "name" : "4723", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4723" - }, - { - "name" : "multiple-antivirus-mzheader-code-execution(47435)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Fortinet Antivirus 3.113.0.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "multiple-antivirus-mzheader-code-execution(47435)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435" + }, + { + "name": "4723", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4723" + }, + { + "name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded" + }, + { + "name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0027.json b/2013/0xxx/CVE-2013-0027.json index 0fd1c60c6e2..8bd840d54c6 100644 --- a/2013/0xxx/CVE-2013-0027.json +++ b/2013/0xxx/CVE-2013-0027.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Internet Explorer CPasteCommand Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-0027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-009" - }, - { - "name" : "TA13-043B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" - }, - { - "name" : "oval:org.mitre.oval:def:16360", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16360" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Internet Explorer CPasteCommand Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-009" + }, + { + "name": "oval:org.mitre.oval:def:16360", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16360" + }, + { + "name": "TA13-043B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0428.json b/2013/0xxx/CVE-2013-0428.json index e2ed0082f5f..00421fb0aff 100644 --- a/2013/0xxx/CVE-2013-0428.json +++ b/2013/0xxx/CVE-2013-0428.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"incorrect checks for proxy classes\" in the Reflection API." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-0428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" - }, - { - "name" : "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", - "refsource" : "CONFIRM", - "url" : "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS" - }, - { - "name" : "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/c9534e095b37", - "refsource" : "CONFIRM", - "url" : "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/c9534e095b37" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=907207", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=907207" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02864", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2" - }, - { - "name" : "SSRT101156", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2" - }, - { - "name" : "HPSBMU02874", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "HPSBUX02857", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101103", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101184", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "MDVSA-2013:095", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" - }, - { - "name" : "RHSA-2013:0236", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0236.html" - }, - { - "name" : "RHSA-2013:0237", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0237.html" - }, - { - "name" : "RHSA-2013:0245", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0245.html" - }, - { - "name" : "RHSA-2013:0246", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0246.html" - }, - { - "name" : "RHSA-2013:0247", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0247.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "openSUSE-SU-2013:0312", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html" - }, - { - "name" : "openSUSE-SU-2013:0377", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html" - }, - { - "name" : "SUSE-SU-2013:0478", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html" - }, - { - "name" : "TA13-032A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" - }, - { - "name" : "VU#858729", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/858729" - }, - { - "name" : "57713", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57713" - }, - { - "name" : "oval:org.mitre.oval:def:16496", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16496" - }, - { - "name" : "oval:org.mitre.oval:def:19474", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19474" - }, - { - "name" : "oval:org.mitre.oval:def:19480", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19480" - }, - { - "name" : "oval:org.mitre.oval:def:19491", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19491" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"incorrect checks for proxy classes\" in the Reflection API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "MDVSA-2013:095", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" + }, + { + "name": "SSRT101156", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2" + }, + { + "name": "TA13-032A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" + }, + { + "name": "oval:org.mitre.oval:def:19480", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19480" + }, + { + "name": "RHSA-2013:0236", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0236.html" + }, + { + "name": "oval:org.mitre.oval:def:19491", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19491" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "VU#858729", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/858729" + }, + { + "name": "SUSE-SU-2013:0478", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html" + }, + { + "name": "oval:org.mitre.oval:def:16496", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16496" + }, + { + "name": "RHSA-2013:0237", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0237.html" + }, + { + "name": "HPSBUX02857", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "RHSA-2013:0247", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0247.html" + }, + { + "name": "oval:org.mitre.oval:def:19474", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19474" + }, + { + "name": "HPSBMU02874", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=907207", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907207" + }, + { + "name": "SSRT101103", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "57713", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57713" + }, + { + "name": "openSUSE-SU-2013:0312", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html" + }, + { + "name": "openSUSE-SU-2013:0377", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html" + }, + { + "name": "RHSA-2013:0246", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0246.html" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "HPSBUX02864", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2" + }, + { + "name": "RHSA-2013:0245", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0245.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" + }, + { + "name": "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", + "refsource": "CONFIRM", + "url": "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS" + }, + { + "name": "SSRT101184", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056" + }, + { + "name": "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/c9534e095b37", + "refsource": "CONFIRM", + "url": "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/c9534e095b37" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0802.json b/2013/0xxx/CVE-2013-0802.json index 79c6d39bad8..0536da13102 100644 --- a/2013/0xxx/CVE-2013-0802.json +++ b/2013/0xxx/CVE-2013-0802.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0802", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0802", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0938.json b/2013/0xxx/CVE-2013-0938.json index 74f7e11702b..3381e709877 100644 --- a/2013/0xxx/CVE-2013-0938.json +++ b/2013/0xxx/CVE-2013-0938.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2013-0938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130509 ESA-2013-021: EMC Documentum Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130509 ESA-2013-021: EMC Documentum Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1740.json b/2013/1xxx/CVE-2013-1740.json index b9986a14285..14f1a600fcb 100644 --- a/2013/1xxx/CVE-2013-1740.json +++ b/2013/1xxx/CVE-2013-1740.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1740", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-1740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=498172", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=498172" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=919877", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=919877" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1053725", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1053725" - }, - { - "name" : "https://developer.mozilla.org/docs/NSS/NSS_3.15.4_release_notes", - "refsource" : "CONFIRM", - "url" : "https://developer.mozilla.org/docs/NSS/NSS_3.15.4_release_notes" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "openSUSE-SU-2014:0212", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" - }, - { - "name" : "openSUSE-SU-2014:0213", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" - }, - { - "name" : "USN-2088-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2088-1" - }, - { - "name" : "64944", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64944" - }, - { - "name" : "mozilla-nss-cve20131740-info-disc(90394)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90394" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "openSUSE-SU-2014:0212", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "https://developer.mozilla.org/docs/NSS/NSS_3.15.4_release_notes", + "refsource": "CONFIRM", + "url": "https://developer.mozilla.org/docs/NSS/NSS_3.15.4_release_notes" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "64944", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64944" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "mozilla-nss-cve20131740-info-disc(90394)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90394" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1053725", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053725" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "USN-2088-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2088-1" + }, + { + "name": "openSUSE-SU-2014:0213", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=919877", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=919877" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=498172", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=498172" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1842.json b/2013/1xxx/CVE-2013-1842.json index dca7dcc05e2..4d840e3817c 100644 --- a/2013/1xxx/CVE-2013-1842.json +++ b/2013/1xxx/CVE-2013-1842.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1842", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to \"the Query Object Model and relation values.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130311 Re: CVE Request: typo3 sql injection and open redirection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/12/3" - }, - { - "name" : "http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/" - }, - { - "name" : "DSA-2646", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2646" - }, - { - "name" : "openSUSE-SU-2013:0510", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html" - }, - { - "name" : "58330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58330" - }, - { - "name" : "90925", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/90925" - }, - { - "name" : "52433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52433" - }, - { - "name" : "52638", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to \"the Query Object Model and relation values.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130311 Re: CVE Request: typo3 sql injection and open redirection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/12/3" + }, + { + "name": "DSA-2646", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2646" + }, + { + "name": "90925", + "refsource": "OSVDB", + "url": "http://osvdb.org/90925" + }, + { + "name": "openSUSE-SU-2013:0510", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html" + }, + { + "name": "52638", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52638" + }, + { + "name": "58330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58330" + }, + { + "name": "52433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52433" + }, + { + "name": "http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/", + "refsource": "CONFIRM", + "url": "http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3093.json b/2013/3xxx/CVE-2013-3093.json index 36b252d6a50..190183ca4fe 100644 --- a/2013/3xxx/CVE-2013-3093.json +++ b/2013/3xxx/CVE-2013-3093.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3093", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3093", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3306.json b/2013/3xxx/CVE-2013-3306.json index a2c368222f2..34d11ffa15e 100644 --- a/2013/3xxx/CVE-2013-3306.json +++ b/2013/3xxx/CVE-2013-3306.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3306", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3306", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3749.json b/2013/3xxx/CVE-2013-3749.json index 09d99eb5807..c7282ddeede 100644 --- a/2013/3xxx/CVE-2013-3749.json +++ b/2013/3xxx/CVE-2013-3749.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Logging. NOTE: the previous information is from the July 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to storage of credentials in the (1) FND_LOG_MESSAGES database table or (2) log files by \"native login pages.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-3749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" - }, - { - "name" : "VU#826463", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/826463" - }, - { - "name" : "61268", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61268" - }, - { - "name" : "95286", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95286" - }, - { - "name" : "1028799", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028799" - }, - { - "name" : "54222", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54222" - }, - { - "name" : "oracle-cpujuly2013-cve20133749(85673)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85673" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Logging. NOTE: the previous information is from the July 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to storage of credentials in the (1) FND_LOG_MESSAGES database table or (2) log files by \"native login pages.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95286", + "refsource": "OSVDB", + "url": "http://osvdb.org/95286" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" + }, + { + "name": "1028799", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028799" + }, + { + "name": "oracle-cpujuly2013-cve20133749(85673)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85673" + }, + { + "name": "54222", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54222" + }, + { + "name": "61268", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61268" + }, + { + "name": "VU#826463", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/826463" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3839.json b/2013/3xxx/CVE-2013-3839.json index 91a3d8eb371..d1b046915db 100644 --- a/2013/3xxx/CVE-2013-3839.json +++ b/2013/3xxx/CVE-2013-3839.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-3839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" - }, - { - "name" : "DSA-2780", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2780" - }, - { - "name" : "DSA-2818", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2818" - }, - { - "name" : "GLSA-201409-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201409-04.xml" - }, - { - "name" : "MDVSA-2013:250", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:250" - }, - { - "name" : "RHSA-2014:0173", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0173.html" - }, - { - "name" : "RHSA-2014:0186", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0186.html" - }, - { - "name" : "RHSA-2014:0189", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0189.html" - }, - { - "name" : "USN-2006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2006-1" - }, - { - "name" : "63109", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63109" - }, - { - "name" : "1029184", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029184" - }, - { - "name" : "55291", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2780", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2780" + }, + { + "name": "DSA-2818", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2818" + }, + { + "name": "RHSA-2014:0186", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0186.html" + }, + { + "name": "MDVSA-2013:250", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:250" + }, + { + "name": "55291", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55291" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" + }, + { + "name": "USN-2006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2006-1" + }, + { + "name": "RHSA-2014:0173", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0173.html" + }, + { + "name": "RHSA-2014:0189", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0189.html" + }, + { + "name": "1029184", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029184" + }, + { + "name": "63109", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63109" + }, + { + "name": "GLSA-201409-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201409-04.xml" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3896.json b/2013/3xxx/CVE-2013-3896.json index 754f7a1e3a9..a278ccdb5eb 100644 --- a/2013/3xxx/CVE-2013-3896.json +++ b/2013/3xxx/CVE-2013-3896.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka \"Silverlight Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-087", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-087" - }, - { - "name" : "TA13-288A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-288A" - }, - { - "name" : "oval:org.mitre.oval:def:19003", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19003" - }, - { - "name" : "oval:org.mitre.oval:def:19055", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka \"Silverlight Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-087", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-087" + }, + { + "name": "oval:org.mitre.oval:def:19003", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19003" + }, + { + "name": "TA13-288A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-288A" + }, + { + "name": "oval:org.mitre.oval:def:19055", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19055" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4200.json b/2013/4xxx/CVE-2013-4200.json index 19c1acf5ac0..46474d9792e 100644 --- a/2013/4xxx/CVE-2013-4200.json +++ b/2013/4xxx/CVE-2013-4200.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the \"next\" parameter to acl_users/credentials_cookie_auth/require_login." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140116 CVE-2013-4200 - Plone URL redirection / Forwarding of cookie data (session hijack) in certain browsers", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/530787/100/0/threaded" - }, - { - "name" : "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/08/01/2" - }, - { - "name" : "http://plone.org/products/plone-hotfix/releases/20130618", - "refsource" : "CONFIRM", - "url" : "http://plone.org/products/plone-hotfix/releases/20130618" - }, - { - "name" : "http://plone.org/products/plone/security/advisories/20130618-announcement", - "refsource" : "CONFIRM", - "url" : "http://plone.org/products/plone/security/advisories/20130618-announcement" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4200", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the \"next\" parameter to acl_users/credentials_cookie_auth/require_login." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/08/01/2" + }, + { + "name": "http://plone.org/products/plone/security/advisories/20130618-announcement", + "refsource": "CONFIRM", + "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" + }, + { + "name": "http://plone.org/products/plone-hotfix/releases/20130618", + "refsource": "CONFIRM", + "url": "http://plone.org/products/plone-hotfix/releases/20130618" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4200", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4200" + }, + { + "name": "20140116 CVE-2013-4200 - Plone URL redirection / Forwarding of cookie data (session hijack) in certain browsers", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/530787/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4428.json b/2013/4xxx/CVE-2013-4428.json index cefacd40417..b4bab64b1f2 100644 --- a/2013/4xxx/CVE-2013-4428.json +++ b/2013/4xxx/CVE-2013-4428.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131015 CVE request for a vulnerability in OpenStack Glance", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/10/15/8" - }, - { - "name" : "[oss-security] 20131015 Re: CVE request for a vulnerability in OpenStack Glance", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/10/16/9" - }, - { - "name" : "https://bugs.launchpad.net/glance/+bug/1235226", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/glance/+bug/1235226" - }, - { - "name" : "https://bugs.launchpad.net/glance/+bug/1235378", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/glance/+bug/1235378" - }, - { - "name" : "https://launchpad.net/glance/+milestone/2013.1.4", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/glance/+milestone/2013.1.4" - }, - { - "name" : "https://launchpad.net/glance/+milestone/2013.2", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/glance/+milestone/2013.2" - }, - { - "name" : "RHSA-2013:1525", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1525.html" - }, - { - "name" : "USN-2003-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2003-1" - }, - { - "name" : "63159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63159" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1525", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1525.html" + }, + { + "name": "USN-2003-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2003-1" + }, + { + "name": "https://launchpad.net/glance/+milestone/2013.1.4", + "refsource": "CONFIRM", + "url": "https://launchpad.net/glance/+milestone/2013.1.4" + }, + { + "name": "https://bugs.launchpad.net/glance/+bug/1235378", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/glance/+bug/1235378" + }, + { + "name": "[oss-security] 20131015 CVE request for a vulnerability in OpenStack Glance", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/10/15/8" + }, + { + "name": "63159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63159" + }, + { + "name": "[oss-security] 20131015 Re: CVE request for a vulnerability in OpenStack Glance", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/10/16/9" + }, + { + "name": "https://bugs.launchpad.net/glance/+bug/1235226", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/glance/+bug/1235226" + }, + { + "name": "https://launchpad.net/glance/+milestone/2013.2", + "refsource": "CONFIRM", + "url": "https://launchpad.net/glance/+milestone/2013.2" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4755.json b/2013/4xxx/CVE-2013-4755.json index b7a5e6948fc..ff0d603d1cc 100644 --- a/2013/4xxx/CVE-2013-4755.json +++ b/2013/4xxx/CVE-2013-4755.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4755", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4755", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4872.json b/2013/4xxx/CVE-2013-4872.json index 7ded92f05cd..39b7b7b72eb 100644 --- a/2013/4xxx/CVE-2013-4872.json +++ b/2013/4xxx/CVE-2013-4872.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Glass before XE6 does not properly restrict the processing of QR codes, which allows physically proximate attackers to modify the configuration or redirect users to arbitrary web sites via a crafted symbol, as demonstrated by selecting a Wi-Fi access point in order to conduct a man-in-the-middle attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.lookout.com/blog/2013/07/17/hacking-the-internet-of-things-for-good/", - "refsource" : "MISC", - "url" : "https://blog.lookout.com/blog/2013/07/17/hacking-the-internet-of-things-for-good/" - }, - { - "name" : "google-glass-cve20134872-security-bypass(85804)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Glass before XE6 does not properly restrict the processing of QR codes, which allows physically proximate attackers to modify the configuration or redirect users to arbitrary web sites via a crafted symbol, as demonstrated by selecting a Wi-Fi access point in order to conduct a man-in-the-middle attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.lookout.com/blog/2013/07/17/hacking-the-internet-of-things-for-good/", + "refsource": "MISC", + "url": "https://blog.lookout.com/blog/2013/07/17/hacking-the-internet-of-things-for-good/" + }, + { + "name": "google-glass-cve20134872-security-bypass(85804)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85804" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10024.json b/2017/10xxx/CVE-2017-10024.json index 8da9b79c0d4..b73c4a47b26 100644 --- a/2017/10xxx/CVE-2017-10024.json +++ b/2017/10xxx/CVE-2017-10024.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BI Publisher (formerly XML Publisher)", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.1.1.7.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Layout Tools). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BI Publisher (formerly XML Publisher)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1.1.7.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99723", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99723" - }, - { - "name" : "1038940", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038940" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Layout Tools). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99723", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99723" + }, + { + "name": "1038940", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038940" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12029.json b/2017/12xxx/CVE-2017-12029.json index 90ec5a3cbec..9f73839bc6d 100644 --- a/2017/12xxx/CVE-2017-12029.json +++ b/2017/12xxx/CVE-2017-12029.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12029", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12029", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12098.json b/2017/12xxx/CVE-2017-12098.json index 405c69ca64e..f7807e633bb 100644 --- a/2017/12xxx/CVE-2017-12098.json +++ b/2017/12xxx/CVE-2017-12098.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2017-12098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2017-12098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0450", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0450" - }, - { - "name" : "102486", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0450", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0450" + }, + { + "name": "102486", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102486" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12589.json b/2017/12xxx/CVE-2017-12589.json index 363f82aee0b..5feef5406dc 100644 --- a/2017/12xxx/CVE-2017-12589.json +++ b/2017/12xxx/CVE-2017-12589.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://iscouncil.blogspot.com/2017/08/cross-site-request-forgery_11.html", - "refsource" : "MISC", - "url" : "https://iscouncil.blogspot.com/2017/08/cross-site-request-forgery_11.html" - }, - { - "name" : "100438", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100438" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://iscouncil.blogspot.com/2017/08/cross-site-request-forgery_11.html", + "refsource": "MISC", + "url": "https://iscouncil.blogspot.com/2017/08/cross-site-request-forgery_11.html" + }, + { + "name": "100438", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100438" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12795.json b/2017/12xxx/CVE-2017-12795.json index 3b8729fdca2..aed3d8f6099 100644 --- a/2017/12xxx/CVE-2017-12795.json +++ b/2017/12xxx/CVE-2017-12795.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12795", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12795", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12806.json b/2017/12xxx/CVE-2017-12806.json index 86532727dc7..f655688972d 100644 --- a/2017/12xxx/CVE-2017-12806.json +++ b/2017/12xxx/CVE-2017-12806.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12806", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12806", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12960.json b/2017/12xxx/CVE-2017-12960.json index e6c73581bf9..a2642501e9d 100644 --- a/2017/12xxx/CVE-2017-12960.json +++ b/2017/12xxx/CVE-2017-12960.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1482433", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1482433" - }, - { - "name" : "https://savannah.gnu.org/forum/forum.php?forum_id=8936", - "refsource" : "CONFIRM", - "url" : "https://savannah.gnu.org/forum/forum.php?forum_id=8936" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://savannah.gnu.org/forum/forum.php?forum_id=8936", + "refsource": "CONFIRM", + "url": "https://savannah.gnu.org/forum/forum.php?forum_id=8936" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1482433", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482433" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13135.json b/2017/13xxx/CVE-2017-13135.json index de47e763de6..9811f9f97d7 100644 --- a/2017/13xxx/CVE-2017-13135.json +++ b/2017/13xxx/CVE-2017-13135.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ebel34/bpg-web-encoder/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/ebel34/bpg-web-encoder/issues/1" - }, - { - "name" : "101929", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101929", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101929" + }, + { + "name": "https://github.com/ebel34/bpg-web-encoder/issues/1", + "refsource": "MISC", + "url": "https://github.com/ebel34/bpg-web-encoder/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13438.json b/2017/13xxx/CVE-2017-13438.json index 0c116d4312f..a1545fe9824 100644 --- a/2017/13xxx/CVE-2017-13438.json +++ b/2017/13xxx/CVE-2017-13438.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13438", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13438", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13534.json b/2017/13xxx/CVE-2017-13534.json index 9ada2a3e3f8..f945d2c229b 100644 --- a/2017/13xxx/CVE-2017-13534.json +++ b/2017/13xxx/CVE-2017-13534.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13534", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13534", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13541.json b/2017/13xxx/CVE-2017-13541.json index e05c26c3e71..95bfb04f121 100644 --- a/2017/13xxx/CVE-2017-13541.json +++ b/2017/13xxx/CVE-2017-13541.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13541", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13541", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16730.json b/2017/16xxx/CVE-2017-16730.json index 70144ea178d..d1556618f6d 100644 --- a/2017/16xxx/CVE-2017-16730.json +++ b/2017/16xxx/CVE-2017-16730.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16730", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16730", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16968.json b/2017/16xxx/CVE-2017-16968.json index 48b6b78c02e..b8252d76fa3 100644 --- a/2017/16xxx/CVE-2017-16968.json +++ b/2017/16xxx/CVE-2017-16968.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16968", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16968", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17081.json b/2017/17xxx/CVE-2017-17081.json index 5b4bde7790b..c685df56aa3 100644 --- a/2017/17xxx/CVE-2017-17081.json +++ b/2017/17xxx/CVE-2017-17081.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3516#c1", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3516#c1" - }, - { - "name" : "https://github.com/FFmpeg/FFmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8", - "refsource" : "MISC", - "url" : "https://github.com/FFmpeg/FFmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8" - }, - { - "name" : "https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2017-November/219748.html", - "refsource" : "MISC", - "url" : "https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2017-November/219748.html" - }, - { - "name" : "DSA-4099", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2017-November/219748.html", + "refsource": "MISC", + "url": "https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2017-November/219748.html" + }, + { + "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3516#c1", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3516#c1" + }, + { + "name": "https://github.com/FFmpeg/FFmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8", + "refsource": "MISC", + "url": "https://github.com/FFmpeg/FFmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8" + }, + { + "name": "DSA-4099", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4099" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17781.json b/2017/17xxx/CVE-2017-17781.json index 2948f749b91..2ac99386f7a 100644 --- a/2017/17xxx/CVE-2017-17781.json +++ b/2017/17xxx/CVE-2017-17781.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17781", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17781", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17997.json b/2017/17xxx/CVE-2017-17997.json index 03a0103dd55..b64a782ac8d 100644 --- a/2017/17xxx/CVE-2017-17997.json +++ b/2017/17xxx/CVE-2017-17997.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14299", - "refsource" : "MISC", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14299" - }, - { - "name" : "https://code.wireshark.org/review/#/c/25063/", - "refsource" : "MISC", - "url" : "https://code.wireshark.org/review/#/c/25063/" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=80a695869c9aef2fb473d9361da068022be7cb50", - "refsource" : "MISC", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=80a695869c9aef2fb473d9361da068022be7cb50" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2018-02.html", - "refsource" : "MISC", - "url" : "https://www.wireshark.org/security/wnpa-sec-2018-02.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.wireshark.org/review/#/c/25063/", + "refsource": "MISC", + "url": "https://code.wireshark.org/review/#/c/25063/" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=80a695869c9aef2fb473d9361da068022be7cb50", + "refsource": "MISC", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=80a695869c9aef2fb473d9361da068022be7cb50" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2018-02.html", + "refsource": "MISC", + "url": "https://www.wireshark.org/security/wnpa-sec-2018-02.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14299", + "refsource": "MISC", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14299" + }, + { + "name": "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18050.json b/2018/18xxx/CVE-2018-18050.json index c5f9ed43c00..d48d0ab4fdc 100644 --- a/2018/18xxx/CVE-2018-18050.json +++ b/2018/18xxx/CVE-2018-18050.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18050", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18050", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18143.json b/2018/18xxx/CVE-2018-18143.json index b2099606193..428644ac008 100644 --- a/2018/18xxx/CVE-2018-18143.json +++ b/2018/18xxx/CVE-2018-18143.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18143", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18143", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18410.json b/2018/18xxx/CVE-2018-18410.json index 4e232e759ba..1b93188fc34 100644 --- a/2018/18xxx/CVE-2018-18410.json +++ b/2018/18xxx/CVE-2018-18410.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18410", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18410", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18432.json b/2018/18xxx/CVE-2018-18432.json index a78c9d4381f..6586401f1cd 100644 --- a/2018/18xxx/CVE-2018-18432.json +++ b/2018/18xxx/CVE-2018-18432.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin.php URI in an action=add request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/DESTOON/blob/master/CSRF.md", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/DESTOON/blob/master/CSRF.md" - }, - { - "name" : "https://www.patec.cn/newsshow.php?cid=24&id=134", - "refsource" : "MISC", - "url" : "https://www.patec.cn/newsshow.php?cid=24&id=134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin.php URI in an action=add request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/DESTOON/blob/master/CSRF.md", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/DESTOON/blob/master/CSRF.md" + }, + { + "name": "https://www.patec.cn/newsshow.php?cid=24&id=134", + "refsource": "MISC", + "url": "https://www.patec.cn/newsshow.php?cid=24&id=134" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18825.json b/2018/18xxx/CVE-2018-18825.json index 166d0902dfc..5d1fca60dce 100644 --- a/2018/18xxx/CVE-2018-18825.json +++ b/2018/18xxx/CVE-2018-18825.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pagoda Linux panel V6.0 has XSS via the verification code associated with an invalid account login. A crafted code is mishandled during rendering of the login log." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/misterrou/rourou/blob/master/bt.docx", - "refsource" : "MISC", - "url" : "https://github.com/misterrou/rourou/blob/master/bt.docx" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pagoda Linux panel V6.0 has XSS via the verification code associated with an invalid account login. A crafted code is mishandled during rendering of the login log." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/misterrou/rourou/blob/master/bt.docx", + "refsource": "MISC", + "url": "https://github.com/misterrou/rourou/blob/master/bt.docx" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19757.json b/2018/19xxx/CVE-2018-19757.json index 6f21d20f32a..b75d893c96f 100644 --- a/2018/19xxx/CVE-2018-19757.json +++ b/2018/19xxx/CVE-2018-19757.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1649197", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1649197" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1649197", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649197" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1283.json b/2018/1xxx/CVE-2018-1283.json index d6e13160ea8..6b28f4ca692 100644 --- a/2018/1xxx/CVE-2018-1283.json +++ b/2018/1xxx/CVE-2018-1283.json @@ -1,118 +1,118 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-03-23T00:00:00", - "ID" : "CVE-2018-1283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache HTTP Server", - "version" : { - "version_data" : [ - { - "version_value" : "2.4.0 to 2.4.29" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header. This comes from the \"HTTP_SESSION\" variable name used by mod_session to forward its data to CGIs, since the prefix \"HTTP_\" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Tampering of mod_session data for CGI applications." - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-03-23T00:00:00", + "ID": "CVE-2018-1283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache HTTP Server", + "version": { + "version_data": [ + { + "version_value": "2.4.0 to 2.4.29" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20180323 CVE-2018-1283: Tampering of mod_session data for CGI applications", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2018/03/24/4" - }, - { - "name" : "https://httpd.apache.org/security/vulnerabilities_24.html", - "refsource" : "CONFIRM", - "url" : "https://httpd.apache.org/security/vulnerabilities_24.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180601-0004/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180601-0004/" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us" - }, - { - "name" : "DSA-4164", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4164" - }, - { - "name" : "RHSA-2018:3558", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3558" - }, - { - "name" : "RHSA-2019:0366", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0366" - }, - { - "name" : "RHSA-2019:0367", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0367" - }, - { - "name" : "USN-3627-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3627-1/" - }, - { - "name" : "USN-3627-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3627-2/" - }, - { - "name" : "103520", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103520" - }, - { - "name" : "1040568", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header. This comes from the \"HTTP_SESSION\" variable name used by mod_session to forward its data to CGIs, since the prefix \"HTTP_\" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Tampering of mod_session data for CGI applications." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3627-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3627-1/" + }, + { + "name": "DSA-4164", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4164" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180601-0004/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180601-0004/" + }, + { + "name": "RHSA-2018:3558", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3558" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us" + }, + { + "name": "RHSA-2019:0367", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0367" + }, + { + "name": "1040568", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040568" + }, + { + "name": "USN-3627-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3627-2/" + }, + { + "name": "103520", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103520" + }, + { + "name": "[oss-security] 20180323 CVE-2018-1283: Tampering of mod_session data for CGI applications", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2018/03/24/4" + }, + { + "name": "https://httpd.apache.org/security/vulnerabilities_24.html", + "refsource": "CONFIRM", + "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + }, + { + "name": "RHSA-2019:0366", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0366" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1497.json b/2018/1xxx/CVE-2018-1497.json index 123a8840bc2..6d77c8d55ae 100644 --- a/2018/1xxx/CVE-2018-1497.json +++ b/2018/1xxx/CVE-2018-1497.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1497", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1497", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1518.json b/2018/1xxx/CVE-2018-1518.json index d77da5fbb93..3dcb22aa8c4 100644 --- a/2018/1xxx/CVE-2018-1518.json +++ b/2018/1xxx/CVE-2018-1518.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-10-16T00:00:00", - "ID" : "CVE-2018-1518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "InfoSphere Information Server", - "version" : { - "version_data" : [ - { - "version_value" : "11.7" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. IBM X-Force ID: 141682." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "L", - "C" : "H", - "I" : "N", - "PR" : "N", - "S" : "U", - "SCORE" : "6.200", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-10-16T00:00:00", + "ID": "CVE-2018-1518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InfoSphere Information Server", + "version": { + "version_data": [ + { + "version_value": "11.7" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=swg22017446", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=swg22017446" - }, - { - "name" : "ibm-infosphere-cve20181518-info-disc(141682)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/141682" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. IBM X-Force ID: 141682." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "L", + "C": "H", + "I": "N", + "PR": "N", + "S": "U", + "SCORE": "6.200", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/docview.wss?uid=swg22017446", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=swg22017446" + }, + { + "name": "ibm-infosphere-cve20181518-info-disc(141682)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141682" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1786.json b/2018/1xxx/CVE-2018-1786.json index a5cecfd4a87..591071f91a0 100644 --- a/2018/1xxx/CVE-2018-1786.json +++ b/2018/1xxx/CVE-2018-1786.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-11-08T00:00:00", - "ID" : "CVE-2018-1786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Spectrum Protect", - "version" : { - "version_data" : [ - { - "version_value" : "7.1" - }, - { - "version_value" : "8.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "L", - "AC" : "L", - "AV" : "N", - "C" : "N", - "I" : "N", - "PR" : "N", - "S" : "U", - "SCORE" : "5.300", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-11-08T00:00:00", + "ID": "CVE-2018-1786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spectrum Protect", + "version": { + "version_data": [ + { + "version_value": "7.1" + }, + { + "version_value": "8.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10738765", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10738765" - }, - { - "name" : "105940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105940" - }, - { - "name" : "ibm-tivoli-cve20181786-dos(148871)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "L", + "AC": "L", + "AV": "N", + "C": "N", + "I": "N", + "PR": "N", + "S": "U", + "SCORE": "5.300", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-tivoli-cve20181786-dos(148871)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148871" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10738765", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10738765" + }, + { + "name": "105940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105940" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1836.json b/2018/1xxx/CVE-2018-1836.json index 2d626a09651..20fe9f15cf1 100644 --- a/2018/1xxx/CVE-2018-1836.json +++ b/2018/1xxx/CVE-2018-1836.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1836", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1836", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5114.json b/2018/5xxx/CVE-2018-5114.json index ba28608125c..a3f7a238220 100644 --- a/2018/5xxx/CVE-2018-5114.json +++ b/2018/5xxx/CVE-2018-5114.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-5114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "58" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "If an existing cookie is changed to be \"HttpOnly\" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox < 58." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "The old value of a cookie changed to HttpOnly remains accessible to scripts" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-5114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "58" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1421324", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1421324" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-02/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-02/" - }, - { - "name" : "USN-3544-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3544-1/" - }, - { - "name" : "102786", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102786" - }, - { - "name" : "1040270", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "If an existing cookie is changed to be \"HttpOnly\" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox < 58." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The old value of a cookie changed to HttpOnly remains accessible to scripts" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040270", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040270" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1421324", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1421324" + }, + { + "name": "USN-3544-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3544-1/" + }, + { + "name": "102786", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102786" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-02/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-02/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5254.json b/2018/5xxx/CVE-2018-5254.json index 154a10c75bf..16c482f229a 100644 --- a/2018/5xxx/CVE-2018-5254.json +++ b/2018/5xxx/CVE-2018-5254.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) via a malformed path attribute in an UPDATE message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.arista.com/en/support/advisories-notices/security-advisories/4403-security-advisory-33", - "refsource" : "CONFIRM", - "url" : "https://www.arista.com/en/support/advisories-notices/security-advisories/4403-security-advisory-33" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) via a malformed path attribute in an UPDATE message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/4403-security-advisory-33", + "refsource": "CONFIRM", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/4403-security-advisory-33" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5352.json b/2018/5xxx/CVE-2018-5352.json index fbcbbe58fd7..b9a6df06d7e 100644 --- a/2018/5xxx/CVE-2018-5352.json +++ b/2018/5xxx/CVE-2018-5352.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5352", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5352", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5623.json b/2018/5xxx/CVE-2018-5623.json index a5743624632..2f61ed53e05 100644 --- a/2018/5xxx/CVE-2018-5623.json +++ b/2018/5xxx/CVE-2018-5623.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5623", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5623", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5869.json b/2018/5xxx/CVE-2018-5869.json index 0e027585c1d..1012acc5884 100644 --- a/2018/5xxx/CVE-2018-5869.json +++ b/2018/5xxx/CVE-2018-5869.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-5869", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile,Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 800, SD 810" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper input validation in the QTEE keymaster app can lead to invalid memory access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 800, SD 810" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-5869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile,Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 800, SD 810" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - }, - { - "name" : "106128", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper input validation in the QTEE keymaster app can lead to invalid memory access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 800, SD 810" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "106128", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106128" + } + ] + } +} \ No newline at end of file