diff --git a/2008/0xxx/CVE-2008-0194.json b/2008/0xxx/CVE-2008-0194.json index 01978c50117..a9fbad3f33d 100644 --- a/2008/0xxx/CVE-2008-0194.json +++ b/2008/0xxx/CVE-2008-0194.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080103 securityvulns.com russian vulnerabilities digest", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485786/100/0/threaded" - }, - { - "name" : "20080103 securityvulns.com russian vulnerabilities digest", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html" - }, - { - "name" : "http://securityvulns.ru/Sdocument755.html", - "refsource" : "MISC", - "url" : "http://securityvulns.ru/Sdocument755.html" - }, - { - "name" : "http://websecurity.com.ua/1676/", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/1676/" - }, - { - "name" : "DSA-1502", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1502" - }, - { - "name" : "27123", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27123" - }, - { - "name" : "29014", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29014" - }, - { - "name" : "3539", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1502", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1502" + }, + { + "name": "20080103 securityvulns.com russian vulnerabilities digest", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html" + }, + { + "name": "http://websecurity.com.ua/1676/", + "refsource": "MISC", + "url": "http://websecurity.com.ua/1676/" + }, + { + "name": "27123", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27123" + }, + { + "name": "20080103 securityvulns.com russian vulnerabilities digest", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded" + }, + { + "name": "http://securityvulns.ru/Sdocument755.html", + "refsource": "MISC", + "url": "http://securityvulns.ru/Sdocument755.html" + }, + { + "name": "3539", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3539" + }, + { + "name": "29014", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29014" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0241.json b/2008/0xxx/CVE-2008-0241.json index 370c1aed46b..6571204176d 100644 --- a/2008/0xxx/CVE-2008-0241.json +++ b/2008/0xxx/CVE-2008-0241.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080110 PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/486076/100/0/threaded" - }, - { - "name" : "http://www.procheckup.com/Vulnerability_PR07-12.php", - "refsource" : "MISC", - "url" : "http://www.procheckup.com/Vulnerability_PR07-12.php" - }, - { - "name" : "103180", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103180-1" - }, - { - "name" : "200558", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200558-1" - }, - { - "name" : "27214", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27214" - }, - { - "name" : "ADV-2008-0089", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0089" - }, - { - "name" : "28356", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28356" - }, - { - "name" : "3535", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3535" - }, - { - "name" : "sun-identity-login-security-bypass(39590)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39590" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080110 PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/486076/100/0/threaded" + }, + { + "name": "103180", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103180-1" + }, + { + "name": "ADV-2008-0089", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0089" + }, + { + "name": "28356", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28356" + }, + { + "name": "3535", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3535" + }, + { + "name": "http://www.procheckup.com/Vulnerability_PR07-12.php", + "refsource": "MISC", + "url": "http://www.procheckup.com/Vulnerability_PR07-12.php" + }, + { + "name": "200558", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200558-1" + }, + { + "name": "sun-identity-login-security-bypass(39590)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39590" + }, + { + "name": "27214", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27214" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0967.json b/2008/0xxx/CVE-2008-0967.json index 24b524dcd19..30e4a34510e 100644 --- a/2008/0xxx/CVE-2008-0967.json +++ b/2008/0xxx/CVE-2008-0967.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080604 VMware Multiple Products vmware-authd Untrusted Library Loading Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713" - }, - { - "name" : "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493080/100/0/threaded" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0009.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0009.html" - }, - { - "name" : "GLSA-201209-25", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-25.xml" - }, - { - "name" : "29557", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29557" - }, - { - "name" : "oval:org.mitre.oval:def:4768", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768" - }, - { - "name" : "oval:org.mitre.oval:def:5583", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583" - }, - { - "name" : "ADV-2008-1744", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1744" - }, - { - "name" : "1020198", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020198" - }, - { - "name" : "30556", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30556" - }, - { - "name" : "3922", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3922" - }, - { - "name" : "vmware-vmwareauthd-privilege-escalation(42878)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42878" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201209-25", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml" + }, + { + "name": "ADV-2008-1744", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1744" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html" + }, + { + "name": "29557", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29557" + }, + { + "name": "oval:org.mitre.oval:def:4768", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768" + }, + { + "name": "30556", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30556" + }, + { + "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded" + }, + { + "name": "1020198", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020198" + }, + { + "name": "vmware-vmwareauthd-privilege-escalation(42878)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42878" + }, + { + "name": "oval:org.mitre.oval:def:5583", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583" + }, + { + "name": "3922", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3922" + }, + { + "name": "20080604 VMware Multiple Products vmware-authd Untrusted Library Loading Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1610.json b/2008/1xxx/CVE-2008-1610.json index 42cbefc38d5..b3e5ee1fd75 100644 --- a/2008/1xxx/CVE-2008-1610.json +++ b/2008/1xxx/CVE-2008-1610.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in TallSoft Quick TFTP Server Pro 2.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long mode field in a read or write request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5315", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5315" - }, - { - "name" : "http://www.offensive-security.com/0day/quick-tftp-poc.py.txt", - "refsource" : "MISC", - "url" : "http://www.offensive-security.com/0day/quick-tftp-poc.py.txt" - }, - { - "name" : "28459", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28459" - }, - { - "name" : "29494", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29494" - }, - { - "name" : "quicktftp-modefields-bo(41499)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in TallSoft Quick TFTP Server Pro 2.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long mode field in a read or write request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "quicktftp-modefields-bo(41499)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41499" + }, + { + "name": "5315", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5315" + }, + { + "name": "http://www.offensive-security.com/0day/quick-tftp-poc.py.txt", + "refsource": "MISC", + "url": "http://www.offensive-security.com/0day/quick-tftp-poc.py.txt" + }, + { + "name": "28459", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28459" + }, + { + "name": "29494", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29494" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3405.json b/2008/3xxx/CVE-2008-3405.json index 1591307489e..fcadcbc88fb 100644 --- a/2008/3xxx/CVE-2008-3405.json +++ b/2008/3xxx/CVE-2008-3405.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3405", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in Ricardo Amaral nzFotolog 0.4.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action_file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3405", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6164", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6164" - }, - { - "name" : "30439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30439" - }, - { - "name" : "31297", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31297" - }, - { - "name" : "4086", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4086" - }, - { - "name" : "nzfotolog-index-file-include(44065)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44065" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in Ricardo Amaral nzFotolog 0.4.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action_file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4086", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4086" + }, + { + "name": "nzfotolog-index-file-include(44065)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44065" + }, + { + "name": "6164", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6164" + }, + { + "name": "30439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30439" + }, + { + "name": "31297", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31297" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3609.json b/2008/3xxx/CVE-2008-3609.json index 3b82a4a31b7..41bdfc3ee31 100644 --- a/2008/3xxx/CVE-2008-3609.json +++ b/2008/3xxx/CVE-2008-3609.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2008-09-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" - }, - { - "name" : "TA08-260A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" - }, - { - "name" : "31189", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31189" - }, - { - "name" : "ADV-2008-2584", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2584" - }, - { - "name" : "1020877", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020877" - }, - { - "name" : "31882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31882" - }, - { - "name" : "macos-kernel-security-bypass(45169)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45169" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31189", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31189" + }, + { + "name": "1020877", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020877" + }, + { + "name": "APPLE-SA-2008-09-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" + }, + { + "name": "TA08-260A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" + }, + { + "name": "ADV-2008-2584", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2584" + }, + { + "name": "31882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31882" + }, + { + "name": "macos-kernel-security-bypass(45169)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45169" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3675.json b/2008/3xxx/CVE-2008-3675.json index 971cebae930..dab1af826c8 100644 --- a/2008/3xxx/CVE-2008-3675.json +++ b/2008/3xxx/CVE-2008-3675.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in classes/imgsize.php in Gelato 0.95 allows remote attackers to read arbitrary files via (1) a .. (dot dot) and possibly (2) a full pathname in the img parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6235", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6235" - }, - { - "name" : "30672", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30672" - }, - { - "name" : "31456", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31456" - }, - { - "name" : "4154", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4154" - }, - { - "name" : "gelatocms-imgsize-directory-traversal(44416)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44416" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in classes/imgsize.php in Gelato 0.95 allows remote attackers to read arbitrary files via (1) a .. (dot dot) and possibly (2) a full pathname in the img parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4154", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4154" + }, + { + "name": "31456", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31456" + }, + { + "name": "6235", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6235" + }, + { + "name": "30672", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30672" + }, + { + "name": "gelatocms-imgsize-directory-traversal(44416)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44416" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3689.json b/2008/3xxx/CVE-2008-3689.json index ff240a25e28..507cd94a9ef 100644 --- a/2008/3xxx/CVE-2008-3689.json +++ b/2008/3xxx/CVE-2008-3689.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3689", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3689", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4314.json b/2008/4xxx/CVE-2008-4314.json index 6be8593a182..c6bac0b15db 100644 --- a/2008/4xxx/CVE-2008-4314.json +++ b/2008/4xxx/CVE-2008-4314.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a \"cut&paste error\" that causes an improper bounds check to be performed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-4314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://us1.samba.org/samba/ftp/patches/security/samba-3.0.32-CVE-2008-4314.patch", - "refsource" : "CONFIRM", - "url" : "http://us1.samba.org/samba/ftp/patches/security/samba-3.0.32-CVE-2008-4314.patch" - }, - { - "name" : "http://us1.samba.org/samba/security/CVE-2008-4314.html", - "refsource" : "CONFIRM", - "url" : "http://us1.samba.org/samba/security/CVE-2008-4314.html" - }, - { - "name" : "FEDORA-2008-10518", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00021.html" - }, - { - "name" : "FEDORA-2008-10638", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00141.html" - }, - { - "name" : "HPSBTU02454", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=125003356619515&w=2" - }, - { - "name" : "SSRT080172", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=125003356619515&w=2" - }, - { - "name" : "SSA:2008-333-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.453684" - }, - { - "name" : "249087", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-249087-1" - }, - { - "name" : "SUSE-SR:2008:027", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html" - }, - { - "name" : "USN-680-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-680-1" - }, - { - "name" : "32494", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32494" - }, - { - "name" : "36281", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36281" - }, - { - "name" : "ADV-2008-3277", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3277" - }, - { - "name" : "ADV-2009-0067", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0067" - }, - { - "name" : "50230", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50230" - }, - { - "name" : "1021287", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021287" - }, - { - "name" : "32813", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32813" - }, - { - "name" : "32919", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32919" - }, - { - "name" : "32951", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32951" - }, - { - "name" : "32968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32968" - }, - { - "name" : "ADV-2009-2245", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a \"cut&paste error\" that causes an improper bounds check to be performed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32494", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32494" + }, + { + "name": "32951", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32951" + }, + { + "name": "32919", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32919" + }, + { + "name": "36281", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36281" + }, + { + "name": "50230", + "refsource": "OSVDB", + "url": "http://osvdb.org/50230" + }, + { + "name": "SSRT080172", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=125003356619515&w=2" + }, + { + "name": "USN-680-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-680-1" + }, + { + "name": "249087", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-249087-1" + }, + { + "name": "SUSE-SR:2008:027", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html" + }, + { + "name": "HPSBTU02454", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=125003356619515&w=2" + }, + { + "name": "1021287", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021287" + }, + { + "name": "FEDORA-2008-10638", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00141.html" + }, + { + "name": "ADV-2008-3277", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3277" + }, + { + "name": "SSA:2008-333-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.453684" + }, + { + "name": "http://us1.samba.org/samba/security/CVE-2008-4314.html", + "refsource": "CONFIRM", + "url": "http://us1.samba.org/samba/security/CVE-2008-4314.html" + }, + { + "name": "ADV-2009-2245", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2245" + }, + { + "name": "32968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32968" + }, + { + "name": "ADV-2009-0067", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0067" + }, + { + "name": "FEDORA-2008-10518", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00021.html" + }, + { + "name": "http://us1.samba.org/samba/ftp/patches/security/samba-3.0.32-CVE-2008-4314.patch", + "refsource": "CONFIRM", + "url": "http://us1.samba.org/samba/ftp/patches/security/samba-3.0.32-CVE-2008-4314.patch" + }, + { + "name": "32813", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32813" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4503.json b/2008/4xxx/CVE-2008-4503.json index 1d485e70e76..03a24f14d14 100644 --- a/2008/4xxx/CVE-2008-4503.json +++ b/2008/4xxx/CVE-2008-4503.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements, as demonstrated by hijacking the camera or microphone, and related to \"clickjacking.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.guya.net/2008/10/07/malicious-camera-spying-using-clickjacking/", - "refsource" : "MISC", - "url" : "http://blog.guya.net/2008/10/07/malicious-camera-spying-using-clickjacking/" - }, - { - "name" : "http://ha.ckers.org/blog/20081007/clickjacking-details/", - "refsource" : "MISC", - "url" : "http://ha.ckers.org/blog/20081007/clickjacking-details/" - }, - { - "name" : "http://www.adobe.com/support/security/advisories/apsa08-08.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/advisories/apsa08-08.html" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb08-18.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb08-18.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm" - }, - { - "name" : "GLSA-200903-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200903-23.xml" - }, - { - "name" : "RHSA-2008:0945", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0945.html" - }, - { - "name" : "RHSA-2008:0980", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0980.html" - }, - { - "name" : "248586", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1" - }, - { - "name" : "SUSE-SR:2008:025", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html" - }, - { - "name" : "31625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31625" - }, - { - "name" : "34226", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34226" - }, - { - "name" : "ADV-2008-2764", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2764" - }, - { - "name" : "1020996", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020996" - }, - { - "name" : "32163", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32163" - }, - { - "name" : "32448", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32448" - }, - { - "name" : "32759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32759" - }, - { - "name" : "32702", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32702" - }, - { - "name" : "33390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33390" - }, - { - "name" : "adobe-flash-click-hijacking(45721)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements, as demonstrated by hijacking the camera or microphone, and related to \"clickjacking.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.guya.net/2008/10/07/malicious-camera-spying-using-clickjacking/", + "refsource": "MISC", + "url": "http://blog.guya.net/2008/10/07/malicious-camera-spying-using-clickjacking/" + }, + { + "name": "33390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33390" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb08-18.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb08-18.html" + }, + { + "name": "adobe-flash-click-hijacking(45721)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45721" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm" + }, + { + "name": "32702", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32702" + }, + { + "name": "34226", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34226" + }, + { + "name": "1020996", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020996" + }, + { + "name": "GLSA-200903-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml" + }, + { + "name": "http://www.adobe.com/support/security/advisories/apsa08-08.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/advisories/apsa08-08.html" + }, + { + "name": "32759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32759" + }, + { + "name": "RHSA-2008:0945", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0945.html" + }, + { + "name": "RHSA-2008:0980", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm" + }, + { + "name": "32163", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32163" + }, + { + "name": "248586", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1" + }, + { + "name": "32448", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32448" + }, + { + "name": "ADV-2008-2764", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2764" + }, + { + "name": "SUSE-SR:2008:025", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html" + }, + { + "name": "http://ha.ckers.org/blog/20081007/clickjacking-details/", + "refsource": "MISC", + "url": "http://ha.ckers.org/blog/20081007/clickjacking-details/" + }, + { + "name": "31625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31625" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4598.json b/2008/4xxx/CVE-2008-4598.json index 6d82921ee02..f9b28c96fc3 100644 --- a/2008/4xxx/CVE-2008-4598.json +++ b/2008/4xxx/CVE-2008-4598.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Shindig-Integrator 5.x, a module for Drupal, has unspecified impact and remote attack vectors related to \"numerous flaws\" that are not related to XSS or access control, a different vulnerability than CVE-2008-4596 and CVE-2008-4597." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/321758", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/321758" - }, - { - "name" : "32285", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32285" - }, - { - "name" : "shindigintegrator-flaws-unspecified(46070)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Shindig-Integrator 5.x, a module for Drupal, has unspecified impact and remote attack vectors related to \"numerous flaws\" that are not related to XSS or access control, a different vulnerability than CVE-2008-4596 and CVE-2008-4597." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "shindigintegrator-flaws-unspecified(46070)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46070" + }, + { + "name": "32285", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32285" + }, + { + "name": "http://drupal.org/node/321758", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/321758" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4639.json b/2008/4xxx/CVE-2008-4639.json index 7b9ba29dd26..ef7f4260bb7 100644 --- a/2008/4xxx/CVE-2008-4639.json +++ b/2008/4xxx/CVE-2008-4639.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081015 CVE request: jhead", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/15/5" - }, - { - "name" : "[oss-security] 20081015 Re: CVE request: jhead", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/15/6" - }, - { - "name" : "[oss-security] 20081016 Re: CVE request: jhead", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/16/3" - }, - { - "name" : "[oss-security] 20090206 Re: CVE request: jhead", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/02/06/5" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020" + }, + { + "name": "[oss-security] 20081015 CVE request: jhead", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/15/5" + }, + { + "name": "[oss-security] 20090206 Re: CVE request: jhead", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/02/06/5" + }, + { + "name": "[oss-security] 20081016 Re: CVE request: jhead", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3" + }, + { + "name": "[oss-security] 20081015 Re: CVE request: jhead", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4773.json b/2008/4xxx/CVE-2008-4773.json index 6081729c84a..d1188ceef13 100644 --- a/2008/4xxx/CVE-2008-4773.json +++ b/2008/4xxx/CVE-2008-4773.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbitrary local files via a .. (dot dot) in the theme parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6853", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6853" - }, - { - "name" : "31945", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31945" - }, - { - "name" : "4523", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4523" - }, - { - "name" : "questcms-main-directory-traversal(46151)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46151" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbitrary local files via a .. (dot dot) in the theme parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6853", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6853" + }, + { + "name": "4523", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4523" + }, + { + "name": "31945", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31945" + }, + { + "name": "questcms-main-directory-traversal(46151)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46151" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2035.json b/2013/2xxx/CVE-2013-2035.json index cdda770d8ba..ec2ac92438a 100644 --- a/2013/2xxx/CVE-2013-2035.json +++ b/2013/2xxx/CVE-2013-2035.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2035", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2035", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2035" - }, - { - "name" : "https://github.com/fusesource/hawtjni/commit/92c266170ce98edc200c656bd034a237098b8aa5", - "refsource" : "CONFIRM", - "url" : "https://github.com/fusesource/hawtjni/commit/92c266170ce98edc200c656bd034a237098b8aa5" - }, - { - "name" : "https://github.com/jline/jline2/issues/85", - "refsource" : "CONFIRM", - "url" : "https://github.com/jline/jline2/issues/85" - }, - { - "name" : "https://github.com/jruby/jruby/issues/732", - "refsource" : "CONFIRM", - "url" : "https://github.com/jruby/jruby/issues/732" - }, - { - "name" : "RHSA-2013:1029", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1029.html" - }, - { - "name" : "RHSA-2013:1784", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1784.html" - }, - { - "name" : "RHSA-2013:1785", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1785.html" - }, - { - "name" : "RHSA-2013:1786", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1786.html" - }, - { - "name" : "RHSA-2014:0029", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0029.html" - }, - { - "name" : "RHSA-2014:0245", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0245.html" - }, - { - "name" : "RHSA-2014:0254", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0254.html" - }, - { - "name" : "RHSA-2014:0400", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0400.html" - }, - { - "name" : "RHSA-2015:0034", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0034.html" - }, - { - "name" : "93411", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/93411" - }, - { - "name" : "1029431", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029431" - }, - { - "name" : "53415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53415" - }, - { - "name" : "54108", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54108" - }, - { - "name" : "57915", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0029", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html" + }, + { + "name": "RHSA-2013:1029", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1029.html" + }, + { + "name": "53415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53415" + }, + { + "name": "93411", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/93411" + }, + { + "name": "RHSA-2015:0034", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0034.html" + }, + { + "name": "RHSA-2014:0254", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0254.html" + }, + { + "name": "https://github.com/jline/jline2/issues/85", + "refsource": "CONFIRM", + "url": "https://github.com/jline/jline2/issues/85" + }, + { + "name": "RHSA-2013:1785", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1785.html" + }, + { + "name": "1029431", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029431" + }, + { + "name": "RHSA-2013:1784", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1784.html" + }, + { + "name": "https://github.com/fusesource/hawtjni/commit/92c266170ce98edc200c656bd034a237098b8aa5", + "refsource": "CONFIRM", + "url": "https://github.com/fusesource/hawtjni/commit/92c266170ce98edc200c656bd034a237098b8aa5" + }, + { + "name": "RHSA-2014:0400", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0400.html" + }, + { + "name": "RHSA-2014:0245", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0245.html" + }, + { + "name": "RHSA-2013:1786", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1786.html" + }, + { + "name": "57915", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57915" + }, + { + "name": "https://github.com/jruby/jruby/issues/732", + "refsource": "CONFIRM", + "url": "https://github.com/jruby/jruby/issues/732" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2035", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2035" + }, + { + "name": "54108", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54108" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2082.json b/2013/2xxx/CVE-2013-2082.json index bf0492ce287..6f5193d5214 100644 --- a/2013/2xxx/CVE-2013-2082.json +++ b/2013/2xxx/CVE-2013-2082.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130521 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/05/21/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37245", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37245" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=228934", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=228934" - }, - { - "name" : "FEDORA-2013-8668", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html" - }, - { - "name" : "FEDORA-2013-8692", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html" - }, - { - "name" : "FEDORA-2013-8702", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37245", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37245" + }, + { + "name": "FEDORA-2013-8702", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html" + }, + { + "name": "[oss-security] 20130521 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/05/21/1" + }, + { + "name": "FEDORA-2013-8668", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=228934", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=228934" + }, + { + "name": "FEDORA-2013-8692", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2119.json b/2013/2xxx/CVE-2013-2119.json index 54542cd3f2c..78b8cf1bb01 100644 --- a/2013/2xxx/CVE-2013-2119.json +++ b/2013/2xxx/CVE-2013-2119.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary \"config\" file in a directory with a predictable name in /tmp/ before it is used by the gem." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/", - "refsource" : "CONFIRM", - "url" : "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/" - }, - { - "name" : "http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/", - "refsource" : "CONFIRM", - "url" : "http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=892813", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=892813" - }, - { - "name" : "RHSA-2013:1136", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1136.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary \"config\" file in a directory with a predictable name in /tmp/ before it is used by the gem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=892813", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892813" + }, + { + "name": "RHSA-2013:1136", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1136.html" + }, + { + "name": "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/", + "refsource": "CONFIRM", + "url": "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/" + }, + { + "name": "http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/", + "refsource": "CONFIRM", + "url": "http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2550.json b/2013/2xxx/CVE-2013-2550.json index c09f213f5c1..d043ce8502d 100644 --- a/2013/2xxx/CVE-2013-2550.json +++ b/2013/2xxx/CVE-2013-2550.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe Reader 11.0.02 allows attackers to bypass the sandbox protection mechanism via unknown vectors, as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157", - "refsource" : "MISC", - "url" : "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157" - }, - { - "name" : "http://twitter.com/thezdi/statuses/309771882612281344", - "refsource" : "MISC", - "url" : "http://twitter.com/thezdi/statuses/309771882612281344" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-15.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-15.html" - }, - { - "name" : "GLSA-201308-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml" - }, - { - "name" : "SUSE-SU-2013:0809", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html" - }, - { - "name" : "oval:org.mitre.oval:def:15992", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe Reader 11.0.02 allows attackers to bypass the sandbox protection mechanism via unknown vectors, as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://twitter.com/thezdi/statuses/309771882612281344", + "refsource": "MISC", + "url": "http://twitter.com/thezdi/statuses/309771882612281344" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-15.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-15.html" + }, + { + "name": "SUSE-SU-2013:0809", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html" + }, + { + "name": "oval:org.mitre.oval:def:15992", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15992" + }, + { + "name": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157", + "refsource": "MISC", + "url": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157" + }, + { + "name": "GLSA-201308-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-03.xml" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3031.json b/2013/3xxx/CVE-2013-3031.json index faa09acc9a6..24cda514b1b 100644 --- a/2013/3xxx/CVE-2013-3031.json +++ b/2013/3xxx/CVE-2013-3031.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A SQL stored procedure in the Universal Cache component in IBM solidDB 6.0.x before 6.0.1070, 6.3.x before 6.3.0.56, 6.5.x before 6.5.0.12, and 7.0.x before 7.0.0.4 allows remote authenticated users to cause a denial of service (uninitialized-memory access and daemon crash) via a call that includes named arguments and default parameter values, but does not include all of the expected arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-3031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21643599", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21643599" - }, - { - "name" : "IC88796", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC88796" - }, - { - "name" : "IC88797", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC88797" - }, - { - "name" : "IC94043", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94043" - }, - { - "name" : "IC94044", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94044" - }, - { - "name" : "soliddb-cve20133031-uninitialized-data(84593)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A SQL stored procedure in the Universal Cache component in IBM solidDB 6.0.x before 6.0.1070, 6.3.x before 6.3.0.56, 6.5.x before 6.5.0.12, and 7.0.x before 7.0.0.4 allows remote authenticated users to cause a denial of service (uninitialized-memory access and daemon crash) via a call that includes named arguments and default parameter values, but does not include all of the expected arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IC88796", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC88796" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21643599", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643599" + }, + { + "name": "IC94043", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94043" + }, + { + "name": "soliddb-cve20133031-uninitialized-data(84593)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84593" + }, + { + "name": "IC88797", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC88797" + }, + { + "name": "IC94044", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94044" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3208.json b/2013/3xxx/CVE-2013-3208.json index b2ee02b6a56..8cd61b2bb18 100644 --- a/2013/3xxx/CVE-2013-3208.json +++ b/2013/3xxx/CVE-2013-3208.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-069", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-069" - }, - { - "name" : "TA13-253A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-253A" - }, - { - "name" : "oval:org.mitre.oval:def:18114", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-069", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-069" + }, + { + "name": "oval:org.mitre.oval:def:18114", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18114" + }, + { + "name": "TA13-253A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-253A" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3215.json b/2013/3xxx/CVE-2013-3215.json index 5e6ef072d44..32160729bdf 100644 --- a/2013/3xxx/CVE-2013-3215.json +++ b/2013/3xxx/CVE-2013-3215.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3215", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3215", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3222.json b/2013/3xxx/CVE-2013-3222.json index 715974dfcbe..8d96ffe7d9a 100644 --- a/2013/3xxx/CVE-2013-3222.json +++ b/2013/3xxx/CVE-2013-3222.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20130414 Linux 3.9-rc7", - "refsource" : "MLIST", - "url" : "https://lkml.org/lkml/2013/4/14/107" - }, - { - "name" : "[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/04/14/3" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9b3e617f3df53822345a8573b6d358f6b9e5ed87", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9b3e617f3df53822345a8573b6d358f6b9e5ed87" - }, - { - "name" : "https://github.com/torvalds/linux/commit/9b3e617f3df53822345a8573b6d358f6b9e5ed87", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/9b3e617f3df53822345a8573b6d358f6b9e5ed87" - }, - { - "name" : "FEDORA-2013-6537", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html" - }, - { - "name" : "FEDORA-2013-6999", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html" - }, - { - "name" : "MDVSA-2013:176", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" - }, - { - "name" : "RHSA-2013:1051", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1051.html" - }, - { - "name" : "openSUSE-SU-2013:1187", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html" - }, - { - "name" : "openSUSE-SU-2013:1971", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html" - }, - { - "name" : "SUSE-SU-2013:1182", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html" - }, - { - "name" : "USN-1837-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1837-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:1187", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html" + }, + { + "name": "FEDORA-2013-6537", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/9b3e617f3df53822345a8573b6d358f6b9e5ed87", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/9b3e617f3df53822345a8573b6d358f6b9e5ed87" + }, + { + "name": "MDVSA-2013:176", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" + }, + { + "name": "RHSA-2013:1051", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1051.html" + }, + { + "name": "FEDORA-2013-6999", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html" + }, + { + "name": "USN-1837-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1837-1" + }, + { + "name": "[linux-kernel] 20130414 Linux 3.9-rc7", + "refsource": "MLIST", + "url": "https://lkml.org/lkml/2013/4/14/107" + }, + { + "name": "[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/04/14/3" + }, + { + "name": "openSUSE-SU-2013:1971", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9b3e617f3df53822345a8573b6d358f6b9e5ed87", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9b3e617f3df53822345a8573b6d358f6b9e5ed87" + }, + { + "name": "SUSE-SU-2013:1182", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3495.json b/2013/3xxx/CVE-2013-3495.json index 47abc21fa7e..d1dd8ab2ef6 100644 --- a/2013/3xxx/CVE-2013-3495.json +++ b/2013/3xxx/CVE-2013-3495.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130820 Xen Security Advisory 59 (CVE-2013-3495) - Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/08/20/8" - }, - { - "name" : "GLSA-201504-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-04" - }, - { - "name" : "openSUSE-SU-2015:0226", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html" - }, - { - "name" : "openSUSE-SU-2015:0256", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html" - }, - { - "name" : "61854", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61854" - }, - { - "name" : "96438", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/96438" - }, - { - "name" : "1028931", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028931" - }, - { - "name" : "54341", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54341" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1028931", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028931" + }, + { + "name": "GLSA-201504-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-04" + }, + { + "name": "96438", + "refsource": "OSVDB", + "url": "http://osvdb.org/96438" + }, + { + "name": "54341", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54341" + }, + { + "name": "[oss-security] 20130820 Xen Security Advisory 59 (CVE-2013-3495) - Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/08/20/8" + }, + { + "name": "openSUSE-SU-2015:0226", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html" + }, + { + "name": "openSUSE-SU-2015:0256", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html" + }, + { + "name": "61854", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61854" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6140.json b/2013/6xxx/CVE-2013-6140.json index e81645e5cab..8bf3f1b1867 100644 --- a/2013/6xxx/CVE-2013-6140.json +++ b/2013/6xxx/CVE-2013-6140.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6140", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6140", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6274.json b/2013/6xxx/CVE-2013-6274.json index 413506ce6be..f9b7a848475 100644 --- a/2013/6xxx/CVE-2013-6274.json +++ b/2013/6xxx/CVE-2013-6274.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6274", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6274", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6676.json b/2013/6xxx/CVE-2013-6676.json index bfdddb4ed04..43259e39731 100644 --- a/2013/6xxx/CVE-2013-6676.json +++ b/2013/6xxx/CVE-2013-6676.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6676", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6676", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7193.json b/2013/7xxx/CVE-2013-7193.json index 0e15d57945f..012ee269b06 100644 --- a/2013/7xxx/CVE-2013-7193.json +++ b/2013/7xxx/CVE-2013-7193.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in C2C Forward Auction Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) pa parameter to auction/asp/list.asp, or the (2) UserID or (3) Password to auction/casp/admin.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/124441/c2cfac-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/124441/c2cfac-sql.txt" - }, - { - "name" : "64329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64329" - }, - { - "name" : "101075", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101075" - }, - { - "name" : "101076", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101076" - }, - { - "name" : "c2cforwardauction-admin-sql-injection(89755)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89755" - }, - { - "name" : "c2cforwardauctioncreator-list-sql-injection(89752)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89752" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in C2C Forward Auction Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) pa parameter to auction/asp/list.asp, or the (2) UserID or (3) Password to auction/casp/admin.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101076", + "refsource": "OSVDB", + "url": "http://osvdb.org/101076" + }, + { + "name": "c2cforwardauctioncreator-list-sql-injection(89752)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89752" + }, + { + "name": "c2cforwardauction-admin-sql-injection(89755)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89755" + }, + { + "name": "64329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64329" + }, + { + "name": "101075", + "refsource": "OSVDB", + "url": "http://osvdb.org/101075" + }, + { + "name": "http://packetstormsecurity.com/files/124441/c2cfac-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/124441/c2cfac-sql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10281.json b/2017/10xxx/CVE-2017-10281.json index faa058cc490..bacac75c72f 100644 --- a/2017/10xxx/CVE-2017-10281.json +++ b/2017/10xxx/CVE-2017-10281.json @@ -1,160 +1,160 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java SE: 6u161" - }, - { - "version_affected" : "=", - "version_value" : "7u151" - }, - { - "version_affected" : "=", - "version_value" : "8u144" - }, - { - "version_affected" : "=", - "version_value" : "9; Java SE Embedded: 8u144; JRockit: R28.3.15" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java SE: 6u161" + }, + { + "version_affected": "=", + "version_value": "7u151" + }, + { + "version_affected": "=", + "version_value": "8u144" + }, + { + "version_affected": "=", + "version_value": "9; Java SE Embedded: 8u144; JRockit: R28.3.15" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171019-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171019-0001/" - }, - { - "name" : "DSA-4015", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4015" - }, - { - "name" : "DSA-4048", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4048" - }, - { - "name" : "GLSA-201710-31", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-31" - }, - { - "name" : "GLSA-201711-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201711-14" - }, - { - "name" : "RHSA-2017:3264", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3264" - }, - { - "name" : "RHSA-2017:3267", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3267" - }, - { - "name" : "RHSA-2017:3268", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3268" - }, - { - "name" : "RHSA-2017:2998", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2998" - }, - { - "name" : "RHSA-2017:3392", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3392" - }, - { - "name" : "RHSA-2017:3046", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3046" - }, - { - "name" : "RHSA-2017:3047", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3047" - }, - { - "name" : "RHSA-2017:2999", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2999" - }, - { - "name" : "RHSA-2017:3453", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3453" - }, - { - "name" : "101378", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101378" - }, - { - "name" : "1039596", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039596" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:3047", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3047" + }, + { + "name": "GLSA-201711-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201711-14" + }, + { + "name": "DSA-4015", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4015" + }, + { + "name": "RHSA-2017:3267", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3267" + }, + { + "name": "RHSA-2017:2998", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2998" + }, + { + "name": "RHSA-2017:3268", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3268" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "RHSA-2017:3046", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3046" + }, + { + "name": "101378", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101378" + }, + { + "name": "1039596", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039596" + }, + { + "name": "GLSA-201710-31", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-31" + }, + { + "name": "RHSA-2017:3264", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3264" + }, + { + "name": "DSA-4048", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4048" + }, + { + "name": "RHSA-2017:3453", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3453" + }, + { + "name": "RHSA-2017:3392", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3392" + }, + { + "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20171019-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" + }, + { + "name": "RHSA-2017:2999", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2999" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10436.json b/2017/10xxx/CVE-2017-10436.json index dfaf6a8a7cd..4aa4df80b81 100644 --- a/2017/10xxx/CVE-2017-10436.json +++ b/2017/10xxx/CVE-2017-10436.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10436", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10436", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10784.json b/2017/10xxx/CVE-2017-10784.json index 5e6554d6276..759ef431d4b 100644 --- a/2017/10xxx/CVE-2017-10784.json +++ b/2017/10xxx/CVE-2017-10784.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html" - }, - { - "name" : "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/", - "refsource" : "CONFIRM", - "url" : "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/" - }, - { - "name" : "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/", - "refsource" : "CONFIRM", - "url" : "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/" - }, - { - "name" : "https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/", - "refsource" : "CONFIRM", - "url" : "https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/" - }, - { - "name" : "DSA-4031", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4031" - }, - { - "name" : "GLSA-201710-18", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-18" - }, - { - "name" : "RHSA-2017:3485", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3485" - }, - { - "name" : "RHSA-2018:0378", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0378" - }, - { - "name" : "RHSA-2018:0583", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0583" - }, - { - "name" : "RHSA-2018:0585", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0585" - }, - { - "name" : "USN-3528-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3528-1/" - }, - { - "name" : "USN-3685-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3685-1/" - }, - { - "name" : "100853", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100853" - }, - { - "name" : "1039363", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039363" - }, - { - "name" : "1042004", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3685-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3685-1/" + }, + { + "name": "RHSA-2018:0585", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0585" + }, + { + "name": "USN-3528-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3528-1/" + }, + { + "name": "100853", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100853" + }, + { + "name": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/", + "refsource": "CONFIRM", + "url": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/" + }, + { + "name": "RHSA-2018:0378", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0378" + }, + { + "name": "1042004", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042004" + }, + { + "name": "DSA-4031", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4031" + }, + { + "name": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/", + "refsource": "CONFIRM", + "url": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/" + }, + { + "name": "1039363", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039363" + }, + { + "name": "RHSA-2017:3485", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3485" + }, + { + "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html" + }, + { + "name": "RHSA-2018:0583", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0583" + }, + { + "name": "https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/", + "refsource": "CONFIRM", + "url": "https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/" + }, + { + "name": "GLSA-201710-18", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-18" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14002.json b/2017/14xxx/CVE-2017-14002.json index b8813917102..04db4a93eb8 100644 --- a/2017/14xxx/CVE-2017-14002.json +++ b/2017/14xxx/CVE-2017-14002.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-03-13T00:00:00", - "ID" : "CVE-2017-14002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GE Infinia", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "GE Healthcare" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER AUTHENTICATION CWE-287 The affected devices use default or hard-coded credentials." - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-03-13T00:00:00", + "ID": "CVE-2017-14002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GE Infinia", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "GE Healthcare" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02" - }, - { - "name" : "103405", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103405" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER AUTHENTICATION CWE-287 The affected devices use default or hard-coded credentials." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103405", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103405" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14963.json b/2017/14xxx/CVE-2017-14963.json index f73a546c8be..18a75cc799f 100644 --- a/2017/14xxx/CVE-2017-14963.json +++ b/2017/14xxx/CVE-2017-14963.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000058." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.greyhathacker.net/?p=995", - "refsource" : "MISC", - "url" : "http://www.greyhathacker.net/?p=995" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000058." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.greyhathacker.net/?p=995", + "refsource": "MISC", + "url": "http://www.greyhathacker.net/?p=995" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17478.json b/2017/17xxx/CVE-2017-17478.json index 3806fdfd572..30f60afb0b6 100644 --- a/2017/17xxx/CVE-2017-17478.json +++ b/2017/17xxx/CVE-2017-17478.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with developer credentials can insert malicious code (up to 64 characters) into a text field in Designer Studio, after establishing context. Designer Studio is the developer workbench for Pega Platform. That XSS payload will execute when other developers visit the affected pages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pdn.pega.com/pegasystems-security-bulletin-cve-2017-17478/pegasystems-security-bulletin-cve-2017-17478", - "refsource" : "CONFIRM", - "url" : "https://pdn.pega.com/pegasystems-security-bulletin-cve-2017-17478/pegasystems-security-bulletin-cve-2017-17478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with developer credentials can insert malicious code (up to 64 characters) into a text field in Designer Studio, after establishing context. Designer Studio is the developer workbench for Pega Platform. That XSS payload will execute when other developers visit the affected pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pdn.pega.com/pegasystems-security-bulletin-cve-2017-17478/pegasystems-security-bulletin-cve-2017-17478", + "refsource": "CONFIRM", + "url": "https://pdn.pega.com/pegasystems-security-bulletin-cve-2017-17478/pegasystems-security-bulletin-cve-2017-17478" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17504.json b/2017/17xxx/CVE-2017-17504.json index 161cfe3cb19..b2baa655d95 100644 --- a/2017/17xxx/CVE-2017-17504.json +++ b/2017/17xxx/CVE-2017-17504.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180101 [SECURITY] [DLA 1227-1] imagemagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00000.html" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/872", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/872" - }, - { - "name" : "DSA-4074", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4074" - }, - { - "name" : "DSA-4204", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4204" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + }, + { + "name": "DSA-4074", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4074" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/872", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/872" + }, + { + "name": "[debian-lts-announce] 20180101 [SECURITY] [DLA 1227-1] imagemagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00000.html" + }, + { + "name": "DSA-4204", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4204" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17822.json b/2017/17xxx/CVE-2017-17822.json index 1b2fa955ab0..2add6143225 100644 --- a/2017/17xxx/CVE-2017-17822.json +++ b/2017/17xxx/CVE-2017-17822.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Piwigo/Piwigo/commit/33a03e9afb8fb00c9d8f480424d549311fe03d40", - "refsource" : "MISC", - "url" : "https://github.com/Piwigo/Piwigo/commit/33a03e9afb8fb00c9d8f480424d549311fe03d40" - }, - { - "name" : "https://github.com/Piwigo/Piwigo/issues/823", - "refsource" : "MISC", - "url" : "https://github.com/Piwigo/Piwigo/issues/823" - }, - { - "name" : "https://github.com/sahildhar/sahildhar.github.io/blob/master/research/reports/Piwigo_2.9.2/Multiple%20SQL%20Injection%20Vulnerabilities%20in%20Piwigo%202.9.2.md", - "refsource" : "MISC", - "url" : "https://github.com/sahildhar/sahildhar.github.io/blob/master/research/reports/Piwigo_2.9.2/Multiple%20SQL%20Injection%20Vulnerabilities%20in%20Piwigo%202.9.2.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/sahildhar/sahildhar.github.io/blob/master/research/reports/Piwigo_2.9.2/Multiple%20SQL%20Injection%20Vulnerabilities%20in%20Piwigo%202.9.2.md", + "refsource": "MISC", + "url": "https://github.com/sahildhar/sahildhar.github.io/blob/master/research/reports/Piwigo_2.9.2/Multiple%20SQL%20Injection%20Vulnerabilities%20in%20Piwigo%202.9.2.md" + }, + { + "name": "https://github.com/Piwigo/Piwigo/commit/33a03e9afb8fb00c9d8f480424d549311fe03d40", + "refsource": "MISC", + "url": "https://github.com/Piwigo/Piwigo/commit/33a03e9afb8fb00c9d8f480424d549311fe03d40" + }, + { + "name": "https://github.com/Piwigo/Piwigo/issues/823", + "refsource": "MISC", + "url": "https://github.com/Piwigo/Piwigo/issues/823" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17948.json b/2017/17xxx/CVE-2017-17948.json index 42714213da1..892fc3c533f 100644 --- a/2017/17xxx/CVE-2017-17948.json +++ b/2017/17xxx/CVE-2017-17948.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17948", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17948", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/cell.md", - "refsource" : "MISC", - "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/cell.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/cell.md", + "refsource": "MISC", + "url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/cell.md" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9041.json b/2017/9xxx/CVE-2017-9041.json index fa8f95f9b79..92bb7576580 100644 --- a/2017/9xxx/CVE-2017-9041.json +++ b/2017/9xxx/CVE-2017-9041.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/" - }, - { - "name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19", - "refsource" : "MISC", - "url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19" - }, - { - "name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3", - "refsource" : "MISC", - "url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3" - }, - { - "name" : "GLSA-201709-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-02" - }, - { - "name" : "98598", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98598" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-02" + }, + { + "name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19", + "refsource": "MISC", + "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/" + }, + { + "name": "98598", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98598" + }, + { + "name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3", + "refsource": "MISC", + "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9301.json b/2017/9xxx/CVE-2017-9301.json index de3759bd0d3..085b7c51323 100644 --- a/2017/9xxx/CVE-2017-9301.json +++ b/2017/9xxx/CVE-2017-9301.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "plugins\\audio_filter\\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.html", - "refsource" : "MISC", - "url" : "http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.html" - }, - { - "name" : "98746", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98746" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "plugins\\audio_filter\\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98746", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98746" + }, + { + "name": "http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.html", + "refsource": "MISC", + "url": "http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9783.json b/2017/9xxx/CVE-2017-9783.json index 6364bbf9bdd..a7369f7b01b 100644 --- a/2017/9xxx/CVE-2017-9783.json +++ b/2017/9xxx/CVE-2017-9783.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in a Site name updated." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ignacionelson/ProjectSend/compare/448/commits", - "refsource" : "CONFIRM", - "url" : "https://github.com/ignacionelson/ProjectSend/compare/448/commits" - }, - { - "name" : "https://github.com/ignacionelson/ProjectSend/pull/448/commits/6c3710430be26feb5371cb0377e5355d6f9a27ca", - "refsource" : "CONFIRM", - "url" : "https://github.com/ignacionelson/ProjectSend/pull/448/commits/6c3710430be26feb5371cb0377e5355d6f9a27ca" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in a Site name updated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ignacionelson/ProjectSend/pull/448/commits/6c3710430be26feb5371cb0377e5355d6f9a27ca", + "refsource": "CONFIRM", + "url": "https://github.com/ignacionelson/ProjectSend/pull/448/commits/6c3710430be26feb5371cb0377e5355d6f9a27ca" + }, + { + "name": "https://github.com/ignacionelson/ProjectSend/compare/448/commits", + "refsource": "CONFIRM", + "url": "https://github.com/ignacionelson/ProjectSend/compare/448/commits" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9852.json b/2017/9xxx/CVE-2017-9852.json index 4bcb78de0e8..99da87d2b7f 100644 --- a/2017/9xxx/CVE-2017-9852.json +++ b/2017/9xxx/CVE-2017-9852.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwords are expected to be default or similar across installations installed by the same company (but are sometimes changed). Hidden user accounts have (at least in some cases, though more research is required to test this for all hidden user accounts) a fixed password for all devices; it can never be changed by a user. Other vulnerabilities exist that allow an attacker to get the passwords of these hidden user accounts. NOTE: the vendor reports that it has no influence on the allocation of passwords, and that global hardcoded master passwords do not exist. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://horusscenario.com/CVE-information/", - "refsource" : "MISC", - "url" : "https://horusscenario.com/CVE-information/" - }, - { - "name" : "http://www.sma.de/en/statement-on-cyber-security.html", - "refsource" : "MISC", - "url" : "http://www.sma.de/en/statement-on-cyber-security.html" - }, - { - "name" : "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf", - "refsource" : "MISC", - "url" : "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwords are expected to be default or similar across installations installed by the same company (but are sometimes changed). Hidden user accounts have (at least in some cases, though more research is required to test this for all hidden user accounts) a fixed password for all devices; it can never be changed by a user. Other vulnerabilities exist that allow an attacker to get the passwords of these hidden user accounts. NOTE: the vendor reports that it has no influence on the allocation of passwords, and that global hardcoded master passwords do not exist. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sma.de/en/statement-on-cyber-security.html", + "refsource": "MISC", + "url": "http://www.sma.de/en/statement-on-cyber-security.html" + }, + { + "name": "https://horusscenario.com/CVE-information/", + "refsource": "MISC", + "url": "https://horusscenario.com/CVE-information/" + }, + { + "name": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf", + "refsource": "MISC", + "url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9863.json b/2017/9xxx/CVE-2017-9863.json index 0dc057e0e91..bc7c06e4a79 100644 --- a/2017/9xxx/CVE-2017-9863.json +++ b/2017/9xxx/CVE-2017-9863.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://horusscenario.com/CVE-information/", - "refsource" : "MISC", - "url" : "https://horusscenario.com/CVE-information/" - }, - { - "name" : "http://www.sma.de/en/statement-on-cyber-security.html", - "refsource" : "MISC", - "url" : "http://www.sma.de/en/statement-on-cyber-security.html" - }, - { - "name" : "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf", - "refsource" : "MISC", - "url" : "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sma.de/en/statement-on-cyber-security.html", + "refsource": "MISC", + "url": "http://www.sma.de/en/statement-on-cyber-security.html" + }, + { + "name": "https://horusscenario.com/CVE-information/", + "refsource": "MISC", + "url": "https://horusscenario.com/CVE-information/" + }, + { + "name": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf", + "refsource": "MISC", + "url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0135.json b/2018/0xxx/CVE-2018-0135.json index cdf29d6dbe3..b12d144519c 100644 --- a/2018/0xxx/CVE-2018-0135.json +++ b/2018/0xxx/CVE-2018-0135.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Unified Communications Manager", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Unified Communications Manager" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search input. An attacker could exploit this vulnerability by sending malicious requests to an affected system. A successful exploit could allow the attacker to retrieve sensitive information from the affected system. Cisco Bug IDs: CSCvf17644." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Unified Communications Manager", + "version": { + "version_data": [ + { + "version_value": "Cisco Unified Communications Manager" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm" - }, - { - "name" : "102964", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102964" - }, - { - "name" : "1040343", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040343" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search input. An attacker could exploit this vulnerability by sending malicious requests to an affected system. A successful exploit could allow the attacker to retrieve sensitive information from the affected system. Cisco Bug IDs: CSCvf17644." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102964", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102964" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm" + }, + { + "name": "1040343", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040343" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0143.json b/2018/0xxx/CVE-2018-0143.json index d8b103ca8f7..0ad748ff321 100644 --- a/2018/0xxx/CVE-2018-0143.json +++ b/2018/0xxx/CVE-2018-0143.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0143", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-0143", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0316.json b/2018/0xxx/CVE-2018-0316.json index 7edbe8c84a6..0fbb51a8b1f 100644 --- a/2018/0xxx/CVE-2018-0316.json +++ b/2018/0xxx/CVE-2018-0316.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IP Phone 6800, 7800, and 8800 Series unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IP Phone 6800, 7800, and 8800 Series unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the firmware of an affected phone incorrectly handles errors that could occur when an incoming phone call is not answered. An attacker could exploit this vulnerability by sending a set of maliciously crafted SIP packets to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. This vulnerability affects Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware if they are running a Multiplatform Firmware release prior to Release 11.1(2). Cisco Bug IDs: CSCvi24718." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IP Phone 6800, 7800, and 8800 Series unknown", + "version": { + "version_data": [ + { + "version_value": "Cisco IP Phone 6800, 7800, and 8800 Series unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip" - }, - { - "name" : "1041073", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the firmware of an affected phone incorrectly handles errors that could occur when an incoming phone call is not answered. An attacker could exploit this vulnerability by sending a set of maliciously crafted SIP packets to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. This vulnerability affects Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware if they are running a Multiplatform Firmware release prior to Release 11.1(2). Cisco Bug IDs: CSCvi24718." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041073", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041073" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0372.json b/2018/0xxx/CVE-2018-0372.json index 47a097786d9..17b29cf681a 100644 --- a/2018/0xxx/CVE-2018-0372.json +++ b/2018/0xxx/CVE-2018-0372.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Nexus 9000 Series unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Nexus 9000 Series unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000 Series Fabric Switches in Application-Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause the device to run low on system memory, which could result in a Denial of Service (DoS) condition on an affected system. The vulnerability is due to improper memory management when DHCPv6 packets are received on an interface of the targeted device. An attacker could exploit this vulnerability by sending a high number of malicious DHCPv6 packets to be processed by an affected device. A successful exploit could allow the attacker to cause the system to run low on memory, which could cause an eventual reboot of an affected device. The vulnerability only applies to IPv6 protocol packets and not for IPv4 protocol packets. This vulnerability affects Cisco Nexus 9000 Series Fabric Switches in ACI Mode running software version 13.0(1k). The vulnerability can only be exploited when unicast routing is enabled on the Bridge Domain (BD). DHCP and DHCP relay do not have to be configured for the vulnerability to be exploited. Cisco Bug IDs: CSCvg38918." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-400" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Nexus 9000 Series unknown", + "version": { + "version_data": [ + { + "version_value": "Cisco Nexus 9000 Series unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-20180718-nexus-9000-dos", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-20180718-nexus-9000-dos" - }, - { - "name" : "1041348", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041348" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000 Series Fabric Switches in Application-Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause the device to run low on system memory, which could result in a Denial of Service (DoS) condition on an affected system. The vulnerability is due to improper memory management when DHCPv6 packets are received on an interface of the targeted device. An attacker could exploit this vulnerability by sending a high number of malicious DHCPv6 packets to be processed by an affected device. A successful exploit could allow the attacker to cause the system to run low on memory, which could cause an eventual reboot of an affected device. The vulnerability only applies to IPv6 protocol packets and not for IPv4 protocol packets. This vulnerability affects Cisco Nexus 9000 Series Fabric Switches in ACI Mode running software version 13.0(1k). The vulnerability can only be exploited when unicast routing is enabled on the Bridge Domain (BD). DHCP and DHCP relay do not have to be configured for the vulnerability to be exploited. Cisco Bug IDs: CSCvg38918." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-20180718-nexus-9000-dos", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-20180718-nexus-9000-dos" + }, + { + "name": "1041348", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041348" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000071.json b/2018/1000xxx/CVE-2018-1000071.json index 63fd991c695..6f28f1fca91 100644 --- a/2018/1000xxx/CVE-2018-1000071.json +++ b/2018/1000xxx/CVE-2018-1000071.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2/12/2018 5:20:44", - "ID" : "CVE-2018-1000071", - "REQUESTER" : "contact@legacysecuritygroup.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "roundcube", - "version" : { - "version_data" : [ - { - "version_value" : "1.3.4 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "roundcube" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insecure Permissions" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2/12/2018 5:20:44", + "ID": "CVE-2018-1000071", + "REQUESTER": "contact@legacysecuritygroup.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/roundcube/roundcubemail/issues/6173", - "refsource" : "MISC", - "url" : "https://github.com/roundcube/roundcubemail/issues/6173" - }, - { - "name" : "https://www.legacysecuritygroup.com/cve/references/02122018-roundcube-enigma.txt", - "refsource" : "MISC", - "url" : "https://www.legacysecuritygroup.com/cve/references/02122018-roundcube-enigma.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.legacysecuritygroup.com/cve/references/02122018-roundcube-enigma.txt", + "refsource": "MISC", + "url": "https://www.legacysecuritygroup.com/cve/references/02122018-roundcube-enigma.txt" + }, + { + "name": "https://github.com/roundcube/roundcubemail/issues/6173", + "refsource": "MISC", + "url": "https://github.com/roundcube/roundcubemail/issues/6173" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000149.json b/2018/1000xxx/CVE-2018-1000149.json index d59b20acd10..d6130e93101 100644 --- a/2018/1000xxx/CVE-2018-1000149.json +++ b/2018/1000xxx/CVE-2018-1000149.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-04-05", - "ID" : "CVE-2018-1000149", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Ansible Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "0.8 and older" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybookBuilder.java, AnsiblePlaybookStep.java that disables host key verification by default." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-300" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-04-05", + "ID": "CVE-2018-1000149", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-630", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-630" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybookBuilder.java, AnsiblePlaybookStep.java that disables host key verification by default." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-630", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-630" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000185.json b/2018/1000xxx/CVE-2018-1000185.json index 395d6292e87..c30b661e915 100644 --- a/2018/1000xxx/CVE-2018-1000185.json +++ b/2018/1000xxx/CVE-2018-1000185.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-06-05T12:46:01.941970", - "DATE_REQUESTED" : "2018-06-05T00:00:00", - "ID" : "CVE-2018-1000185", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins GitHub Branch Source Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "2.3.4 and older" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-441, CWE-918" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-06-05T12:46:01.941970", + "DATE_REQUESTED": "2018-06-05T00:00:00", + "ID": "CVE-2018-1000185", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-806", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-806" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-806", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-806" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19117.json b/2018/19xxx/CVE-2018-19117.json index 9389250e053..c595ab1cd71 100644 --- a/2018/19xxx/CVE-2018-19117.json +++ b/2018/19xxx/CVE-2018-19117.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19117", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19117", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19430.json b/2018/19xxx/CVE-2018-19430.json index 344f9478ac0..f49b98331c7 100644 --- a/2018/19xxx/CVE-2018-19430.json +++ b/2018/19xxx/CVE-2018-19430.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19430", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19430", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19525.json b/2018/19xxx/CVE-2018-19525.json index 92dded2fd9f..d9ddd12dd22 100644 --- a/2018/19xxx/CVE-2018-19525.json +++ b/2018/19xxx/CVE-2018-19525.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19525", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19525", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1399.json b/2018/1xxx/CVE-2018-1399.json index 1078702b97c..4686373e539 100644 --- a/2018/1xxx/CVE-2018-1399.json +++ b/2018/1xxx/CVE-2018-1399.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-02-26T00:00:00", - "ID" : "CVE-2018-1399", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Daeja ViewONE", - "version" : { - "version_data" : [ - { - "version_value" : "4.1.5" - }, - { - "version_value" : "5.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138435." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-02-26T00:00:00", + "ID": "CVE-2018-1399", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Daeja ViewONE", + "version": { + "version_data": [ + { + "version_value": "4.1.5" + }, + { + "version_value": "5.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/138435", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/138435" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22013094", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22013094" - }, - { - "name" : "103223", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103223" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138435." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138435", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138435" + }, + { + "name": "103223", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103223" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22013094", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22013094" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1869.json b/2018/1xxx/CVE-2018-1869.json index fa858d7ff92..d666aabb8fe 100644 --- a/2018/1xxx/CVE-2018-1869.json +++ b/2018/1xxx/CVE-2018-1869.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1869", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1869", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1872.json b/2018/1xxx/CVE-2018-1872.json index 1a2ee2b0d3b..2e452dc0221 100644 --- a/2018/1xxx/CVE-2018-1872.json +++ b/2018/1xxx/CVE-2018-1872.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-11-07T00:00:00", - "ID" : "CVE-2018-1872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Maximo Asset Management", - "version" : { - "version_data" : [ - { - "version_value" : "7.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151330." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-11-07T00:00:00", + "ID": "CVE-2018-1872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Maximo Asset Management", + "version": { + "version_data": [ + { + "version_value": "7.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10737461", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10737461" - }, - { - "name" : "106140", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106140" - }, - { - "name" : "ibm-maximo-cve20181872-xss(151330)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151330" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151330." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10737461", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10737461" + }, + { + "name": "106140", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106140" + }, + { + "name": "ibm-maximo-cve20181872-xss(151330)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151330" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4207.json b/2018/4xxx/CVE-2018-4207.json index 5a6f13956ed..be694f263ac 100644 --- a/2018/4xxx/CVE-2018-4207.json +++ b/2018/4xxx/CVE-2018-4207.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208693,", - "refsource" : "MISC", - "url" : "https://support.apple.com/HT208693," - }, - { - "name" : "https://support.apple.com/HT208695,", - "refsource" : "MISC", - "url" : "https://support.apple.com/HT208695," - }, - { - "name" : "https://support.apple.com/HT208696,", - "refsource" : "MISC", - "url" : "https://support.apple.com/HT208696," - }, - { - "name" : "https://support.apple.com/HT208697,", - "refsource" : "MISC", - "url" : "https://support.apple.com/HT208697," - }, - { - "name" : "https://support.apple.com/HT208698,", - "refsource" : "MISC", - "url" : "https://support.apple.com/HT208698," - }, - { - "name" : "https://support.apple.com/HT208694", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208694" - }, - { - "name" : "GLSA-201812-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201812-04" - }, - { - "name" : "USN-3781-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3781-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208695,", + "refsource": "MISC", + "url": "https://support.apple.com/HT208695," + }, + { + "name": "https://support.apple.com/HT208697,", + "refsource": "MISC", + "url": "https://support.apple.com/HT208697," + }, + { + "name": "https://support.apple.com/HT208696,", + "refsource": "MISC", + "url": "https://support.apple.com/HT208696," + }, + { + "name": "USN-3781-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3781-1/" + }, + { + "name": "https://support.apple.com/HT208698,", + "refsource": "MISC", + "url": "https://support.apple.com/HT208698," + }, + { + "name": "GLSA-201812-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201812-04" + }, + { + "name": "https://support.apple.com/HT208694", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208694" + }, + { + "name": "https://support.apple.com/HT208693,", + "refsource": "MISC", + "url": "https://support.apple.com/HT208693," + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4229.json b/2018/4xxx/CVE-2018-4229.json index 666a72f6f21..1cf3311adc9 100644 --- a/2018/4xxx/CVE-2018-4229.json +++ b/2018/4xxx/CVE-2018-4229.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4229", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the \"Grand Central Dispatch\" component. It allows attackers to bypass a sandbox protection mechanism by leveraging the misparsing of entitlement plists." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4229", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208849", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208849" - }, - { - "name" : "1041027", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the \"Grand Central Dispatch\" component. It allows attackers to bypass a sandbox protection mechanism by leveraging the misparsing of entitlement plists." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041027", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041027" + }, + { + "name": "https://support.apple.com/HT208849", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208849" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4277.json b/2018/4xxx/CVE-2018-4277.json index 0f325fb2ee3..0d5f567a3d5 100644 --- a/2018/4xxx/CVE-2018-4277.json +++ b/2018/4xxx/CVE-2018-4277.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208854,", - "refsource" : "MISC", - "url" : "https://support.apple.com/HT208854," - }, - { - "name" : "https://support.apple.com/HT208935,", - "refsource" : "MISC", - "url" : "https://support.apple.com/HT208935," - }, - { - "name" : "https://support.apple.com/HT208936,", - "refsource" : "MISC", - "url" : "https://support.apple.com/HT208936," - }, - { - "name" : "https://support.apple.com/HT208938,", - "refsource" : "MISC", - "url" : "https://support.apple.com/HT208938," - }, - { - "name" : "https://support.apple.com/HT208937", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208937" - }, - { - "name" : "1041232", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041232" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208938,", + "refsource": "MISC", + "url": "https://support.apple.com/HT208938," + }, + { + "name": "https://support.apple.com/HT208854,", + "refsource": "MISC", + "url": "https://support.apple.com/HT208854," + }, + { + "name": "https://support.apple.com/HT208937", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208937" + }, + { + "name": "https://support.apple.com/HT208936,", + "refsource": "MISC", + "url": "https://support.apple.com/HT208936," + }, + { + "name": "https://support.apple.com/HT208935,", + "refsource": "MISC", + "url": "https://support.apple.com/HT208935," + }, + { + "name": "1041232", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041232" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4469.json b/2018/4xxx/CVE-2018-4469.json index 526053e5e91..1ff74fe6753 100644 --- a/2018/4xxx/CVE-2018-4469.json +++ b/2018/4xxx/CVE-2018-4469.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4469", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4469", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4940.json b/2018/4xxx/CVE-2018-4940.json index f77e7631985..9afa2e3271a 100644 --- a/2018/4xxx/CVE-2018-4940.json +++ b/2018/4xxx/CVE-2018-4940.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4940", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html" - }, - { - "name" : "103718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html" + }, + { + "name": "103718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103718" + } + ] + } +} \ No newline at end of file