diff --git a/2001/0xxx/CVE-2001-0012.json b/2001/0xxx/CVE-2001-0012.json index 3c858fd2ddd..070ff6b2a8c 100644 --- a/2001/0xxx/CVE-2001-0012.json +++ b/2001/0xxx/CVE-2001-0012.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010129 Vulnerabilities in BIND 4 and 8", - "refsource" : "NAI", - "url" : "http://www.nai.com/research/covert/advisories/047.asp" - }, - { - "name" : "CA-2001-02", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2001-02.html" - }, - { - "name" : "DSA-026", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2001/dsa-026" - }, - { - "name" : "RHSA-2001:007", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-007.html" - }, - { - "name" : "2321", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2001:007", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-007.html" + }, + { + "name": "DSA-026", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2001/dsa-026" + }, + { + "name": "20010129 Vulnerabilities in BIND 4 and 8", + "refsource": "NAI", + "url": "http://www.nai.com/research/covert/advisories/047.asp" + }, + { + "name": "CA-2001-02", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2001-02.html" + }, + { + "name": "2321", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2321" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0310.json b/2001/0xxx/CVE-2001-0310.json index 1eb499eee5c..fd54565390b 100644 --- a/2001/0xxx/CVE-2001-0310.json +++ b/2001/0xxx/CVE-2001-0310.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not properly handle when the temporary file already exists, which causes sort to crash and possibly impacts security-sensitive scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-01:13", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:13.sort.asc" - }, - { - "name" : "3960", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3960" - }, - { - "name" : "sort-temp-file-abort(6038)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not properly handle when the temporary file already exists, which causes sort to crash and possibly impacts security-sensitive scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3960", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3960" + }, + { + "name": "sort-temp-file-abort(6038)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6038" + }, + { + "name": "FreeBSD-SA-01:13", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:13.sort.asc" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0674.json b/2001/0xxx/CVE-2001-0674.json index 97ec2fdfd13..ecd06ba2605 100644 --- a/2001/0xxx/CVE-2001-0674.json +++ b/2001/0xxx/CVE-2001-0674.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a hexadecimal encoded dot-dot attack (eg. http://www.server.com/%2e%2e/%2e%2e) in an HTTP URL request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010417 Advisory for Viking", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/177231" - }, - { - "name" : "http://www.robtex.com/viking/bugs.htm", - "refsource" : "CONFIRM", - "url" : "http://www.robtex.com/viking/bugs.htm" - }, - { - "name" : "viking-hex-directory-traversal(6394)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6394" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a hexadecimal encoded dot-dot attack (eg. http://www.server.com/%2e%2e/%2e%2e) in an HTTP URL request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "viking-hex-directory-traversal(6394)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6394" + }, + { + "name": "20010417 Advisory for Viking", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/177231" + }, + { + "name": "http://www.robtex.com/viking/bugs.htm", + "refsource": "CONFIRM", + "url": "http://www.robtex.com/viking/bugs.htm" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0147.json b/2008/0xxx/CVE-2008-0147.json index efadc29940c..43897488903 100644 --- a/2008/0xxx/CVE-2008-0147.json +++ b/2008/0xxx/CVE-2008-0147.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4863", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4863" - }, - { - "name" : "27180", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27180" - }, - { - "name" : "28301", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28301" - }, - { - "name" : "smallnuke-index-sql-injection(39525)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27180", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27180" + }, + { + "name": "4863", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4863" + }, + { + "name": "28301", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28301" + }, + { + "name": "smallnuke-index-sql-injection(39525)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39525" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0198.json b/2008/0xxx/CVE-2008-0198.json index 2ec3323cda6..7bcb81bfcf6 100644 --- a/2008/0xxx/CVE-2008-0198.json +++ b/2008/0xxx/CVE-2008-0198.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0198", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) wpcf_question, (2) wpcf_success_msg, or (3) wpcf_error_msg parameter to wp-admin/admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080103 securityvulns.com russian vulnerabilities digest", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485786/100/0/threaded" - }, - { - "name" : "20080103 securityvulns.com russian vulnerabilities digest", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html" - }, - { - "name" : "http://securityvulns.ru/Sdocument546.html", - "refsource" : "MISC", - "url" : "http://securityvulns.ru/Sdocument546.html" - }, - { - "name" : "http://securityvulns.ru/Sdocument667.html", - "refsource" : "MISC", - "url" : "http://securityvulns.ru/Sdocument667.html" - }, - { - "name" : "http://websecurity.com.ua/1600/", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/1600/" - }, - { - "name" : "http://websecurity.com.ua/1641/", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/1641/" - }, - { - "name" : "3539", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) wpcf_question, (2) wpcf_success_msg, or (3) wpcf_error_msg parameter to wp-admin/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://securityvulns.ru/Sdocument546.html", + "refsource": "MISC", + "url": "http://securityvulns.ru/Sdocument546.html" + }, + { + "name": "20080103 securityvulns.com russian vulnerabilities digest", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html" + }, + { + "name": "http://websecurity.com.ua/1600/", + "refsource": "MISC", + "url": "http://websecurity.com.ua/1600/" + }, + { + "name": "http://securityvulns.ru/Sdocument667.html", + "refsource": "MISC", + "url": "http://securityvulns.ru/Sdocument667.html" + }, + { + "name": "20080103 securityvulns.com russian vulnerabilities digest", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded" + }, + { + "name": "3539", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3539" + }, + { + "name": "http://websecurity.com.ua/1641/", + "refsource": "MISC", + "url": "http://websecurity.com.ua/1641/" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0341.json b/2008/0xxx/CVE-2008-0341.json index ebc8bef1268..fda0fab96e3 100644 --- a/2008/0xxx/CVE-2008-0341.json +++ b/2008/0xxx/CVE-2008-0341.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+ and 10.1.0.5 has unknown impact and remote attack vectors, aka DB03." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=120058413923005&w=2" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=120058413923005&w=2" - }, - { - "name" : "TA08-017A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-017A.html" - }, - { - "name" : "27229", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27229" - }, - { - "name" : "ADV-2008-0150", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0150" - }, - { - "name" : "ADV-2008-0180", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0180" - }, - { - "name" : "1019218", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019218" - }, - { - "name" : "28518", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28518" - }, - { - "name" : "28556", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28556" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+ and 10.1.0.5 has unknown impact and remote attack vectors, aka DB03." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1019218", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019218" + }, + { + "name": "27229", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27229" + }, + { + "name": "TA08-017A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-017A.html" + }, + { + "name": "ADV-2008-0150", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0150" + }, + { + "name": "ADV-2008-0180", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0180" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=120058413923005&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=120058413923005&w=2" + }, + { + "name": "28556", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28556" + }, + { + "name": "28518", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28518" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1449.json b/2008/1xxx/CVE-2008-1449.json index 4e71879c734..fff379f02c1 100644 --- a/2008/1xxx/CVE-2008-1449.json +++ b/2008/1xxx/CVE-2008-1449.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1449", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-1449", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1562.json b/2008/1xxx/CVE-2008-1562.json index f6715240ba2..3ef54726f7d 100644 --- a/2008/1xxx/CVE-2008-1562.json +++ b/2008/1xxx/CVE-2008-1562.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080404 rPSA-2008-0138-1 tshark wireshark", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490487/100/0/threaded" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2008-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2008-02.html" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0138", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0138" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2418", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2418" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm" - }, - { - "name" : "FEDORA-2008-2941", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00140.html" - }, - { - "name" : "FEDORA-2008-3040", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00228.html" - }, - { - "name" : "GLSA-200805-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200805-05.xml" - }, - { - "name" : "MDVSA-2008:091", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:091" - }, - { - "name" : "RHSA-2008:0890", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0890.html" - }, - { - "name" : "SUSE-SR:2008:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html" - }, - { - "name" : "28485", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28485" - }, - { - "name" : "oval:org.mitre.oval:def:9318", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9318" - }, - { - "name" : "oval:org.mitre.oval:def:14549", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14549" - }, - { - "name" : "ADV-2008-1007", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1007/references" - }, - { - "name" : "ADV-2008-2773", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2773" - }, - { - "name" : "1019728", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019728" - }, - { - "name" : "29569", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29569" - }, - { - "name" : "29736", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29736" - }, - { - "name" : "29622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29622" - }, - { - "name" : "29695", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29695" - }, - { - "name" : "29971", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29971" - }, - { - "name" : "32091", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32091" - }, - { - "name" : "wireshark-ldap-dissector-dos(41516)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41516" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29622" + }, + { + "name": "SUSE-SR:2008:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html" + }, + { + "name": "RHSA-2008:0890", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0890.html" + }, + { + "name": "20080404 rPSA-2008-0138-1 tshark wireshark", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490487/100/0/threaded" + }, + { + "name": "FEDORA-2008-3040", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00228.html" + }, + { + "name": "oval:org.mitre.oval:def:14549", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14549" + }, + { + "name": "29695", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29695" + }, + { + "name": "MDVSA-2008:091", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:091" + }, + { + "name": "GLSA-200805-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-05.xml" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0138", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0138" + }, + { + "name": "29971", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29971" + }, + { + "name": "28485", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28485" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm" + }, + { + "name": "32091", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32091" + }, + { + "name": "29736", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29736" + }, + { + "name": "ADV-2008-2773", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2773" + }, + { + "name": "1019728", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019728" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2008-02.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2008-02.html" + }, + { + "name": "wireshark-ldap-dissector-dos(41516)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41516" + }, + { + "name": "ADV-2008-1007", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1007/references" + }, + { + "name": "29569", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29569" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2418", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2418" + }, + { + "name": "oval:org.mitre.oval:def:9318", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9318" + }, + { + "name": "FEDORA-2008-2941", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00140.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1604.json b/2008/1xxx/CVE-2008-1604.json index b44b5d899a1..4230f22b870 100644 --- a/2008/1xxx/CVE-2008-1604.json +++ b/2008/1xxx/CVE-2008-1604.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in PerlMailer before 3.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cgi.din.or.jp/~hideyuki/cgi-bin/diary-s/perldiary-s.cgi", - "refsource" : "CONFIRM", - "url" : "http://cgi.din.or.jp/~hideyuki/cgi-bin/diary-s/perldiary-s.cgi" - }, - { - "name" : "JVN#76669770", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2376669770/index.html" - }, - { - "name" : "JVNDB-2008-000019", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/contents/ja/2008/JVNDB-2008-000019.html" - }, - { - "name" : "28472", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28472" - }, - { - "name" : "29517", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29517" - }, - { - "name" : "perlmailer-unspecified-xss(41491)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41491" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in PerlMailer before 3.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "perlmailer-unspecified-xss(41491)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41491" + }, + { + "name": "29517", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29517" + }, + { + "name": "28472", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28472" + }, + { + "name": "http://cgi.din.or.jp/~hideyuki/cgi-bin/diary-s/perldiary-s.cgi", + "refsource": "CONFIRM", + "url": "http://cgi.din.or.jp/~hideyuki/cgi-bin/diary-s/perldiary-s.cgi" + }, + { + "name": "JVN#76669770", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2376669770/index.html" + }, + { + "name": "JVNDB-2008-000019", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/contents/ja/2008/JVNDB-2008-000019.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1773.json b/2008/1xxx/CVE-2008-1773.json index 10d1634763e..943885ddd4e 100644 --- a/2008/1xxx/CVE-2008-1773.json +++ b/2008/1xxx/CVE-2008-1773.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/header.inc.php in Dragoon 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5393", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5393" - }, - { - "name" : "28660", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28660" - }, - { - "name" : "dragoon-headerinc-file-include(41680)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/header.inc.php in Dragoon 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5393", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5393" + }, + { + "name": "dragoon-headerinc-file-include(41680)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41680" + }, + { + "name": "28660", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28660" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1843.json b/2008/1xxx/CVE-2008-1843.json index 7d42e087389..4e5b720d4aa 100644 --- a/2008/1xxx/CVE-2008-1843.json +++ b/2008/1xxx/CVE-2008-1843.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in browse.php in W2B DatingClub (aka Dating Club) allows remote attackers to execute arbitrary SQL commands via the age_to parameter in a browsebyCat action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080410 w2b.ru multiple products SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=120792465631586&w=2" - }, - { - "name" : "http://forum.aria-security.com/showthread.php?p=70", - "refsource" : "MISC", - "url" : "http://forum.aria-security.com/showthread.php?p=70" - }, - { - "name" : "28737", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28737" - }, - { - "name" : "44371", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/44371" - }, - { - "name" : "29815", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29815" - }, - { - "name" : "datingclub-browse-sql-injection(41792)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in browse.php in W2B DatingClub (aka Dating Club) allows remote attackers to execute arbitrary SQL commands via the age_to parameter in a browsebyCat action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44371", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/44371" + }, + { + "name": "29815", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29815" + }, + { + "name": "28737", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28737" + }, + { + "name": "http://forum.aria-security.com/showthread.php?p=70", + "refsource": "MISC", + "url": "http://forum.aria-security.com/showthread.php?p=70" + }, + { + "name": "20080410 w2b.ru multiple products SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=120792465631586&w=2" + }, + { + "name": "datingclub-browse-sql-injection(41792)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41792" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1874.json b/2008/1xxx/CVE-2008-1874.json index 73dd7ed23c3..50988893664 100644 --- a/2008/1xxx/CVE-2008-1874.json +++ b/2008/1xxx/CVE-2008-1874.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in account/user/mail.html in Xpoze Pro 3.05 and earlier allows remote authenticated users to execute arbitrary SQL commands via the reed parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5358", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5358" - }, - { - "name" : "28618", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28618" - }, - { - "name" : "29700", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29700" - }, - { - "name" : "xpoze-mail-sql-injection(41656)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in account/user/mail.html in Xpoze Pro 3.05 and earlier allows remote authenticated users to execute arbitrary SQL commands via the reed parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29700", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29700" + }, + { + "name": "28618", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28618" + }, + { + "name": "5358", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5358" + }, + { + "name": "xpoze-mail-sql-injection(41656)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41656" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5085.json b/2008/5xxx/CVE-2008-5085.json index 9c4ef1d81f9..988cd99f35f 100644 --- a/2008/5xxx/CVE-2008-5085.json +++ b/2008/5xxx/CVE-2008-5085.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5085", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5085", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5166.json b/2008/5xxx/CVE-2008-5166.json index 812f8c876dc..50ad0e22ac0 100644 --- a/2008/5xxx/CVE-2008-5166.json +++ b/2008/5xxx/CVE-2008-5166.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 allows remote attackers to execute arbitrary SQL commands via the riddleid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5946", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5946" - }, - { - "name" : "29966", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29966" - }, - { - "name" : "30862", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30862" - }, - { - "name" : "4615", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4615" - }, - { - "name" : "riddleswebsite-riddle-sql-injection(43399)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43399" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 allows remote attackers to execute arbitrary SQL commands via the riddleid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5946", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5946" + }, + { + "name": "4615", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4615" + }, + { + "name": "30862", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30862" + }, + { + "name": "riddleswebsite-riddle-sql-injection(43399)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43399" + }, + { + "name": "29966", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29966" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5242.json b/2008/5xxx/CVE-2008-5242.json index 1924a1dc1a9..89a9e93a3d6 100644 --- a/2008/5xxx/CVE-2008-5242.json +++ b/2008/5xxx/CVE-2008-5242.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495674/100/0/threaded" - }, - { - "name" : "http://www.ocert.org/analysis/2008-008/analysis.txt", - "refsource" : "MISC", - "url" : "http://www.ocert.org/analysis/2008-008/analysis.txt" - }, - { - "name" : "FEDORA-2008-7512", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" - }, - { - "name" : "FEDORA-2008-7572", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" - }, - { - "name" : "SUSE-SR:2009:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" - }, - { - "name" : "30797", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30797" - }, - { - "name" : "31827", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31827" - }, - { - "name" : "4648", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4648" - }, - { - "name" : "xinelib-demuxqtc-stsdatom-dos(44657)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30797", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30797" + }, + { + "name": "xinelib-demuxqtc-stsdatom-dos(44657)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44657" + }, + { + "name": "http://www.ocert.org/analysis/2008-008/analysis.txt", + "refsource": "MISC", + "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" + }, + { + "name": "4648", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4648" + }, + { + "name": "31827", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31827" + }, + { + "name": "FEDORA-2008-7572", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" + }, + { + "name": "SUSE-SR:2009:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" + }, + { + "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" + }, + { + "name": "FEDORA-2008-7512", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5851.json b/2008/5xxx/CVE-2008-5851.json index 4cec39695f0..6db4171dc3a 100644 --- a/2008/5xxx/CVE-2008-5851.json +++ b/2008/5xxx/CVE-2008-5851.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in My PHP Baseball Stats (MyPBS) allows remote attackers to execute arbitrary SQL commands via the seasonID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7522", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7522" - }, - { - "name" : "32930", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32930" - }, - { - "name" : "4869", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4869" - }, - { - "name" : "mypbs-index-sql-injection(47498)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in My PHP Baseball Stats (MyPBS) allows remote attackers to execute arbitrary SQL commands via the seasonID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7522", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7522" + }, + { + "name": "32930", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32930" + }, + { + "name": "mypbs-index-sql-injection(47498)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47498" + }, + { + "name": "4869", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4869" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5987.json b/2008/5xxx/CVE-2008-5987.json index 2da01e4f85d..9a96539ef36 100644 --- a/2008/5xxx/CVE-2008-5987.json +++ b/2008/5xxx/CVE-2008-5987.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/01/26/2" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504352", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504352" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=481553", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=481553" - }, - { - "name" : "GLSA-200904-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200904-06.xml" - }, - { - "name" : "33443", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/01/26/2" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504352", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504352" + }, + { + "name": "33443", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33443" + }, + { + "name": "GLSA-200904-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200904-06.xml" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=481553", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=481553" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2270.json b/2011/2xxx/CVE-2011-2270.json index 192ddafabe0..38aebbd93c4 100644 --- a/2011/2xxx/CVE-2011-2270.json +++ b/2011/2xxx/CVE-2011-2270.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2270", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-2270", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0042.json b/2013/0xxx/CVE-2013-0042.json index 82b47a9a635..e31c81d2d0b 100644 --- a/2013/0xxx/CVE-2013-0042.json +++ b/2013/0xxx/CVE-2013-0042.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0042", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-0042", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0492.json b/2013/0xxx/CVE-2013-0492.json index 53c6468bce2..2f30419abb4 100644 --- a/2013/0xxx/CVE-2013-0492.json +++ b/2013/0xxx/CVE-2013-0492.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Informix Open Admin Tool (OAT) 2.x and 3.x before 3.11.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21645601", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21645601" - }, - { - "name" : "informix-oat-cve20130492-xss(82007)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82007" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Informix Open Admin Tool (OAT) 2.x and 3.x before 3.11.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21645601", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21645601" + }, + { + "name": "informix-oat-cve20130492-xss(82007)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82007" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0798.json b/2013/0xxx/CVE-2013-0798.json index 10dc01ea5f7..575c72f601d 100644 --- a/2013/0xxx/CVE-2013-0798.json +++ b/2013/0xxx/CVE-2013-0798.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 20.0 on Android uses world-writable and world-readable permissions for the app_tmp installation directory in the local filesystem, which allows attackers to modify add-ons before installation via an application that leverages the time window during which app_tmp is used." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-0798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-33.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-33.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=844832", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=844832" - }, - { - "name" : "SUSE-SU-2013:0645", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 20.0 on Android uses world-writable and world-readable permissions for the app_tmp installation directory in the local filesystem, which allows attackers to modify add-ons before installation via an application that leverages the time window during which app_tmp is used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=844832", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=844832" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-33.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-33.html" + }, + { + "name": "SUSE-SU-2013:0645", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0904.json b/2013/0xxx/CVE-2013-0904.json index aeabae7637c..4ffb447666e 100644 --- a/2013/0xxx/CVE-2013-0904.json +++ b/2013/0xxx/CVE-2013-0904.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Web Audio implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-0904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_4.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_4.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=172331", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=172331" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=172926", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=172926" - }, - { - "name" : "oval:org.mitre.oval:def:16042", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16042" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web Audio implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_4.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_4.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=172331", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=172331" + }, + { + "name": "oval:org.mitre.oval:def:16042", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16042" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=172926", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=172926" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1121.json b/2013/1xxx/CVE-2013-1121.json index 72073c64d13..10db5541d8a 100644 --- a/2013/1xxx/CVE-2013-1121.json +++ b/2013/1xxx/CVE-2013-1121.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130917 Cisco NX-OS Software BGP Regex Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130917 Cisco NX-OS Software BGP Regex Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1121" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3225.json b/2013/3xxx/CVE-2013-3225.json index cc5f6bffee1..655b703fbd3 100644 --- a/2013/3xxx/CVE-2013-3225.json +++ b/2013/3xxx/CVE-2013-3225.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3225", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3225", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20130414 Linux 3.9-rc7", - "refsource" : "MLIST", - "url" : "https://lkml.org/lkml/2013/4/14/107" - }, - { - "name" : "[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/04/14/3" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e11e0455c0d7d3d62276a0c55d9dfbc16779d691", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e11e0455c0d7d3d62276a0c55d9dfbc16779d691" - }, - { - "name" : "https://github.com/torvalds/linux/commit/e11e0455c0d7d3d62276a0c55d9dfbc16779d691", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/e11e0455c0d7d3d62276a0c55d9dfbc16779d691" - }, - { - "name" : "FEDORA-2013-6537", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html" - }, - { - "name" : "FEDORA-2013-6999", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html" - }, - { - "name" : "MDVSA-2013:176", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" - }, - { - "name" : "RHSA-2013:1051", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1051.html" - }, - { - "name" : "openSUSE-SU-2013:1187", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html" - }, - { - "name" : "SUSE-SU-2013:1182", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html" - }, - { - "name" : "USN-1837-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1837-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:1187", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html" + }, + { + "name": "FEDORA-2013-6537", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/e11e0455c0d7d3d62276a0c55d9dfbc16779d691", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/e11e0455c0d7d3d62276a0c55d9dfbc16779d691" + }, + { + "name": "MDVSA-2013:176", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" + }, + { + "name": "RHSA-2013:1051", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1051.html" + }, + { + "name": "FEDORA-2013-6999", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html" + }, + { + "name": "USN-1837-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1837-1" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e11e0455c0d7d3d62276a0c55d9dfbc16779d691", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e11e0455c0d7d3d62276a0c55d9dfbc16779d691" + }, + { + "name": "[linux-kernel] 20130414 Linux 3.9-rc7", + "refsource": "MLIST", + "url": "https://lkml.org/lkml/2013/4/14/107" + }, + { + "name": "[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/04/14/3" + }, + { + "name": "SUSE-SU-2013:1182", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3479.json b/2013/3xxx/CVE-2013-3479.json index 5d58e2a098a..98e77589545 100644 --- a/2013/3xxx/CVE-2013-3479.json +++ b/2013/3xxx/CVE-2013-3479.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the ShareThis plugin before 7.0.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2013-3479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wordpress.org/plugins/share-this/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/plugins/share-this/changelog/" - }, - { - "name" : "53135", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53135" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the ShareThis plugin before 7.0.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53135", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53135" + }, + { + "name": "http://wordpress.org/plugins/share-this/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/plugins/share-this/changelog/" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3833.json b/2013/3xxx/CVE-2013-3833.json index 7798e8e5773..dc0f1b3db34 100644 --- a/2013/3xxx/CVE-2013-3833.json +++ b/2013/3xxx/CVE-2013-3833.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5.0 and 11.1.2.0.0 allows remote attackers to affect integrity via unknown vectors related to Authentication Engine." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-3833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" - }, - { - "name" : "1029190", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029190" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5.0 and 11.1.2.0.0 allows remote attackers to affect integrity via unknown vectors related to Authentication Engine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" + }, + { + "name": "1029190", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029190" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4416.json b/2013/4xxx/CVE-2013-4416.json index 8b55972b870..d528866d6b5 100644 --- a/2013/4xxx/CVE-2013-4416.json +++ b/2013/4xxx/CVE-2013-4416.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131029 Xen Security Advisory 72 (CVE-2013-4416) - ocaml xenstored mishandles oversized message replies", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/10/29/5" - }, - { - "name" : "GLSA-201407-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201407-03.xml" - }, - { - "name" : "openSUSE-SU-2013:1876", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00059.html" - }, - { - "name" : "openSUSE-SU-2013:1636", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html" - }, - { - "name" : "63404", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63404" - }, - { - "name" : "99072", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/99072" - }, - { - "name" : "1029264", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029264" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201407-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201407-03.xml" + }, + { + "name": "1029264", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029264" + }, + { + "name": "99072", + "refsource": "OSVDB", + "url": "http://osvdb.org/99072" + }, + { + "name": "[oss-security] 20131029 Xen Security Advisory 72 (CVE-2013-4416) - ocaml xenstored mishandles oversized message replies", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/10/29/5" + }, + { + "name": "63404", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63404" + }, + { + "name": "openSUSE-SU-2013:1636", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html" + }, + { + "name": "openSUSE-SU-2013:1876", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00059.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4499.json b/2013/4xxx/CVE-2013-4499.json index 39c8ca53037..e2aa8132bb8 100644 --- a/2013/4xxx/CVE-2013-4499.json +++ b/2013/4xxx/CVE-2013-4499.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Bean module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via the bean title." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://drupal.org/node/2118873", - "refsource" : "MISC", - "url" : "https://drupal.org/node/2118873" - }, - { - "name" : "https://drupal.org/node/2118867", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/2118867" - }, - { - "name" : "drupal-bean-unspecified-xss(88278)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88278" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Bean module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via the bean title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "drupal-bean-unspecified-xss(88278)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88278" + }, + { + "name": "https://drupal.org/node/2118873", + "refsource": "MISC", + "url": "https://drupal.org/node/2118873" + }, + { + "name": "https://drupal.org/node/2118867", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/2118867" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4514.json b/2013/4xxx/CVE-2013-4514.json index b7aa35725d4..200ffc7ffbf 100644 --- a/2013/4xxx/CVE-2013-4514.json +++ b/2013/4xxx/CVE-2013-4514.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131104 Re: some unstracked linux kernel security fixes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/11/04/22" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b5e2f339865fb443107e5b10603e53bbc92dc054", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b5e2f339865fb443107e5b10603e53bbc92dc054" - }, - { - "name" : "https://github.com/torvalds/linux/commit/b5e2f339865fb443107e5b10603e53bbc92dc054", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/b5e2f339865fb443107e5b10603e53bbc92dc054" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.12.bz2", - "refsource" : "CONFIRM", - "url" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.12.bz2" - }, - { - "name" : "openSUSE-SU-2014:0247", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html" - }, - { - "name" : "openSUSE-SU-2014:0204", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html" - }, - { - "name" : "USN-2066-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2066-1" - }, - { - "name" : "USN-2067-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2067-1" - }, - { - "name" : "USN-2068-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2068-1" - }, - { - "name" : "USN-2069-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2069-1" - }, - { - "name" : "USN-2070-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2070-1" - }, - { - "name" : "USN-2071-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2071-1" - }, - { - "name" : "USN-2072-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2072-1" - }, - { - "name" : "USN-2073-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2073-1" - }, - { - "name" : "USN-2074-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2074-1" - }, - { - "name" : "USN-2075-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2075-1" - }, - { - "name" : "USN-2076-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2076-1" - }, - { - "name" : "63509", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63509" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:0247", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html" + }, + { + "name": "USN-2073-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2073-1" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.12.bz2", + "refsource": "CONFIRM", + "url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.12.bz2" + }, + { + "name": "USN-2076-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2076-1" + }, + { + "name": "USN-2069-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2069-1" + }, + { + "name": "USN-2070-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2070-1" + }, + { + "name": "https://github.com/torvalds/linux/commit/b5e2f339865fb443107e5b10603e53bbc92dc054", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/b5e2f339865fb443107e5b10603e53bbc92dc054" + }, + { + "name": "USN-2066-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2066-1" + }, + { + "name": "USN-2071-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2071-1" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b5e2f339865fb443107e5b10603e53bbc92dc054", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b5e2f339865fb443107e5b10603e53bbc92dc054" + }, + { + "name": "[oss-security] 20131104 Re: some unstracked linux kernel security fixes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/11/04/22" + }, + { + "name": "USN-2074-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2074-1" + }, + { + "name": "USN-2068-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2068-1" + }, + { + "name": "openSUSE-SU-2014:0204", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html" + }, + { + "name": "USN-2072-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2072-1" + }, + { + "name": "USN-2075-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2075-1" + }, + { + "name": "63509", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63509" + }, + { + "name": "USN-2067-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2067-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4793.json b/2013/4xxx/CVE-2013-4793.json index 6ee8a05534c..333530269bb 100644 --- a/2013/4xxx/CVE-2013-4793.json +++ b/2013/4xxx/CVE-2013-4793.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://labs.mwrinfosecurity.com/advisories/2013/11/29/umbraco-cms-templateservice-remote-code-execution/", - "refsource" : "MISC", - "url" : "https://labs.mwrinfosecurity.com/advisories/2013/11/29/umbraco-cms-templateservice-remote-code-execution/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://labs.mwrinfosecurity.com/advisories/2013/11/29/umbraco-cms-templateservice-remote-code-execution/", + "refsource": "MISC", + "url": "https://labs.mwrinfosecurity.com/advisories/2013/11/29/umbraco-cms-templateservice-remote-code-execution/" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4848.json b/2013/4xxx/CVE-2013-4848.json index 20b52c29e3f..e2a76e3f7a1 100644 --- a/2013/4xxx/CVE-2013-4848.json +++ b/2013/4xxx/CVE-2013-4848.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4848", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4848", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7331.json b/2013/7xxx/CVE-2013-7331.json index c69eac2c0f5..27c10427e20 100644 --- a/2013/7xxx/CVE-2013-7331.json +++ b/2013/7xxx/CVE-2013-7331.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html", - "refsource" : "MISC", - "url" : "http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html" - }, - { - "name" : "https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/", - "refsource" : "MISC", - "url" : "https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/" - }, - { - "name" : "MS14-052", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" - }, - { - "name" : "VU#539289", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/539289" - }, - { - "name" : "1030818", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030818" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/", + "refsource": "MISC", + "url": "https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/" + }, + { + "name": "1030818", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030818" + }, + { + "name": "MS14-052", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" + }, + { + "name": "VU#539289", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/539289" + }, + { + "name": "http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html", + "refsource": "MISC", + "url": "http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12284.json b/2017/12xxx/CVE-2017-12284.json index e85bb57ac2f..c856519cfaa 100644 --- a/2017/12xxx/CVE-2017-12284.json +++ b/2017/12xxx/CVE-2017-12284.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Jabber for Windows Client", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Jabber for Windows Client" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated, local attacker to retrieve user profile information, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input- and validation-checking mechanisms in the system. An attacker could exploit this vulnerability by issuing specific commands after authenticating to the system. A successful exploit could allow the attacker to view profile information where only certain parameters should be visible. Cisco Bug IDs: CSCve14401." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Jabber for Windows Client", + "version": { + "version_data": [ + { + "version_value": "Cisco Jabber for Windows Client" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab" - }, - { - "name" : "101501", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101501" - }, - { - "name" : "1039624", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039624" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated, local attacker to retrieve user profile information, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input- and validation-checking mechanisms in the system. An attacker could exploit this vulnerability by issuing specific commands after authenticating to the system. A successful exploit could allow the attacker to view profile information where only certain parameters should be visible. Cisco Bug IDs: CSCve14401." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab" + }, + { + "name": "1039624", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039624" + }, + { + "name": "101501", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101501" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12548.json b/2017/12xxx/CVE-2017-12548.json index e8cf2b352a2..40f27d47d39 100644 --- a/2017/12xxx/CVE-2017-12548.json +++ b/2017/12xxx/CVE-2017-12548.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-09-26T00:00:00", - "ID" : "CVE-2017-12548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "System Management Homepage for Windows and Linux", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 7.6.1" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "local arbitrary command execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-09-26T00:00:00", + "ID": "CVE-2017-12548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "System Management Homepage for Windows and Linux", + "version": { + "version_data": [ + { + "version_value": "prior to 7.6.1" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us" - }, - { - "name" : "101029", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101029" - }, - { - "name" : "1039437", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039437" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "local arbitrary command execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039437", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039437" + }, + { + "name": "101029", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101029" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12655.json b/2017/12xxx/CVE-2017-12655.json index ebc676abe43..d65952ac368 100644 --- a/2017/12xxx/CVE-2017-12655.json +++ b/2017/12xxx/CVE-2017-12655.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lu4n.com/cve/1.txt", - "refsource" : "MISC", - "url" : "http://lu4n.com/cve/1.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lu4n.com/cve/1.txt", + "refsource": "MISC", + "url": "http://lu4n.com/cve/1.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12982.json b/2017/12xxx/CVE-2017-12982.json index cc56c46fd66..ec38ac924a3 100644 --- a/2017/12xxx/CVE-2017-12982.json +++ b/2017/12xxx/CVE-2017-12982.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/08/14/openjpeg-memory-allocation-failure-in-opj_aligned_alloc_n-opj_malloc-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/08/14/openjpeg-memory-allocation-failure-in-opj_aligned_alloc_n-opj_malloc-c/" - }, - { - "name" : "https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7", - "refsource" : "MISC", - "url" : "https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7" - }, - { - "name" : "https://github.com/uclouvain/openjpeg/issues/983", - "refsource" : "MISC", - "url" : "https://github.com/uclouvain/openjpeg/issues/983" - }, - { - "name" : "GLSA-201710-26", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-26" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7", + "refsource": "MISC", + "url": "https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7" + }, + { + "name": "GLSA-201710-26", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-26" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/08/14/openjpeg-memory-allocation-failure-in-opj_aligned_alloc_n-opj_malloc-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/08/14/openjpeg-memory-allocation-failure-in-opj_aligned_alloc_n-opj_malloc-c/" + }, + { + "name": "https://github.com/uclouvain/openjpeg/issues/983", + "refsource": "MISC", + "url": "https://github.com/uclouvain/openjpeg/issues/983" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13221.json b/2017/13xxx/CVE-2017-13221.json index 4960132dda3..8516eca2302 100644 --- a/2017/13xxx/CVE-2017-13221.json +++ b/2017/13xxx/CVE-2017-13221.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-01-02T00:00:00", - "ID" : "CVE-2017-13221", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Upstream kernel wifi driver. Product: Android. Versions: Android kernel. Android ID: A-64709938." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-01-02T00:00:00", + "ID": "CVE-2017-13221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Upstream kernel wifi driver. Product: Android. Versions: Android kernel. Android ID: A-64709938." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13486.json b/2017/13xxx/CVE-2017-13486.json index ced170706f8..0dd598cb998 100644 --- a/2017/13xxx/CVE-2017-13486.json +++ b/2017/13xxx/CVE-2017-13486.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13486", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13486", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13643.json b/2017/13xxx/CVE-2017-13643.json index 76406cbad55..063061580fb 100644 --- a/2017/13xxx/CVE-2017-13643.json +++ b/2017/13xxx/CVE-2017-13643.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13643", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13643", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13676.json b/2017/13xxx/CVE-2017-13676.json index 523ef92cec9..8749357304d 100644 --- a/2017/13xxx/CVE-2017-13676.json +++ b/2017/13xxx/CVE-2017-13676.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@symantec.com", - "DATE_PUBLIC" : "2017-09-26T00:00:00", - "ID" : "CVE-2017-13676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Norton Remove & Reinstall", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to 4.4.0.58" - } - ] - } - } - ] - }, - "vendor_name" : "Symantec Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. A Norton Remove & Reinstall update, version 4.4.0.58, has been released which addresses the aforementioned vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DLL Preloading" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "DATE_PUBLIC": "2017-09-26T00:00:00", + "ID": "CVE-2017-13676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Norton Remove & Reinstall", + "version": { + "version_data": [ + { + "version_value": "Prior to 4.4.0.58" + } + ] + } + } + ] + }, + "vendor_name": "Symantec Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170926_00", - "refsource" : "CONFIRM", - "url" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170926_00" - }, - { - "name" : "100939", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. A Norton Remove & Reinstall update, version 4.4.0.58, has been released which addresses the aforementioned vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DLL Preloading" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170926_00", + "refsource": "CONFIRM", + "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170926_00" + }, + { + "name": "100939", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100939" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16062.json b/2017/16xxx/CVE-2017-16062.json index e49394272d4..ce371ca48eb 100644 --- a/2017/16xxx/CVE-2017-16062.json +++ b/2017/16xxx/CVE-2017-16062.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "node-tkinter node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Embedded Malicious Code (CWE-506)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "node-tkinter node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/501", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Embedded Malicious Code (CWE-506)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/501", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/501" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16249.json b/2017/16xxx/CVE-2017-16249.json index 6443c84032a..aa0a4c9d966 100644 --- a/2017/16xxx/CVE-2017-16249.json +++ b/2017/16xxx/CVE-2017-16249.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43119", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43119/" - }, - { - "name" : "http://packetstormsecurity.com/files/144908/Debut-Embedded-httpd-1.20-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/144908/Debut-Embedded-httpd-1.20-Denial-Of-Service.html" - }, - { - "name" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-017/?fid=10211", - "refsource" : "MISC", - "url" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-017/?fid=10211" - }, - { - "name" : "https://www.trustwave.com/Resources/SpiderLabs-Blog/Denial-of-Service-Vulnerability-in-Brother-Printers/?page=1&year=0&month=0&LangType=1033", - "refsource" : "MISC", - "url" : "https://www.trustwave.com/Resources/SpiderLabs-Blog/Denial-of-Service-Vulnerability-in-Brother-Printers/?page=1&year=0&month=0&LangType=1033" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-017/?fid=10211", + "refsource": "MISC", + "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-017/?fid=10211" + }, + { + "name": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Denial-of-Service-Vulnerability-in-Brother-Printers/?page=1&year=0&month=0&LangType=1033", + "refsource": "MISC", + "url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Denial-of-Service-Vulnerability-in-Brother-Printers/?page=1&year=0&month=0&LangType=1033" + }, + { + "name": "http://packetstormsecurity.com/files/144908/Debut-Embedded-httpd-1.20-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/144908/Debut-Embedded-httpd-1.20-Denial-Of-Service.html" + }, + { + "name": "43119", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43119/" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16531.json b/2017/16xxx/CVE-2017-16531.json index cfe11c556dc..8cd7b0a3291 100644 --- a/2017/16xxx/CVE-2017-16531.json +++ b/2017/16xxx/CVE-2017-16531.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html" - }, - { - "name" : "https://github.com/torvalds/linux/commit/bd7a3fe770ebd8391d1c7d072ff88e9e76d063eb", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/bd7a3fe770ebd8391d1c7d072ff88e9e76d063eb" - }, - { - "name" : "https://groups.google.com/d/msg/syzkaller/hP6L-m59m_8/Co2ouWeFAwAJ", - "refsource" : "MISC", - "url" : "https://groups.google.com/d/msg/syzkaller/hP6L-m59m_8/Co2ouWeFAwAJ" - }, - { - "name" : "USN-3754-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3754-1/" - }, - { - "name" : "102025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html" + }, + { + "name": "USN-3754-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3754-1/" + }, + { + "name": "https://groups.google.com/d/msg/syzkaller/hP6L-m59m_8/Co2ouWeFAwAJ", + "refsource": "MISC", + "url": "https://groups.google.com/d/msg/syzkaller/hP6L-m59m_8/Co2ouWeFAwAJ" + }, + { + "name": "102025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102025" + }, + { + "name": "https://github.com/torvalds/linux/commit/bd7a3fe770ebd8391d1c7d072ff88e9e76d063eb", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/bd7a3fe770ebd8391d1c7d072ff88e9e76d063eb" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16913.json b/2017/16xxx/CVE-2017-16913.json index 67b12cbdbec..fd3c58277eb 100644 --- a/2017/16xxx/CVE-2017-16913.json +++ b/2017/16xxx/CVE-2017-16913.json @@ -1,123 +1,123 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "PSIRT-CNA@flexerasoftware.com", - "DATE_PUBLIC" : "2018-01-31T00:00:00", - "ID" : "CVE-2017-16913", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Linux Kernel", - "version" : { - "version_data" : [ - { - "version_value" : "Before version 4.14.8, 4.9.71, and 4.4.114" - } - ] - } - } - ] - }, - "vendor_name" : "Flexera Software LLC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"stub_recv_cmd_submit()\" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service (arbitrary memory allocation)" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "DATE_PUBLIC": "2018-01-31T00:00:00", + "ID": "CVE-2017-16913", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Linux Kernel", + "version": { + "version_data": [ + { + "version_value": "Before version 4.14.8, 4.9.71, and 4.4.114" + } + ] + } + } + ] + }, + "vendor_name": "Flexera Software LLC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" - }, - { - "name" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8", - "refsource" : "MISC", - "url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8" - }, - { - "name" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114", - "refsource" : "MISC", - "url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114" - }, - { - "name" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71", - "refsource" : "MISC", - "url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71" - }, - { - "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=c6688ef9f29762e65bce325ef4acd6c675806366", - "refsource" : "MISC", - "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=c6688ef9f29762e65bce325ef4acd6c675806366" - }, - { - "name" : "https://secuniaresearch.flexerasoftware.com/advisories/80601/", - "refsource" : "MISC", - "url" : "https://secuniaresearch.flexerasoftware.com/advisories/80601/" - }, - { - "name" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/", - "refsource" : "MISC", - "url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/" - }, - { - "name" : "https://www.spinics.net/lists/linux-usb/msg163480.html", - "refsource" : "MISC", - "url" : "https://www.spinics.net/lists/linux-usb/msg163480.html" - }, - { - "name" : "DSA-4187", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4187" - }, - { - "name" : "USN-3619-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3619-1/" - }, - { - "name" : "USN-3619-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3619-2/" - }, - { - "name" : "USN-3754-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3754-1/" - }, - { - "name" : "102150", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"stub_recv_cmd_submit()\" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service (arbitrary memory allocation)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/", + "refsource": "MISC", + "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/" + }, + { + "name": "DSA-4187", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4187" + }, + { + "name": "USN-3619-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3619-2/" + }, + { + "name": "https://secuniaresearch.flexerasoftware.com/advisories/80601/", + "refsource": "MISC", + "url": "https://secuniaresearch.flexerasoftware.com/advisories/80601/" + }, + { + "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114", + "refsource": "MISC", + "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114" + }, + { + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=c6688ef9f29762e65bce325ef4acd6c675806366", + "refsource": "MISC", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=c6688ef9f29762e65bce325ef4acd6c675806366" + }, + { + "name": "https://www.spinics.net/lists/linux-usb/msg163480.html", + "refsource": "MISC", + "url": "https://www.spinics.net/lists/linux-usb/msg163480.html" + }, + { + "name": "USN-3754-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3754-1/" + }, + { + "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8", + "refsource": "MISC", + "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8" + }, + { + "name": "102150", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102150" + }, + { + "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71", + "refsource": "MISC", + "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71" + }, + { + "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" + }, + { + "name": "USN-3619-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3619-1/" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17681.json b/2017/17xxx/CVE-2017-17681.json index a66eff8e29c..4d4fc10d61f 100644 --- a/2017/17xxx/CVE-2017-17681.json +++ b/2017/17xxx/CVE-2017-17681.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/869", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/869" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - }, - { - "name" : "102206", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/869", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/869" + }, + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + }, + { + "name": "102206", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102206" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17852.json b/2017/17xxx/CVE-2017-17852.json index 57f820c276e..ee5c2ba23f4 100644 --- a/2017/17xxx/CVE-2017-17852.json +++ b/2017/17xxx/CVE-2017-17852.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=468f6eafa6c44cb2c5d8aad35e12f06c240a812a", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=468f6eafa6c44cb2c5d8aad35e12f06c240a812a" - }, - { - "name" : "http://www.openwall.com/lists/oss-security/2017/12/21/2", - "refsource" : "MISC", - "url" : "http://www.openwall.com/lists/oss-security/2017/12/21/2" - }, - { - "name" : "https://github.com/torvalds/linux/commit/468f6eafa6c44cb2c5d8aad35e12f06c240a812a", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/468f6eafa6c44cb2c5d8aad35e12f06c240a812a" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.openwall.com/lists/oss-security/2017/12/21/2", + "refsource": "MISC", + "url": "http://www.openwall.com/lists/oss-security/2017/12/21/2" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=468f6eafa6c44cb2c5d8aad35e12f06c240a812a", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=468f6eafa6c44cb2c5d8aad35e12f06c240a812a" + }, + { + "name": "https://github.com/torvalds/linux/commit/468f6eafa6c44cb2c5d8aad35e12f06c240a812a", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/468f6eafa6c44cb2c5d8aad35e12f06c240a812a" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17913.json b/2017/17xxx/CVE-2017-17913.json index 8bf4be0b5e3..2aecbfbad3e 100644 --- a/2017/17xxx/CVE-2017-17913.json +++ b/2017/17xxx/CVE-2017-17913.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17913", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17913", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/6dda3c33f35f", - "refsource" : "CONFIRM", - "url" : "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/6dda3c33f35f" - }, - { - "name" : "https://sourceforge.net/p/graphicsmagick/bugs/536/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/graphicsmagick/bugs/536/" - }, - { - "name" : "DSA-4321", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4321", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4321" + }, + { + "name": "https://sourceforge.net/p/graphicsmagick/bugs/536/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/graphicsmagick/bugs/536/" + }, + { + "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/6dda3c33f35f", + "refsource": "CONFIRM", + "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/6dda3c33f35f" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17996.json b/2017/17xxx/CVE-2017-17996.json index aae9a56fa84..b4713e89d3e 100644 --- a/2017/17xxx/CVE-2017-17996.json +++ b/2017/17xxx/CVE-2017-17996.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A buffer overflow vulnerability in \"Add command\" functionality exists in Flexense SyncBreeze Enterprise <= 10.3.14. The vulnerability can be triggered by an authenticated attacker who submits more than 5000 characters as the command name. It will cause termination of the SyncBreeze Enterprise server and possibly remote command execution with SYSTEM privilege." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180202 Flexense SyncBreeze Entreprise 10.3.14 Buffer Overflow (SEH-bypass)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Feb/10" - }, - { - "name" : "http://www.ryantzj.com/flexense-syncbreeze-entreprise-10314-buffer-overflow-seh-bypass.html", - "refsource" : "MISC", - "url" : "http://www.ryantzj.com/flexense-syncbreeze-entreprise-10314-buffer-overflow-seh-bypass.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A buffer overflow vulnerability in \"Add command\" functionality exists in Flexense SyncBreeze Enterprise <= 10.3.14. The vulnerability can be triggered by an authenticated attacker who submits more than 5000 characters as the command name. It will cause termination of the SyncBreeze Enterprise server and possibly remote command execution with SYSTEM privilege." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180202 Flexense SyncBreeze Entreprise 10.3.14 Buffer Overflow (SEH-bypass)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Feb/10" + }, + { + "name": "http://www.ryantzj.com/flexense-syncbreeze-entreprise-10314-buffer-overflow-seh-bypass.html", + "refsource": "MISC", + "url": "http://www.ryantzj.com/flexense-syncbreeze-entreprise-10314-buffer-overflow-seh-bypass.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18002.json b/2018/18xxx/CVE-2018-18002.json index f77f2eaeb4d..90a7c943703 100644 --- a/2018/18xxx/CVE-2018-18002.json +++ b/2018/18xxx/CVE-2018-18002.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18002", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18002", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18241.json b/2018/18xxx/CVE-2018-18241.json index 8ed796d9cc4..d77596b3a72 100644 --- a/2018/18xxx/CVE-2018-18241.json +++ b/2018/18xxx/CVE-2018-18241.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18241", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18241", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18330.json b/2018/18xxx/CVE-2018-18330.json index 4f2acbe0694..83f9c1b737b 100644 --- a/2018/18xxx/CVE-2018-18330.json +++ b/2018/18xxx/CVE-2018-18330.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2018-18330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Dr. Safety for Android (Consumer)", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.1324 and below" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Address Bar Spoofing vulnerability in Trend Micro Dr. Safety for Android (Consumer) versions 3.0.1324 and below could allow an attacker to potentially trick a victim into visiting a malicious URL using address bar spoofing on the Private Browser of the app on vulnerable installations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Address Bar Spoofing" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2018-18330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Dr. Safety for Android (Consumer)", + "version": { + "version_data": [ + { + "version_value": "3.0.1324 and below" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1121673.aspx", - "refsource" : "MISC", - "url" : "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1121673.aspx" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Address Bar Spoofing vulnerability in Trend Micro Dr. Safety for Android (Consumer) versions 3.0.1324 and below could allow an attacker to potentially trick a victim into visiting a malicious URL using address bar spoofing on the Private Browser of the app on vulnerable installations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Address Bar Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1121673.aspx", + "refsource": "MISC", + "url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1121673.aspx" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18964.json b/2018/18xxx/CVE-2018-18964.json index 377b9f57671..d31352cbe10 100644 --- a/2018/18xxx/CVE-2018-18964.json +++ b/2018/18xxx/CVE-2018-18964.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the \"product\" page. The .htaccess file in catalog/images/ bans the html extension, but there are several extensions in which contained HTML can be executed, such as the svg extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/osCommerce/oscommerce2/issues/631", - "refsource" : "MISC", - "url" : "https://github.com/osCommerce/oscommerce2/issues/631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the \"product\" page. The .htaccess file in catalog/images/ bans the html extension, but there are several extensions in which contained HTML can be executed, such as the svg extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/osCommerce/oscommerce2/issues/631", + "refsource": "MISC", + "url": "https://github.com/osCommerce/oscommerce2/issues/631" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19225.json b/2018/19xxx/CVE-2018-19225.json index 0c5b8bb1e00..c246eb704bb 100644 --- a/2018/19xxx/CVE-2018-19225.json +++ b/2018/19xxx/CVE-2018-19225.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19225", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in LAOBANCMS 2.0. admin/mima.php has CSRF." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19225", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#csrf", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#csrf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in LAOBANCMS 2.0. admin/mima.php has CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#csrf", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#csrf" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19809.json b/2018/19xxx/CVE-2018-19809.json index 870041a6813..558a63ee7a8 100644 --- a/2018/19xxx/CVE-2018-19809.json +++ b/2018/19xxx/CVE-2018-19809.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page \"/VPortal/mgtconsole/GroupCopy.jsp\" has reflected XSS via the ConnPoolName, GroupId, or type parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Dec/20" - }, - { - "name" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page \"/VPortal/mgtconsole/GroupCopy.jsp\" has reflected XSS via the ConnPoolName, GroupId, or type parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html" + }, + { + "name": "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Dec/20" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1166.json b/2018/1xxx/CVE-2018-1166.json index e3a257f3cd6..4482773ca57 100644 --- a/2018/1xxx/CVE-2018-1166.json +++ b/2018/1xxx/CVE-2018-1166.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-1166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Joyent SmartOS", - "version" : { - "version_data" : [ - { - "version_value" : "release-20170803-20170803T064301Z" - } - ] - } - } - ] - }, - "vendor_name" : "Joyent" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMBIOC_TREE_RELE ioctl. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-4984." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416-Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-1166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Joyent SmartOS", + "version": { + "version_data": [ + { + "version_value": "release-20170803-20170803T064301Z" + } + ] + } + } + ] + }, + "vendor_name": "Joyent" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-159", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-159" - }, - { - "name" : "https://help.joyent.com/hc/en-us/articles/360000124928", - "refsource" : "CONFIRM", - "url" : "https://help.joyent.com/hc/en-us/articles/360000124928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMBIOC_TREE_RELE ioctl. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-4984." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416-Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://help.joyent.com/hc/en-us/articles/360000124928", + "refsource": "CONFIRM", + "url": "https://help.joyent.com/hc/en-us/articles/360000124928" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-159", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-159" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1345.json b/2018/1xxx/CVE-2018-1345.json index 5616bb30490..8c8e98d8eda 100644 --- a/2018/1xxx/CVE-2018-1345.json +++ b/2018/1xxx/CVE-2018-1345.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "ID" : "CVE-2018-1345", - "STATE" : "PUBLIC", - "TITLE" : "iManager elevation of privilege" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "iManager", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "prior to version 3.1", - "version_value" : "3.1" - } - ] - } - } - ] - }, - "vendor_name" : "NetIQ" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "LOCAL", - "availabilityImpact" : "NONE", - "baseScore" : 5.9, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "NONE", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "CHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2018-1345", + "STATE": "PUBLIC", + "TITLE": "iManager elevation of privilege" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iManager", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "prior to version 3.1", + "version_value": "3.1" + } + ] + } + } + ] + }, + "vendor_name": "NetIQ" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html", - "refsource" : "CONFIRM", - "url" : "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "Upgrade to NetIQ iManager 3.1" - } - ], - "source" : { - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html", + "refsource": "CONFIRM", + "url": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to NetIQ iManager 3.1" + } + ], + "source": { + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1352.json b/2018/1xxx/CVE-2018-1352.json index c8748a1df54..f035c355204 100644 --- a/2018/1xxx/CVE-2018-1352.json +++ b/2018/1xxx/CVE-2018-1352.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@fortinet.com", - "ID" : "CVE-2018-1352", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@fortinet.com", + "ID": "CVE-2018-1352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://fortiguard.com/advisory/FG-IR-18-018", - "refsource" : "CONFIRM", - "url" : "https://fortiguard.com/advisory/FG-IR-18-018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://fortiguard.com/advisory/FG-IR-18-018", + "refsource": "CONFIRM", + "url": "https://fortiguard.com/advisory/FG-IR-18-018" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1468.json b/2018/1xxx/CVE-2018-1468.json index ad719cb55a0..d847251d3f0 100644 --- a/2018/1xxx/CVE-2018-1468.json +++ b/2018/1xxx/CVE-2018-1468.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-04-30T00:00:00", - "ID" : "CVE-2018-1468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "API Connect", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.8.1" - }, - { - "version_value" : "5.0.8.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. IBM X-Force ID: 140399." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-04-30T00:00:00", + "ID": "CVE-2018-1468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "API Connect", + "version": { + "version_data": [ + { + "version_value": "5.0.8.1" + }, + { + "version_value": "5.0.8.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22015968", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22015968" - }, - { - "name" : "ibm-api-cve20181468-info-disc(140399)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140399" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. IBM X-Force ID: 140399." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-api-cve20181468-info-disc(140399)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140399" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22015968", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22015968" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1699.json b/2018/1xxx/CVE-2018-1699.json index c78ccc0b15e..acdc9aad848 100644 --- a/2018/1xxx/CVE-2018-1699.json +++ b/2018/1xxx/CVE-2018-1699.json @@ -1,120 +1,120 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-08-22T00:00:00", - "ID" : "CVE-2018-1699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Maximo Asset Management", - "version" : { - "version_data" : [ - { - "version_value" : "7.6" - }, - { - "version_value" : "7.6.0" - }, - { - "version_value" : "7.6.0.1" - }, - { - "version_value" : "7.6.1" - }, - { - "version_value" : "7.6.2" - }, - { - "version_value" : "7.6.2.1" - }, - { - "version_value" : "7.6.2.2" - }, - { - "version_value" : "7.6.2.3" - }, - { - "version_value" : "7.6.2.4" - }, - { - "version_value" : "7.6.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "L", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "U", - "SCORE" : "6.300", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Data Manipulation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-08-22T00:00:00", + "ID": "CVE-2018-1699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Maximo Asset Management", + "version": { + "version_data": [ + { + "version_value": "7.6" + }, + { + "version_value": "7.6.0" + }, + { + "version_value": "7.6.0.1" + }, + { + "version_value": "7.6.1" + }, + { + "version_value": "7.6.2" + }, + { + "version_value": "7.6.2.1" + }, + { + "version_value": "7.6.2.2" + }, + { + "version_value": "7.6.2.3" + }, + { + "version_value": "7.6.2.4" + }, + { + "version_value": "7.6.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10725805", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10725805" - }, - { - "name" : "105189", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105189" - }, - { - "name" : "ibm-maximo-cve20181699-sql-injection(145968)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "L", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "U", + "SCORE": "6.300", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Data Manipulation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-maximo-cve20181699-sql-injection(145968)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145968" + }, + { + "name": "105189", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105189" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10725805", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10725805" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5015.json b/2018/5xxx/CVE-2018-5015.json index c0785e52987..ea2d0b4e1f7 100644 --- a/2018/5xxx/CVE-2018-5015.json +++ b/2018/5xxx/CVE-2018-5015.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-5015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-5015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" - }, - { - "name" : "1041250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" + }, + { + "name": "1041250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041250" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5426.json b/2018/5xxx/CVE-2018-5426.json index 43bd4c62a63..25a71299eab 100644 --- a/2018/5xxx/CVE-2018-5426.json +++ b/2018/5xxx/CVE-2018-5426.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5426", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-5426", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5446.json b/2018/5xxx/CVE-2018-5446.json index a8d4721939c..cbf043a3b04 100644 --- a/2018/5xxx/CVE-2018-5446.json +++ b/2018/5xxx/CVE-2018-5446.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-02-27T00:00:00", - "ID" : "CVE-2018-5446", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Medtronic 2090 CareLink Programmer", - "version" : { - "version_data" : [ - { - "version_value" : "All versions are affected" - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "All versions of the Medtronic 2090 Carelink Programmer are affected by a per-product username and password that is stored in a recoverable format which could allow an attacker with physical access to a 2090 Programmer to obtain per-product credentials to the software deployment network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "STORING PASSWORDS IN A RECOVERABLE FORMAT CWE-257" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-02-27T00:00:00", + "ID": "CVE-2018-5446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Medtronic 2090 CareLink Programmer", + "version": { + "version_data": [ + { + "version_value": "All versions are affected" + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All versions of the Medtronic 2090 Carelink Programmer are affected by a per-product username and password that is stored in a recoverable format which could allow an attacker with physical access to a 2090 Programmer to obtain per-product credentials to the software deployment network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "STORING PASSWORDS IN A RECOVERABLE FORMAT CWE-257" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01" + } + ] + } +} \ No newline at end of file