From 0916d537347fdec439c1c5c140cc5ca5f6e47a9d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:41:45 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2008/0xxx/CVE-2008-0071.json | 220 ++++++++--------- 2008/0xxx/CVE-2008-0109.json | 220 ++++++++--------- 2008/0xxx/CVE-2008-0377.json | 150 ++++++------ 2008/0xxx/CVE-2008-0649.json | 130 +++++----- 2008/1xxx/CVE-2008-1037.json | 160 ++++++------- 2008/1xxx/CVE-2008-1104.json | 210 ++++++++-------- 2008/1xxx/CVE-2008-1204.json | 160 ++++++------- 2008/1xxx/CVE-2008-1969.json | 160 ++++++------- 2008/4xxx/CVE-2008-4094.json | 260 ++++++++++---------- 2008/4xxx/CVE-2008-4631.json | 160 ++++++------- 2008/5xxx/CVE-2008-5176.json | 180 +++++++------- 2008/5xxx/CVE-2008-5322.json | 150 ++++++------ 2008/5xxx/CVE-2008-5454.json | 160 ++++++------- 2013/0xxx/CVE-2013-0463.json | 130 +++++----- 2013/3xxx/CVE-2013-3131.json | 150 ++++++------ 2013/3xxx/CVE-2013-3288.json | 120 +++++----- 2013/3xxx/CVE-2013-3444.json | 200 ++++++++-------- 2013/3xxx/CVE-2013-3589.json | 130 +++++----- 2013/3xxx/CVE-2013-3667.json | 150 ++++++------ 2013/3xxx/CVE-2013-3678.json | 180 +++++++------- 2013/3xxx/CVE-2013-3703.json | 180 +++++++------- 2013/4xxx/CVE-2013-4102.json | 34 +-- 2013/4xxx/CVE-2013-4477.json | 150 ++++++------ 2013/4xxx/CVE-2013-4711.json | 150 ++++++------ 2013/4xxx/CVE-2013-4771.json | 34 +-- 2013/4xxx/CVE-2013-4866.json | 170 ++++++------- 2013/6xxx/CVE-2013-6196.json | 180 +++++++------- 2013/6xxx/CVE-2013-6248.json | 34 +-- 2013/7xxx/CVE-2013-7229.json | 34 +-- 2013/7xxx/CVE-2013-7385.json | 120 +++++----- 2017/10xxx/CVE-2017-10341.json | 152 ++++++------ 2017/10xxx/CVE-2017-10585.json | 34 +-- 2017/10xxx/CVE-2017-10768.json | 120 +++++----- 2017/10xxx/CVE-2017-10851.json | 130 +++++----- 2017/10xxx/CVE-2017-10905.json | 130 +++++----- 2017/12xxx/CVE-2017-12518.json | 142 +++++------ 2017/12xxx/CVE-2017-12993.json | 180 +++++++------- 2017/13xxx/CVE-2017-13009.json | 180 +++++++------- 2017/13xxx/CVE-2017-13854.json | 150 ++++++------ 2017/13xxx/CVE-2017-13962.json | 34 +-- 2017/17xxx/CVE-2017-17000.json | 34 +-- 2017/17xxx/CVE-2017-17027.json | 132 +++++------ 2017/17xxx/CVE-2017-17259.json | 34 +-- 2017/17xxx/CVE-2017-17395.json | 34 +-- 2018/0xxx/CVE-2018-0339.json | 140 +++++------ 2018/18xxx/CVE-2018-18298.json | 34 +-- 2018/18xxx/CVE-2018-18595.json | 34 +-- 2018/18xxx/CVE-2018-18765.json | 130 +++++----- 2018/19xxx/CVE-2018-19068.json | 120 +++++----- 2018/19xxx/CVE-2018-19177.json | 34 +-- 2018/19xxx/CVE-2018-19738.json | 34 +-- 2018/19xxx/CVE-2018-19869.json | 130 +++++----- 2018/19xxx/CVE-2018-19872.json | 83 +++++-- 2018/1xxx/CVE-2018-1013.json | 422 ++++++++++++++++----------------- 2018/1xxx/CVE-2018-1042.json | 130 +++++----- 2018/1xxx/CVE-2018-1405.json | 226 +++++++++--------- 2018/5xxx/CVE-2018-5572.json | 34 +-- 2018/5xxx/CVE-2018-5744.json | 34 +-- 58 files changed, 3793 insertions(+), 3744 deletions(-) diff --git a/2008/0xxx/CVE-2008-0071.json b/2008/0xxx/CVE-2008-0071.json index 0d2f0e192f3..47f5fd3f4f2 100644 --- a/2008/0xxx/CVE-2008-0071.json +++ b/2008/0xxx/CVE-2008-0071.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a malformed Range header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2008-0071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080611 Secunia Research: uTorrent / BitTorrent Web UI HTTP \"Range\" Header DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493269/100/0/threaded" - }, - { - "name" : "5918", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5918" - }, - { - "name" : "http://secunia.com/secunia_research/2008-7/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2008-7/advisory/" - }, - { - "name" : "29661", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29661" - }, - { - "name" : "ADV-2008-1808", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1808" - }, - { - "name" : "ADV-2008-1809", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1809" - }, - { - "name" : "1020266", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020266" - }, - { - "name" : "1020265", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020265" - }, - { - "name" : "28703", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28703" - }, - { - "name" : "30605", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30605" - }, - { - "name" : "3943", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3943" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a malformed Range header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3943", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3943" + }, + { + "name": "28703", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28703" + }, + { + "name": "http://secunia.com/secunia_research/2008-7/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2008-7/advisory/" + }, + { + "name": "29661", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29661" + }, + { + "name": "ADV-2008-1809", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1809" + }, + { + "name": "30605", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30605" + }, + { + "name": "ADV-2008-1808", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1808" + }, + { + "name": "1020266", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020266" + }, + { + "name": "20080611 Secunia Research: uTorrent / BitTorrent Web UI HTTP \"Range\" Header DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493269/100/0/threaded" + }, + { + "name": "1020265", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020265" + }, + { + "name": "5918", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5918" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0109.json b/2008/0xxx/CVE-2008-0109.json index 055a1bc3e1f..e9ae19e5b6f 100644 --- a/2008/0xxx/CVE-2008-0109.json +++ b/2008/0xxx/CVE-2008-0109.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-0109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080213 [Reversemode Advisory] February Advisories : Microsoft Word 2003 + Fortinet Forticlient", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488071/100/0/threaded" - }, - { - "name" : "HPSBST02314", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=120361015026386&w=2" - }, - { - "name" : "SSRT080016", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=120361015026386&w=2" - }, - { - "name" : "MS08-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-009" - }, - { - "name" : "TA08-043C", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-043C.html" - }, - { - "name" : "VU#692417", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/692417" - }, - { - "name" : "27656", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27656" - }, - { - "name" : "ADV-2008-0511", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0511/references" - }, - { - "name" : "oval:org.mitre.oval:def:5073", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5073" - }, - { - "name" : "1019374", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019374" - }, - { - "name" : "28901", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28901" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS08-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-009" + }, + { + "name": "27656", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27656" + }, + { + "name": "ADV-2008-0511", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0511/references" + }, + { + "name": "28901", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28901" + }, + { + "name": "HPSBST02314", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=120361015026386&w=2" + }, + { + "name": "VU#692417", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/692417" + }, + { + "name": "20080213 [Reversemode Advisory] February Advisories : Microsoft Word 2003 + Fortinet Forticlient", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488071/100/0/threaded" + }, + { + "name": "SSRT080016", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=120361015026386&w=2" + }, + { + "name": "TA08-043C", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html" + }, + { + "name": "1019374", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019374" + }, + { + "name": "oval:org.mitre.oval:def:5073", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5073" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0377.json b/2008/0xxx/CVE-2008-0377.json index fc3c2b17da6..317f4a5f3f9 100644 --- a/2008/0xxx/CVE-2008-0377.json +++ b/2008/0xxx/CVE-2008-0377.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080115 MicroNews Admin Direct Access vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/486349/100/0/threaded" - }, - { - "name" : "27288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27288" - }, - { - "name" : "3556", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3556" - }, - { - "name" : "micronews-admin-authentication-bypass(39702)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39702" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080115 MicroNews Admin Direct Access vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/486349/100/0/threaded" + }, + { + "name": "27288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27288" + }, + { + "name": "micronews-admin-authentication-bypass(39702)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39702" + }, + { + "name": "3556", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3556" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0649.json b/2008/0xxx/CVE-2008-0649.json index 15c64fa9b37..9dc4b270273 100644 --- a/2008/0xxx/CVE-2008-0649.json +++ b/2008/0xxx/CVE-2008-0649.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in detail.php in Astanda Directory Project (ADP) 1.2 and 1.3 allows remote attackers to execute arbitrary SQL commands via the link_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5071", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5071" - }, - { - "name" : "27646", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27646" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in detail.php in Astanda Directory Project (ADP) 1.2 and 1.3 allows remote attackers to execute arbitrary SQL commands via the link_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5071", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5071" + }, + { + "name": "27646", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27646" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1037.json b/2008/1xxx/CVE-2008-1037.json index d1b6ecf3043..7aa5eab265f 100644 --- a/2008/1xxx/CVE-2008-1037.json +++ b/2008/1xxx/CVE-2008-1037.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the file listing function in the web management interface in Packeteer PacketShaper and PolicyCenter 8.2.2 allows remote attackers to inject arbitrary web script or HTML via the FILELIST parameter to an arbitrary component, which triggers injection into an Error Report page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080224 Packeteer Products File Listing XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488712/100/0/threaded" - }, - { - "name" : "27982", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27982" - }, - { - "name" : "1019501", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019501" - }, - { - "name" : "29119", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29119" - }, - { - "name" : "3701", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3701" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the file listing function in the web management interface in Packeteer PacketShaper and PolicyCenter 8.2.2 allows remote attackers to inject arbitrary web script or HTML via the FILELIST parameter to an arbitrary component, which triggers injection into an Error Report page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29119", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29119" + }, + { + "name": "27982", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27982" + }, + { + "name": "20080224 Packeteer Products File Listing XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488712/100/0/threaded" + }, + { + "name": "1019501", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019501" + }, + { + "name": "3701", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3701" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1104.json b/2008/1xxx/CVE-2008-1104.json index 34c5d359238..4469ed55acd 100644 --- a/2008/1xxx/CVE-2008-1104.json +++ b/2008/1xxx/CVE-2008-1104.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Foxit Reader before 2.3 build 2912 allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file, related to the util.printf JavaScript function and floating point specifiers in format strings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2008-1104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080520 Secunia Research: Foxit Reader \"util.printf()\" Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492289/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2008-18/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2008-18/advisory/" - }, - { - "name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801", - "refsource" : "CONFIRM", - "url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801" - }, - { - "name" : "VU#119747", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/119747" - }, - { - "name" : "29288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29288" - }, - { - "name" : "ADV-2008-1572", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1572" - }, - { - "name" : "1020050", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020050" - }, - { - "name" : "29941", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29941" - }, - { - "name" : "3899", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3899" - }, - { - "name" : "foxitreader-utilprintf-bo(42531)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Foxit Reader before 2.3 build 2912 allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file, related to the util.printf JavaScript function and floating point specifiers in format strings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "foxitreader-utilprintf-bo(42531)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42531" + }, + { + "name": "20080520 Secunia Research: Foxit Reader \"util.printf()\" Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492289/100/0/threaded" + }, + { + "name": "1020050", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020050" + }, + { + "name": "VU#119747", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/119747" + }, + { + "name": "ADV-2008-1572", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1572" + }, + { + "name": "http://secunia.com/secunia_research/2008-18/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2008-18/advisory/" + }, + { + "name": "29288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29288" + }, + { + "name": "29941", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29941" + }, + { + "name": "3899", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3899" + }, + { + "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801", + "refsource": "CONFIRM", + "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1204.json b/2008/1xxx/CVE-2008-1204.json index 4a258cc26ea..fa6945e754c 100644 --- a/2008/1xxx/CVE-2008-1204.json +++ b/2008/1xxx/CVE-2008-1204.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "201251", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201251-1" - }, - { - "name" : "28113", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28113" - }, - { - "name" : "ADV-2008-0784", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0784" - }, - { - "name" : "29252", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29252" - }, - { - "name" : "sun-jsam-adminconsole-xss(41024)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28113", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28113" + }, + { + "name": "sun-jsam-adminconsole-xss(41024)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41024" + }, + { + "name": "29252", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29252" + }, + { + "name": "201251", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201251-1" + }, + { + "name": "ADV-2008-0784", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0784" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1969.json b/2008/1xxx/CVE-2008-1969.json index 367c3e81401..dec2f047708 100644 --- a/2008/1xxx/CVE-2008-1969.json +++ b/2008/1xxx/CVE-2008-1969.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1969", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Cezanne 6.5.1 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) LookUPId and (2) CbFun parameters to (a) CFLookUP.asp; (3) TitleParms, (4) WidgetsHeights, (5) WidgetsLinks, and (6) WidgetsTitles parameters to (b) CznCommon/CznCustomContainer.asp, (7) CFTARGET parameter to (c) home.asp, (8) PersonOid parameter to (d) PeopleWeb/Cards/CVCard.asp, (9) DESTLINKOID and PersonOID parameters to (e) PeopleWeb/Cards/PayrollCard.asp, and the (10) FolderTemplateId and (11) FolderTemplateName parameters to (f) PeopleWeb/CznDocFolder/CznDFStartProcess.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080414 S21SEC-042-en:Cezanne SW Cross-Site Scripting (login required)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490846/100/0/threaded" - }, - { - "name" : "http://www.s21sec.com/es/avisos/s21sec-042-en.txt", - "refsource" : "MISC", - "url" : "http://www.s21sec.com/es/avisos/s21sec-042-en.txt" - }, - { - "name" : "28772", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28772" - }, - { - "name" : "3829", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3829" - }, - { - "name" : "cezanne-multiple-xss(41821)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41821" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cezanne 6.5.1 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) LookUPId and (2) CbFun parameters to (a) CFLookUP.asp; (3) TitleParms, (4) WidgetsHeights, (5) WidgetsLinks, and (6) WidgetsTitles parameters to (b) CznCommon/CznCustomContainer.asp, (7) CFTARGET parameter to (c) home.asp, (8) PersonOid parameter to (d) PeopleWeb/Cards/CVCard.asp, (9) DESTLINKOID and PersonOID parameters to (e) PeopleWeb/Cards/PayrollCard.asp, and the (10) FolderTemplateId and (11) FolderTemplateName parameters to (f) PeopleWeb/CznDocFolder/CznDFStartProcess.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28772", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28772" + }, + { + "name": "20080414 S21SEC-042-en:Cezanne SW Cross-Site Scripting (login required)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490846/100/0/threaded" + }, + { + "name": "cezanne-multiple-xss(41821)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41821" + }, + { + "name": "3829", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3829" + }, + { + "name": "http://www.s21sec.com/es/avisos/s21sec-042-en.txt", + "refsource": "MISC", + "url": "http://www.s21sec.com/es/avisos/s21sec-042-en.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4094.json b/2008/4xxx/CVE-2008-4094.json index 7bd99fe723b..d585101f386 100644 --- a/2008/4xxx/CVE-2008-4094.json +++ b/2008/4xxx/CVE-2008-4094.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080913 CVE request: Ruby on Rails <2.1.1 :limit and :offset SQL injection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/13/2" - }, - { - "name" : "[oss-security] 20080915 Re: CVE request: Ruby on Rails <2.1.1 :limit and :offset SQL injection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/16/1" - }, - { - "name" : "http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1", - "refsource" : "MISC", - "url" : "http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1" - }, - { - "name" : "http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/", - "refsource" : "MISC", - "url" : "http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/" - }, - { - "name" : "http://rails.lighthouseapp.com/projects/8994/tickets/288", - "refsource" : "CONFIRM", - "url" : "http://rails.lighthouseapp.com/projects/8994/tickets/288" - }, - { - "name" : "http://rails.lighthouseapp.com/projects/8994/tickets/964", - "refsource" : "CONFIRM", - "url" : "http://rails.lighthouseapp.com/projects/8994/tickets/964" - }, - { - "name" : "http://gist.github.com/8946", - "refsource" : "CONFIRM", - "url" : "http://gist.github.com/8946" - }, - { - "name" : "SUSE-SR:2008:027", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html" - }, - { - "name" : "31176", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31176" - }, - { - "name" : "1020871", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020871" - }, - { - "name" : "ADV-2008-2562", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2562" - }, - { - "name" : "31875", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31875" - }, - { - "name" : "31909", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31909" - }, - { - "name" : "31910", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31910" - }, - { - "name" : "rubyonrails-activerecord-sql-injection(45109)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://gist.github.com/8946", + "refsource": "CONFIRM", + "url": "http://gist.github.com/8946" + }, + { + "name": "rubyonrails-activerecord-sql-injection(45109)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45109" + }, + { + "name": "[oss-security] 20080913 CVE request: Ruby on Rails <2.1.1 :limit and :offset SQL injection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/13/2" + }, + { + "name": "http://rails.lighthouseapp.com/projects/8994/tickets/964", + "refsource": "CONFIRM", + "url": "http://rails.lighthouseapp.com/projects/8994/tickets/964" + }, + { + "name": "http://rails.lighthouseapp.com/projects/8994/tickets/288", + "refsource": "CONFIRM", + "url": "http://rails.lighthouseapp.com/projects/8994/tickets/288" + }, + { + "name": "31875", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31875" + }, + { + "name": "SUSE-SR:2008:027", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html" + }, + { + "name": "31910", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31910" + }, + { + "name": "http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1", + "refsource": "MISC", + "url": "http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1" + }, + { + "name": "1020871", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020871" + }, + { + "name": "http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/", + "refsource": "MISC", + "url": "http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/" + }, + { + "name": "[oss-security] 20080915 Re: CVE request: Ruby on Rails <2.1.1 :limit and :offset SQL injection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/16/1" + }, + { + "name": "31176", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31176" + }, + { + "name": "31909", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31909" + }, + { + "name": "ADV-2008-2562", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2562" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4631.json b/2008/4xxx/CVE-2008-4631.json index 62003a39838..a6701827b36 100644 --- a/2008/4xxx/CVE-2008-4631.json +++ b/2008/4xxx/CVE-2008-4631.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the Message::AddToString function in message/Message.cpp in MUSCLE before 4.40 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted message. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://public.msli.com/lcs/muscle/muscle/HISTORY.txt", - "refsource" : "CONFIRM", - "url" : "https://public.msli.com/lcs/muscle/muscle/HISTORY.txt" - }, - { - "name" : "31822", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31822" - }, - { - "name" : "32318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32318" - }, - { - "name" : "ADV-2008-2869", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2869" - }, - { - "name" : "muscle-messageaddtostring-bo(45959)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45959" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the Message::AddToString function in message/Message.cpp in MUSCLE before 4.40 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted message. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31822", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31822" + }, + { + "name": "https://public.msli.com/lcs/muscle/muscle/HISTORY.txt", + "refsource": "CONFIRM", + "url": "https://public.msli.com/lcs/muscle/muscle/HISTORY.txt" + }, + { + "name": "muscle-messageaddtostring-bo(45959)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45959" + }, + { + "name": "32318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32318" + }, + { + "name": "ADV-2008-2869", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2869" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5176.json b/2008/5xxx/CVE-2008-5176.json index 31cb26ffab8..44a3327b85c 100644 --- a/2008/5xxx/CVE-2008-5176.json +++ b/2008/5xxx/CVE-2008-5176.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Client Software WinCom LPD Total 3.0.2.623 and earlier allow remote attackers to execute arbitrary code via (1) a long 0x02 command to the remote administration service on TCP port 13500 or (2) a long invalid control filename to LPDService.exe on TCP port 515." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080204 Multiple vulnerabilities in WinCom LPD Total 3.0.2.623", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487507/100/200/threaded" - }, - { - "name" : "http://aluigi.org/adv/wincomalpd-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.org/adv/wincomalpd-adv.txt" - }, - { - "name" : "http://aluigi.org/poc/wincomalpd.zip", - "refsource" : "MISC", - "url" : "http://aluigi.org/poc/wincomalpd.zip" - }, - { - "name" : "27614", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27614" - }, - { - "name" : "ADV-2008-0410", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0410" - }, - { - "name" : "28763", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28763" - }, - { - "name" : "4610", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4610" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Client Software WinCom LPD Total 3.0.2.623 and earlier allow remote attackers to execute arbitrary code via (1) a long 0x02 command to the remote administration service on TCP port 13500 or (2) a long invalid control filename to LPDService.exe on TCP port 515." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.org/adv/wincomalpd-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.org/adv/wincomalpd-adv.txt" + }, + { + "name": "20080204 Multiple vulnerabilities in WinCom LPD Total 3.0.2.623", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487507/100/200/threaded" + }, + { + "name": "ADV-2008-0410", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0410" + }, + { + "name": "28763", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28763" + }, + { + "name": "27614", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27614" + }, + { + "name": "4610", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4610" + }, + { + "name": "http://aluigi.org/poc/wincomalpd.zip", + "refsource": "MISC", + "url": "http://aluigi.org/poc/wincomalpd.zip" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5322.json b/2008/5xxx/CVE-2008-5322.json index b4acfe2504a..1040dc0e9e1 100644 --- a/2008/5xxx/CVE-2008-5322.json +++ b/2008/5xxx/CVE-2008-5322.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information via an invalid categup parameter to index.php, which calls the phpinfo function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6042", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6042" - }, - { - "name" : "http://packetstormsecurity.org/0810-exploits/wysiwikiwyg-lfixssdisclose.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0810-exploits/wysiwikiwyg-lfixssdisclose.txt" - }, - { - "name" : "31061", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31061" - }, - { - "name" : "wysiwikiwyg-categup-info-disclosure(47105)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information via an invalid categup parameter to index.php, which calls the phpinfo function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0810-exploits/wysiwikiwyg-lfixssdisclose.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0810-exploits/wysiwikiwyg-lfixssdisclose.txt" + }, + { + "name": "wysiwikiwyg-categup-info-disclosure(47105)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47105" + }, + { + "name": "31061", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31061" + }, + { + "name": "6042", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6042" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5454.json b/2008/5xxx/CVE-2008-5454.json index 0bda0cb84a8..8cad5ffca81 100644 --- a/2008/5xxx/CVE-2008-5454.json +++ b/2008/5xxx/CVE-2008-5454.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the iProcurement component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2008-5454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" - }, - { - "name" : "33177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33177" - }, - { - "name" : "ADV-2009-0115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0115" - }, - { - "name" : "1021568", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021568" - }, - { - "name" : "33525", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the iProcurement component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33525", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33525" + }, + { + "name": "ADV-2009-0115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0115" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" + }, + { + "name": "33177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33177" + }, + { + "name": "1021568", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021568" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0463.json b/2013/0xxx/CVE-2013-0463.json index 4737b8a241a..2ddd510878c 100644 --- a/2013/0xxx/CVE-2013-0463.json +++ b/2013/0xxx/CVE-2013-0463.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-2985, CVE-2013-2987, CVE-2013-3020, CVE-2013-0568, CVE-2013-0475, and CVE-2013-0567." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21640830", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21640830" - }, - { - "name" : "sterling-b2b-cve20130463-infodisc(81017)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-2985, CVE-2013-2987, CVE-2013-3020, CVE-2013-0568, CVE-2013-0475, and CVE-2013-0567." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21640830", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640830" + }, + { + "name": "sterling-b2b-cve20130463-infodisc(81017)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81017" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3131.json b/2013/3xxx/CVE-2013-3131.json index a504a5a8320..bd3a2120535 100644 --- a/2013/3xxx/CVE-2013-3131.json +++ b/2013/3xxx/CVE-2013-3131.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka \"Array Access Violation Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-052", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-052" - }, - { - "name" : "TA13-190A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-190A" - }, - { - "name" : "oval:org.mitre.oval:def:17032", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17032" - }, - { - "name" : "oval:org.mitre.oval:def:17261", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17261" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka \"Array Access Violation Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-052", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-052" + }, + { + "name": "oval:org.mitre.oval:def:17032", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17032" + }, + { + "name": "oval:org.mitre.oval:def:17261", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17261" + }, + { + "name": "TA13-190A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-190A" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3288.json b/2013/3xxx/CVE-2013-3288.json index cb5e954dc4a..24804ebc174 100644 --- a/2013/3xxx/CVE-2013-3288.json +++ b/2013/3xxx/CVE-2013-3288.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability on the EMC RSA Data Protection Manager (DPM) appliance 3.2.x before 3.2.4.2 and 3.5.x before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2013-3288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability on the EMC RSA Data Protection Manager (DPM) appliance 3.2.x before 3.2.4.2 and 3.5.x before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3444.json b/2013/3xxx/CVE-2013-3444.json index b955cad2d0e..7c5ce1a70dd 100644 --- a/2013/3xxx/CVE-2013-3444.json +++ b/2013/3xxx/CVE-2013-3444.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before 2.5.6; Cisco CDS-IS Software 2.x before 2.6.3.b50 and 3.1.x before 3.1.2b54; Cisco VDS-IS Software 3.2.x before 3.2.1.b9; Cisco VDS-SB Software 1.x before 1.1.0-b96; Cisco VDS-OE Software 1.x before 1.0.1; and Cisco VDS-OS Software 1.x in central-management mode allows remote authenticated users to execute arbitrary commands by appending crafted strings to values in GUI fields, aka Bug IDs CSCug40609, CSCug48855, CSCug48921, CSCug48872, CSCuh21103, CSCuh21020, and CSCug56790." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-3444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130731 Authenticated Command Injection Vulnerability in Multiple Cisco Content Network and Video Delivery Products", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-cm" - }, - { - "name" : "61543", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61543" - }, - { - "name" : "1028852", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028852" - }, - { - "name" : "1028853", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028853" - }, - { - "name" : "54367", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54367" - }, - { - "name" : "54369", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54369" - }, - { - "name" : "54370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54370" - }, - { - "name" : "54372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54372" - }, - { - "name" : "multiple-cisco-cve20133444-command-exec(86122)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before 2.5.6; Cisco CDS-IS Software 2.x before 2.6.3.b50 and 3.1.x before 3.1.2b54; Cisco VDS-IS Software 3.2.x before 3.2.1.b9; Cisco VDS-SB Software 1.x before 1.1.0-b96; Cisco VDS-OE Software 1.x before 1.0.1; and Cisco VDS-OS Software 1.x in central-management mode allows remote authenticated users to execute arbitrary commands by appending crafted strings to values in GUI fields, aka Bug IDs CSCug40609, CSCug48855, CSCug48921, CSCug48872, CSCuh21103, CSCuh21020, and CSCug56790." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1028852", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028852" + }, + { + "name": "20130731 Authenticated Command Injection Vulnerability in Multiple Cisco Content Network and Video Delivery Products", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-cm" + }, + { + "name": "54367", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54367" + }, + { + "name": "multiple-cisco-cve20133444-command-exec(86122)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86122" + }, + { + "name": "54372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54372" + }, + { + "name": "61543", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61543" + }, + { + "name": "54370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54370" + }, + { + "name": "54369", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54369" + }, + { + "name": "1028853", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028853" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3589.json b/2013/3xxx/CVE-2013-3589.json index ec4dbab3cb6..4e19a00d7e1 100644 --- a/2013/3xxx/CVE-2013-3589.json +++ b/2013/3xxx/CVE-2013-3589.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-3589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/BLUU-997QVW", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/BLUU-997QVW" - }, - { - "name" : "VU#920038", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/920038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kb.cert.org/vuls/id/BLUU-997QVW", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/BLUU-997QVW" + }, + { + "name": "VU#920038", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/920038" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3667.json b/2013/3xxx/CVE-2013-3667.json index db1e36265e6..a6bad094805 100644 --- a/2013/3xxx/CVE-2013-3667.json +++ b/2013/3xxx/CVE-2013-3667.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3667", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation, which allows attackers to perform \"tampering or corruption\" of the updates." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3667", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.barebones.com/support/bbedit/arch_bbedit1055.html", - "refsource" : "CONFIRM", - "url" : "http://www.barebones.com/support/bbedit/arch_bbedit1055.html" - }, - { - "name" : "http://www.barebones.com/support/textwrangler/notes_tw453.html", - "refsource" : "CONFIRM", - "url" : "http://www.barebones.com/support/textwrangler/notes_tw453.html" - }, - { - "name" : "http://www.barebones.com/support/yojimbo/arch_yojimbo40.html", - "refsource" : "CONFIRM", - "url" : "http://www.barebones.com/support/yojimbo/arch_yojimbo40.html" - }, - { - "name" : "https://groups.google.com/forum/#!msg/bbedit/BjvyUKCM4Gk/ZT_v03QqPqgJ", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!msg/bbedit/BjvyUKCM4Gk/ZT_v03QqPqgJ" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation, which allows attackers to perform \"tampering or corruption\" of the updates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.barebones.com/support/yojimbo/arch_yojimbo40.html", + "refsource": "CONFIRM", + "url": "http://www.barebones.com/support/yojimbo/arch_yojimbo40.html" + }, + { + "name": "http://www.barebones.com/support/bbedit/arch_bbedit1055.html", + "refsource": "CONFIRM", + "url": "http://www.barebones.com/support/bbedit/arch_bbedit1055.html" + }, + { + "name": "https://groups.google.com/forum/#!msg/bbedit/BjvyUKCM4Gk/ZT_v03QqPqgJ", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!msg/bbedit/BjvyUKCM4Gk/ZT_v03QqPqgJ" + }, + { + "name": "http://www.barebones.com/support/textwrangler/notes_tw453.html", + "refsource": "CONFIRM", + "url": "http://www.barebones.com/support/textwrangler/notes_tw453.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3678.json b/2013/3xxx/CVE-2013-3678.json index 612ebd0525e..71d8f9a2a1d 100644 --- a/2013/3xxx/CVE-2013-3678.json +++ b/2013/3xxx/CVE-2013-3678.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141112 [ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP Governance, Risk and Compliance (SAP GRC)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533965/100/0/threaded" - }, - { - "name" : "20141112 [ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP Governance, Risk and Compliance (SAP GRC)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/25" - }, - { - "name" : "http://packetstormsecurity.com/files/129083/SAP-GRC-Bypass-Privilege-Escalation-Program-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129083/SAP-GRC-Bypass-Privilege-Escalation-Program-Execution.html" - }, - { - "name" : "http://www.esnc.de/security-advisories/security-vulnerability-in-sap-grc-access-control", - "refsource" : "MISC", - "url" : "http://www.esnc.de/security-advisories/security-vulnerability-in-sap-grc-access-control" - }, - { - "name" : "https://service.sap.com/sap/support/notes/2039348", - "refsource" : "MISC", - "url" : "https://service.sap.com/sap/support/notes/2039348" - }, - { - "name" : "71055", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71055" - }, - { - "name" : "sapgrc-cve20133678-priv-esc(98637)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98637" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "71055", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71055" + }, + { + "name": "20141112 [ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP Governance, Risk and Compliance (SAP GRC)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533965/100/0/threaded" + }, + { + "name": "https://service.sap.com/sap/support/notes/2039348", + "refsource": "MISC", + "url": "https://service.sap.com/sap/support/notes/2039348" + }, + { + "name": "http://packetstormsecurity.com/files/129083/SAP-GRC-Bypass-Privilege-Escalation-Program-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129083/SAP-GRC-Bypass-Privilege-Escalation-Program-Execution.html" + }, + { + "name": "sapgrc-cve20133678-priv-esc(98637)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98637" + }, + { + "name": "http://www.esnc.de/security-advisories/security-vulnerability-in-sap-grc-access-control", + "refsource": "MISC", + "url": "http://www.esnc.de/security-advisories/security-vulnerability-in-sap-grc-access-control" + }, + { + "name": "20141112 [ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP Governance, Risk and Compliance (SAP GRC)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/25" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3703.json b/2013/3xxx/CVE-2013-3703.json index 6829abd3981..bb9d997ec90 100644 --- a/2013/3xxx/CVE-2013-3703.json +++ b/2013/3xxx/CVE-2013-3703.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@suse.de", - "DATE_PUBLIC" : "2013-07-05T00:00:00.000Z", - "ID" : "CVE-2013-3703", - "STATE" : "PUBLIC", - "TITLE" : "No write permission check in change_role command" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Open Build Service", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "2.4.4" - } - ] - } - } - ] - }, - "vendor_name" : "openSUSE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 8.8, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-862" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2013-07-05T00:00:00.000Z", + "ID": "CVE-2013-3703", + "STATE": "PUBLIC", + "TITLE": "No write permission check in change_role command" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Open Build Service", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=828256", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=828256" - }, - { - "name" : "https://github.com/openSUSE/open-build-service/commit/06ad7fdbdd7eb2fef8947d14c4cdd00d8f6387b1", - "refsource" : "CONFIRM", - "url" : "https://github.com/openSUSE/open-build-service/commit/06ad7fdbdd7eb2fef8947d14c4cdd00d8f6387b1" - } - ] - }, - "source" : { - "defect" : [ - "828256" - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=828256", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=828256" + }, + { + "name": "https://github.com/openSUSE/open-build-service/commit/06ad7fdbdd7eb2fef8947d14c4cdd00d8f6387b1", + "refsource": "CONFIRM", + "url": "https://github.com/openSUSE/open-build-service/commit/06ad7fdbdd7eb2fef8947d14c4cdd00d8f6387b1" + } + ] + }, + "source": { + "defect": [ + "828256" + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4102.json b/2013/4xxx/CVE-2013-4102.json index 543236c7fe4..51612fa364e 100644 --- a/2013/4xxx/CVE-2013-4102.json +++ b/2013/4xxx/CVE-2013-4102.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4102", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4102", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4477.json b/2013/4xxx/CVE-2013-4477.json index 4dbd87db078..3c874b3ec1b 100644 --- a/2013/4xxx/CVE-2013-4477.json +++ b/2013/4xxx/CVE-2013-4477.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131030 [OSSA 2013-028] Unintentional role granting with Keystone LDAP backend (CVE-2013-4477)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/10/30/6" - }, - { - "name" : "https://bugs.launchpad.net/keystone/+bug/1242855", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/keystone/+bug/1242855" - }, - { - "name" : "RHSA-2014:0113", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0113.html" - }, - { - "name" : "USN-2034-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2034-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20131030 [OSSA 2013-028] Unintentional role granting with Keystone LDAP backend (CVE-2013-4477)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/10/30/6" + }, + { + "name": "USN-2034-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2034-1" + }, + { + "name": "RHSA-2014:0113", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0113.html" + }, + { + "name": "https://bugs.launchpad.net/keystone/+bug/1242855", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/keystone/+bug/1242855" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4711.json b/2013/4xxx/CVE-2013-4711.json index e4e28d32e0b..a8f6fa8a0f5 100644 --- a/2013/4xxx/CVE-2013-4711.json +++ b/2013/4xxx/CVE-2013-4711.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Accela BizSearch 3.2 on Linux and Solaris allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-4711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.accelatech.com/support/contents/patch.html", - "refsource" : "MISC", - "url" : "http://www.accelatech.com/support/contents/patch.html" - }, - { - "name" : "http://jvn.jp/en/jp/JVN33788325/995225/index.html", - "refsource" : "CONFIRM", - "url" : "http://jvn.jp/en/jp/JVN33788325/995225/index.html" - }, - { - "name" : "JVN#33788325", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN33788325/index.html" - }, - { - "name" : "JVNDB-2013-000094", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Accela BizSearch 3.2 on Linux and Solaris allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://jvn.jp/en/jp/JVN33788325/995225/index.html", + "refsource": "CONFIRM", + "url": "http://jvn.jp/en/jp/JVN33788325/995225/index.html" + }, + { + "name": "JVN#33788325", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN33788325/index.html" + }, + { + "name": "JVNDB-2013-000094", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000094" + }, + { + "name": "http://www.accelatech.com/support/contents/patch.html", + "refsource": "MISC", + "url": "http://www.accelatech.com/support/contents/patch.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4771.json b/2013/4xxx/CVE-2013-4771.json index 85f057fedad..ab6c7d79b7e 100644 --- a/2013/4xxx/CVE-2013-4771.json +++ b/2013/4xxx/CVE-2013-4771.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4771", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4771", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4866.json b/2013/4xxx/CVE-2013-4866.json index f0b32e7ead9..7015a8641c8 100644 --- a/2013/4xxx/CVE-2013-4866.json +++ b/2013/4xxx/CVE-2013-4866.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4866", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LIXIL Corporation My SATIS Genius Toilet application for Android has a hardcoded Bluetooth PIN, which allows physically proximate attackers to trigger physical resource consumption (water or heat) or user discomfort." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130801 TWSL2013-020: Hard-Coded Bluetooth PIN Vulnerability in LIXIL Satis Toilet", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Aug/18" - }, - { - "name" : "http://arstechnica.com/security/2013/08/holy-sht-smart-toilet-hack-attack/", - "refsource" : "MISC", - "url" : "http://arstechnica.com/security/2013/08/holy-sht-smart-toilet-hack-attack/" - }, - { - "name" : "http://packetstormsecurity.com/files/122655/LIXIL-Satis-Toilet-Hard-Coded-Bluetooth-PIN.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/122655/LIXIL-Satis-Toilet-Hard-Coded-Bluetooth-PIN.html" - }, - { - "name" : "http://www.huffingtonpost.co.uk/2013/08/05/smart-toilet-could-attackmy-satis_n_3706116.html", - "refsource" : "MISC", - "url" : "http://www.huffingtonpost.co.uk/2013/08/05/smart-toilet-could-attackmy-satis_n_3706116.html" - }, - { - "name" : "http://www.independent.co.uk/life-style/gadgets-and-tech/features/now-even-toilets-arent-safe-from-hacking-8747232.html", - "refsource" : "MISC", - "url" : "http://www.independent.co.uk/life-style/gadgets-and-tech/features/now-even-toilets-arent-safe-from-hacking-8747232.html" - }, - { - "name" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-020.txt", - "refsource" : "MISC", - "url" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-020.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LIXIL Corporation My SATIS Genius Toilet application for Android has a hardcoded Bluetooth PIN, which allows physically proximate attackers to trigger physical resource consumption (water or heat) or user discomfort." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-020.txt", + "refsource": "MISC", + "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-020.txt" + }, + { + "name": "20130801 TWSL2013-020: Hard-Coded Bluetooth PIN Vulnerability in LIXIL Satis Toilet", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Aug/18" + }, + { + "name": "http://www.independent.co.uk/life-style/gadgets-and-tech/features/now-even-toilets-arent-safe-from-hacking-8747232.html", + "refsource": "MISC", + "url": "http://www.independent.co.uk/life-style/gadgets-and-tech/features/now-even-toilets-arent-safe-from-hacking-8747232.html" + }, + { + "name": "http://packetstormsecurity.com/files/122655/LIXIL-Satis-Toilet-Hard-Coded-Bluetooth-PIN.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/122655/LIXIL-Satis-Toilet-Hard-Coded-Bluetooth-PIN.html" + }, + { + "name": "http://arstechnica.com/security/2013/08/holy-sht-smart-toilet-hack-attack/", + "refsource": "MISC", + "url": "http://arstechnica.com/security/2013/08/holy-sht-smart-toilet-hack-attack/" + }, + { + "name": "http://www.huffingtonpost.co.uk/2013/08/05/smart-toilet-could-attackmy-satis_n_3706116.html", + "refsource": "MISC", + "url": "http://www.huffingtonpost.co.uk/2013/08/05/smart-toilet-could-attackmy-satis_n_3706116.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6196.json b/2013/6xxx/CVE-2013-6196.json index 448e7d9b69d..9c04c156ac7 100644 --- a/2013/6xxx/CVE-2013-6196.json +++ b/2013/6xxx/CVE-2013-6196.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in HP Autonomy Ultraseek 5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-6196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBGN02950", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04041082" - }, - { - "name" : "SSRT101354", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04041082" - }, - { - "name" : "JVN#69700259", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN69700259/index.html" - }, - { - "name" : "JVNDB-2013-000126", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000126.html" - }, - { - "name" : "64458", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64458" - }, - { - "name" : "1029522", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029522" - }, - { - "name" : "hp-autonomy-cve20136196-xss(89939)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in HP Autonomy Ultraseek 5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029522", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029522" + }, + { + "name": "HPSBGN02950", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04041082" + }, + { + "name": "SSRT101354", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04041082" + }, + { + "name": "JVN#69700259", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN69700259/index.html" + }, + { + "name": "hp-autonomy-cve20136196-xss(89939)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89939" + }, + { + "name": "JVNDB-2013-000126", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000126.html" + }, + { + "name": "64458", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64458" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6248.json b/2013/6xxx/CVE-2013-6248.json index 819e6633f50..b6b58e3afb2 100644 --- a/2013/6xxx/CVE-2013-6248.json +++ b/2013/6xxx/CVE-2013-6248.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6248", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6248", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7229.json b/2013/7xxx/CVE-2013-7229.json index 607f1202fdb..f559defd084 100644 --- a/2013/7xxx/CVE-2013-7229.json +++ b/2013/7xxx/CVE-2013-7229.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7229", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7229", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7385.json b/2013/7xxx/CVE-2013-7385.json index 4c6672e7b19..25f13d88df0 100644 --- a/2013/7xxx/CVE-2013-7385.json +++ b/2013/7xxx/CVE-2013-7385.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7033." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/124444/LiveZilla-5.1.2.0-Insecure-Password-Storage.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/124444/LiveZilla-5.1.2.0-Insecure-Password-Storage.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7033." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/124444/LiveZilla-5.1.2.0-Insecure-Password-Storage.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/124444/LiveZilla-5.1.2.0-Insecure-Password-Storage.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10341.json b/2017/10xxx/CVE-2017-10341.json index 8e7be3c1e42..c97f776028a 100644 --- a/2017/10xxx/CVE-2017-10341.json +++ b/2017/10xxx/CVE-2017-10341.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java Advanced Management Console: 2.7" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java Advanced Management Console: 2.7" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171019-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171019-0001/" - }, - { - "name" : "101451", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101451" - }, - { - "name" : "1039596", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039596" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "1039596", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039596" + }, + { + "name": "101451", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101451" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20171019-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10585.json b/2017/10xxx/CVE-2017-10585.json index baa2d20c5eb..6d98b1bd701 100644 --- a/2017/10xxx/CVE-2017-10585.json +++ b/2017/10xxx/CVE-2017-10585.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10585", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10585", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10768.json b/2017/10xxx/CVE-2017-10768.json index 3d4e1d0985a..bd735031dec 100644 --- a/2017/10xxx/CVE-2017-10768.json +++ b/2017/10xxx/CVE-2017-10768.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpInsertFreeBlock+0x00000000000001ca.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10768", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10768" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpInsertFreeBlock+0x00000000000001ca.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10768", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10768" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10851.json b/2017/10xxx/CVE-2017-10851.json index 55b3fcd807b..bc1d52ee9ff 100644 --- a/2017/10xxx/CVE-2017-10851.json +++ b/2017/10xxx/CVE-2017-10851.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-10851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Installer for ContentsBridge Utility for Windows", - "version" : { - "version_data" : [ - { - "version_value" : "7.4.0 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Fuji Xerox Co.,Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Installer for ContentsBridge Utility for Windows 7.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-10851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Installer for ContentsBridge Utility for Windows", + "version": { + "version_data": [ + { + "version_value": "7.4.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Fuji Xerox Co.,Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html", - "refsource" : "CONFIRM", - "url" : "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html" - }, - { - "name" : "JVN#09769017", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN09769017/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Installer for ContentsBridge Utility for Windows 7.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#09769017", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN09769017/index.html" + }, + { + "name": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html", + "refsource": "CONFIRM", + "url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10905.json b/2017/10xxx/CVE-2017-10905.json index 632f992d633..8a4e7cbce01 100644 --- a/2017/10xxx/CVE-2017-10905.json +++ b/2017/10xxx/CVE-2017-10905.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-10905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Qt for Android", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 5.9.3" - } - ] - } - } - ] - }, - "vendor_name" : "The Qt Company" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "External Control of Critical State Data" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-10905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Qt for Android", + "version": { + "version_data": [ + { + "version_value": "prior to 5.9.3" + } + ] + } + } + ] + }, + "vendor_name": "The Qt Company" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/", - "refsource" : "CONFIRM", - "url" : "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/" - }, - { - "name" : "JVN#27342829", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN27342829/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "External Control of Critical State Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#27342829", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN27342829/index.html" + }, + { + "name": "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/", + "refsource": "CONFIRM", + "url": "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12518.json b/2017/12xxx/CVE-2017-12518.json index dee6ab5096e..8854924e526 100644 --- a/2017/12xxx/CVE-2017-12518.json +++ b/2017/12xxx/CVE-2017-12518.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-08-11T00:00:00", - "ID" : "CVE-2017-12518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center (iMC) PLAT", - "version" : { - "version_data" : [ - { - "version_value" : "PLAT 7.3 (E0504)" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-08-11T00:00:00", + "ID": "CVE-2017-12518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center (iMC) PLAT", + "version": { + "version_data": [ + { + "version_value": "PLAT 7.3 (E0504)" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" - }, - { - "name" : "100367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100367" - }, - { - "name" : "1039152", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039152", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039152" + }, + { + "name": "100367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100367" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12993.json b/2017/12xxx/CVE-2017-12993.json index eeea588be51..ce341b2c827 100644 --- a/2017/12xxx/CVE-2017-12993.json +++ b/2017/12xxx/CVE-2017-12993.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tcpdump.org/tcpdump-changes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tcpdump.org/tcpdump-changes.txt" - }, - { - "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/b534e304568585707c4a92422aeca25cf908ff02", - "refsource" : "CONFIRM", - "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/b534e304568585707c4a92422aeca25cf908ff02" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "DSA-3971", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3971" - }, - { - "name" : "GLSA-201709-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-23" - }, - { - "name" : "RHEA-2018:0705", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHEA-2018:0705" - }, - { - "name" : "1039307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-23" + }, + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "DSA-3971", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3971" + }, + { + "name": "1039307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039307" + }, + { + "name": "http://www.tcpdump.org/tcpdump-changes.txt", + "refsource": "CONFIRM", + "url": "http://www.tcpdump.org/tcpdump-changes.txt" + }, + { + "name": "https://github.com/the-tcpdump-group/tcpdump/commit/b534e304568585707c4a92422aeca25cf908ff02", + "refsource": "CONFIRM", + "url": "https://github.com/the-tcpdump-group/tcpdump/commit/b534e304568585707c4a92422aeca25cf908ff02" + }, + { + "name": "RHEA-2018:0705", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHEA-2018:0705" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13009.json b/2017/13xxx/CVE-2017-13009.json index 153fa6e9927..e986b3d42c2 100644 --- a/2017/13xxx/CVE-2017-13009.json +++ b/2017/13xxx/CVE-2017-13009.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tcpdump.org/tcpdump-changes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tcpdump.org/tcpdump-changes.txt" - }, - { - "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/db8c799f6dfc68765c9451fcbfca06e662f5bd5f", - "refsource" : "CONFIRM", - "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/db8c799f6dfc68765c9451fcbfca06e662f5bd5f" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "DSA-3971", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3971" - }, - { - "name" : "GLSA-201709-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-23" - }, - { - "name" : "RHEA-2018:0705", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHEA-2018:0705" - }, - { - "name" : "1039307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-23" + }, + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "DSA-3971", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3971" + }, + { + "name": "https://github.com/the-tcpdump-group/tcpdump/commit/db8c799f6dfc68765c9451fcbfca06e662f5bd5f", + "refsource": "CONFIRM", + "url": "https://github.com/the-tcpdump-group/tcpdump/commit/db8c799f6dfc68765c9451fcbfca06e662f5bd5f" + }, + { + "name": "1039307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039307" + }, + { + "name": "http://www.tcpdump.org/tcpdump-changes.txt", + "refsource": "CONFIRM", + "url": "http://www.tcpdump.org/tcpdump-changes.txt" + }, + { + "name": "RHEA-2018:0705", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHEA-2018:0705" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13854.json b/2017/13xxx/CVE-2017-13854.json index 41809a8a6f6..fa43758a495 100644 --- a/2017/13xxx/CVE-2017-13854.json +++ b/2017/13xxx/CVE-2017-13854.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-13854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-13854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208112", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208112" - }, - { - "name" : "https://support.apple.com/HT208113", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208113" - }, - { - "name" : "https://support.apple.com/HT208115", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208115" - }, - { - "name" : "https://support.apple.com/HT208144", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208144", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208144" + }, + { + "name": "https://support.apple.com/HT208113", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208113" + }, + { + "name": "https://support.apple.com/HT208112", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208112" + }, + { + "name": "https://support.apple.com/HT208115", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208115" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13962.json b/2017/13xxx/CVE-2017-13962.json index e04e0112623..febfcfc5280 100644 --- a/2017/13xxx/CVE-2017-13962.json +++ b/2017/13xxx/CVE-2017-13962.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13962", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13962", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17000.json b/2017/17xxx/CVE-2017-17000.json index 5c773d82d0c..62af6241ad4 100644 --- a/2017/17xxx/CVE-2017-17000.json +++ b/2017/17xxx/CVE-2017-17000.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17000", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17000", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17027.json b/2017/17xxx/CVE-2017-17027.json index 6920820a0b6..8f5669786f7 100644 --- a/2017/17xxx/CVE-2017-17027.json +++ b/2017/17xxx/CVE-2017-17027.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@qnapsecurity.com.tw", - "DATE_PUBLIC" : "2017-12-15T00:00:00", - "ID" : "CVE-2017-17027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "QTS FTP service", - "version" : { - "version_data" : [ - { - "version_value" : "4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116" - } - ] - } - } - ] - }, - "vendor_name" : "QNAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "security@qnap.com", + "DATE_PUBLIC": "2017-12-15T00:00:00", + "ID": "CVE-2017-17027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "QTS FTP service", + "version": { + "version_data": [ + { + "version_value": "4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116" + } + ] + } + } + ] + }, + "vendor_name": "QNAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qnap.com/zh-tw/security-advisory/nas-201712-15", - "refsource" : "CONFIRM", - "url" : "https://www.qnap.com/zh-tw/security-advisory/nas-201712-15" - }, - { - "name" : "1040018", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040018", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040018" + }, + { + "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201712-15", + "refsource": "CONFIRM", + "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201712-15" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17259.json b/2017/17xxx/CVE-2017-17259.json index 23e6d70b947..81d736b2677 100644 --- a/2017/17xxx/CVE-2017-17259.json +++ b/2017/17xxx/CVE-2017-17259.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17259", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17259", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17395.json b/2017/17xxx/CVE-2017-17395.json index 89af9351000..0ebf1b89a08 100644 --- a/2017/17xxx/CVE-2017-17395.json +++ b/2017/17xxx/CVE-2017-17395.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17395", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17395", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0339.json b/2018/0xxx/CVE-2018-0339.json index 95d9aea31d3..ef37df167d0 100644 --- a/2018/0xxx/CVE-2018-0339.json +++ b/2018/0xxx/CVE-2018-0339.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0339", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Identity Services Engine unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Identity Services Engine unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf72309." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Identity Services Engine unknown", + "version": { + "version_data": [ + { + "version_value": "Cisco Identity Services Engine unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ise-xss", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ise-xss" - }, - { - "name" : "104424", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104424" - }, - { - "name" : "1041066", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf72309." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ise-xss", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ise-xss" + }, + { + "name": "104424", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104424" + }, + { + "name": "1041066", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041066" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18298.json b/2018/18xxx/CVE-2018-18298.json index 52fb3ef3723..eee5cf37bfb 100644 --- a/2018/18xxx/CVE-2018-18298.json +++ b/2018/18xxx/CVE-2018-18298.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18298", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18298", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18595.json b/2018/18xxx/CVE-2018-18595.json index 679ef3b10f8..1f8ccb22c5d 100644 --- a/2018/18xxx/CVE-2018-18595.json +++ b/2018/18xxx/CVE-2018-18595.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18595", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18595", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18765.json b/2018/18xxx/CVE-2018-18765.json index 980a1e92cd3..d379b6bc52d 100644 --- a/2018/18xxx/CVE-2018-18765.json +++ b/2018/18xxx/CVE-2018-18765.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/TiffanyBlue/PoCbyMyself/blob/master/mongoose6.13/mqtt/Cesanta%20Mongoose%20MQTT%20mg_mqtt_next_subscribe_topic%20heap%20buffer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/TiffanyBlue/PoCbyMyself/blob/master/mongoose6.13/mqtt/Cesanta%20Mongoose%20MQTT%20mg_mqtt_next_subscribe_topic%20heap%20buffer%20overflow.md" - }, - { - "name" : "https://twitter.com/thracky/status/1059472674940993541", - "refsource" : "MISC", - "url" : "https://twitter.com/thracky/status/1059472674940993541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://twitter.com/thracky/status/1059472674940993541", + "refsource": "MISC", + "url": "https://twitter.com/thracky/status/1059472674940993541" + }, + { + "name": "https://github.com/TiffanyBlue/PoCbyMyself/blob/master/mongoose6.13/mqtt/Cesanta%20Mongoose%20MQTT%20mg_mqtt_next_subscribe_topic%20heap%20buffer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/TiffanyBlue/PoCbyMyself/blob/master/mongoose6.13/mqtt/Cesanta%20Mongoose%20MQTT%20mg_mqtt_next_subscribe_topic%20heap%20buffer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19068.json b/2018/19xxx/CVE-2018-19068.json index c7107886860..44ac89e067a 100644 --- a/2018/19xxx/CVE-2018-19068.json +++ b/2018/19xxx/CVE-2018-19068.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt", - "refsource" : "MISC", - "url" : "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt", + "refsource": "MISC", + "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19177.json b/2018/19xxx/CVE-2018-19177.json index 10024cb3b3c..1ff8ef1deab 100644 --- a/2018/19xxx/CVE-2018-19177.json +++ b/2018/19xxx/CVE-2018-19177.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19177", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19177", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19738.json b/2018/19xxx/CVE-2018-19738.json index 0f9ed3998de..b1dbb435b18 100644 --- a/2018/19xxx/CVE-2018-19738.json +++ b/2018/19xxx/CVE-2018-19738.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19738", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-19738", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19869.json b/2018/19xxx/CVE-2018-19869.json index ee14fd4170a..9949fca5559 100644 --- a/2018/19xxx/CVE-2018-19869.json +++ b/2018/19xxx/CVE-2018-19869.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19869", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/", - "refsource" : "CONFIRM", - "url" : "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/" - }, - { - "name" : "https://codereview.qt-project.org/#/c/234142/", - "refsource" : "CONFIRM", - "url" : "https://codereview.qt-project.org/#/c/234142/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://codereview.qt-project.org/#/c/234142/", + "refsource": "CONFIRM", + "url": "https://codereview.qt-project.org/#/c/234142/" + }, + { + "name": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/", + "refsource": "CONFIRM", + "url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19872.json b/2018/19xxx/CVE-2018-19872.json index 1362619badd..56d6d623971 100644 --- a/2018/19xxx/CVE-2018-19872.json +++ b/2018/19xxx/CVE-2018-19872.json @@ -1,18 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19872", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19872", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://bugreports.qt.io/browse/QTBUG-69449", + "url": "https://bugreports.qt.io/browse/QTBUG-69449" + }, + { + "refsource": "CONFIRM", + "name": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important- security-updates/", + "url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important- security-updates/" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1013.json b/2018/1xxx/CVE-2018-1013.json index 43a994d9dbf..e1911c3b372 100644 --- a/2018/1xxx/CVE-2018-1013.json +++ b/2018/1xxx/CVE-2018-1013.json @@ -1,213 +1,213 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-1013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 7", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - } - ] - } - }, - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows RT 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows RT 8.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2008", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 2" - }, - { - "version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" - }, - { - "version_value" : "Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2012", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2008 R2", - "version" : { - "version_data" : [ - { - "version_value" : "Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1511 for 32-bit Systems" - }, - { - "version_value" : "Version 1511 for x64-based Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka \"Microsoft Graphics Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1015, CVE-2018-1016." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-1013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 7", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server 2008", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 2" + }, + { + "version_value": "32-bit Systems Service Pack 2 (Server Core installation)" + }, + { + "version_value": "Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2", + "version": { + "version_data": [ + { + "version_value": "Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1511 for 32-bit Systems" + }, + { + "version_value": "Version 1511 for x64-based Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1013", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1013" - }, - { - "name" : "103599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103599" - }, - { - "name" : "1040656", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka \"Microsoft Graphics Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1015, CVE-2018-1016." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1013", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1013" + }, + { + "name": "103599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103599" + }, + { + "name": "1040656", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040656" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1042.json b/2018/1xxx/CVE-2018-1042.json index 0fc6aba73b7..6216f893043 100644 --- a/2018/1xxx/CVE-2018-1042.json +++ b/2018/1xxx/CVE-2018-1042.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2018-1042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Moodle 3.x", - "version" : { - "version_data" : [ - { - "version_value" : "Moodle 3.x" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Moodle 3.x has Server Side Request Forgery in the filepicker." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Server Side Request Forgery" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-1042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Moodle 3.x", + "version": { + "version_data": [ + { + "version_value": "Moodle 3.x" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=364381", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=364381" - }, - { - "name" : "102752", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102752" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Moodle 3.x has Server Side Request Forgery in the filepicker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server Side Request Forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://moodle.org/mod/forum/discuss.php?d=364381", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=364381" + }, + { + "name": "102752", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102752" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1405.json b/2018/1xxx/CVE-2018-1405.json index f0ff4429c38..9f3e528ad3d 100644 --- a/2018/1xxx/CVE-2018-1405.json +++ b/2018/1xxx/CVE-2018-1405.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-10-01T00:00:00", - "ID" : "CVE-2018-1405", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Quality Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - }, - { - "version_value" : "6.0.6" - }, - { - "version_value" : "5.01" - }, - { - "version_value" : "5.02" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138441." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-10-01T00:00:00", + "ID": "CVE-2018-1405", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Quality Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + }, + { + "version_value": "6.0.6" + }, + { + "version_value": "5.01" + }, + { + "version_value": "5.02" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10733078", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10733078" - }, - { - "name" : "ibm-rqm-cve20181405-xss(138441)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/138441" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138441." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-rqm-cve20181405-xss(138441)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138441" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10733078", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733078" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5572.json b/2018/5xxx/CVE-2018-5572.json index efe3a0e3db5..678959b235f 100644 --- a/2018/5xxx/CVE-2018-5572.json +++ b/2018/5xxx/CVE-2018-5572.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5572", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5572", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5744.json b/2018/5xxx/CVE-2018-5744.json index 09cf1f71316..61521e037cd 100644 --- a/2018/5xxx/CVE-2018-5744.json +++ b/2018/5xxx/CVE-2018-5744.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5744", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5744", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file