From 1c5a4b1c5a69764ff6c6a78002471584eb0ab46d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:27:28 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/1xxx/CVE-2004-1917.json | 170 ++++++------ 2008/0xxx/CVE-2008-0209.json | 140 +++++----- 2008/0xxx/CVE-2008-0259.json | 150 +++++----- 2008/0xxx/CVE-2008-0656.json | 180 ++++++------ 2008/0xxx/CVE-2008-0947.json | 490 ++++++++++++++++----------------- 2008/3xxx/CVE-2008-3214.json | 210 +++++++------- 2008/3xxx/CVE-2008-3406.json | 150 +++++----- 2008/3xxx/CVE-2008-3537.json | 190 ++++++------- 2008/3xxx/CVE-2008-3820.json | 170 ++++++------ 2008/3xxx/CVE-2008-3854.json | 210 +++++++------- 2008/3xxx/CVE-2008-3988.json | 160 +++++------ 2008/4xxx/CVE-2008-4364.json | 170 ++++++------ 2008/4xxx/CVE-2008-4492.json | 150 +++++----- 2008/4xxx/CVE-2008-4530.json | 150 +++++----- 2008/4xxx/CVE-2008-4532.json | 160 +++++------ 2008/4xxx/CVE-2008-4568.json | 34 +-- 2008/4xxx/CVE-2008-4595.json | 150 +++++----- 2008/7xxx/CVE-2008-7120.json | 130 ++++----- 2008/7xxx/CVE-2008-7196.json | 130 ++++----- 2013/2xxx/CVE-2013-2232.json | 310 ++++++++++----------- 2013/2xxx/CVE-2013-2243.json | 130 ++++----- 2013/2xxx/CVE-2013-2349.json | 140 +++++----- 2013/2xxx/CVE-2013-2441.json | 130 ++++----- 2013/2xxx/CVE-2013-2962.json | 130 ++++----- 2013/3xxx/CVE-2013-3921.json | 130 ++++----- 2013/6xxx/CVE-2013-6004.json | 150 +++++----- 2013/6xxx/CVE-2013-6447.json | 160 +++++------ 2013/6xxx/CVE-2013-6459.json | 150 +++++----- 2013/6xxx/CVE-2013-6569.json | 34 +-- 2013/6xxx/CVE-2013-6595.json | 34 +-- 2013/7xxx/CVE-2013-7167.json | 34 +-- 2013/7xxx/CVE-2013-7169.json | 34 +-- 2013/7xxx/CVE-2013-7302.json | 140 +++++----- 2017/10xxx/CVE-2017-10065.json | 130 ++++----- 2017/10xxx/CVE-2017-10519.json | 34 +-- 2017/14xxx/CVE-2017-14012.json | 132 ++++----- 2017/14xxx/CVE-2017-14484.json | 120 ++++---- 2017/14xxx/CVE-2017-14756.json | 130 ++++----- 2017/14xxx/CVE-2017-14768.json | 34 +-- 2017/15xxx/CVE-2017-15430.json | 130 ++++----- 2017/15xxx/CVE-2017-15610.json | 120 ++++---- 2017/17xxx/CVE-2017-17443.json | 120 ++++---- 2017/17xxx/CVE-2017-17686.json | 34 +-- 2017/9xxx/CVE-2017-9326.json | 34 +-- 2017/9xxx/CVE-2017-9460.json | 34 +-- 2017/9xxx/CVE-2017-9810.json | 170 ++++++------ 2018/0xxx/CVE-2018-0057.json | 294 ++++++++++---------- 2018/0xxx/CVE-2018-0152.json | 140 +++++----- 2018/0xxx/CVE-2018-0530.json | 130 ++++----- 2018/0xxx/CVE-2018-0546.json | 140 +++++----- 2018/0xxx/CVE-2018-0705.json | 130 ++++----- 2018/16xxx/CVE-2018-16391.json | 140 +++++----- 2018/16xxx/CVE-2018-16925.json | 34 +-- 2018/19xxx/CVE-2018-19210.json | 150 +++++----- 2018/19xxx/CVE-2018-19344.json | 130 ++++----- 2018/4xxx/CVE-2018-4325.json | 34 +-- 2018/4xxx/CVE-2018-4420.json | 34 +-- 2018/4xxx/CVE-2018-4677.json | 34 +-- 2018/4xxx/CVE-2018-4737.json | 34 +-- 2018/4xxx/CVE-2018-4835.json | 142 +++++----- 2019/9xxx/CVE-2019-9847.json | 18 ++ 61 files changed, 3912 insertions(+), 3894 deletions(-) create mode 100644 2019/9xxx/CVE-2019-9847.json diff --git a/2004/1xxx/CVE-2004-1917.json b/2004/1xxx/CVE-2004-1917.json index 65d13d046fe..bf94170c114 100644 --- a/2004/1xxx/CVE-2004-1917.json +++ b/2004/1xxx/CVE-2004-1917.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in test_func_func in LCDProc 0.4.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the str variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040408 PSR - #2004-002 Remote - LCDProc", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108146376315229&w=2" - }, - { - "name" : "http://lists.omnipotent.net/pipermail/lcdproc/2004-April/008884.html", - "refsource" : "CONFIRM", - "url" : "http://lists.omnipotent.net/pipermail/lcdproc/2004-April/008884.html" - }, - { - "name" : "GLSA-200404-19", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200404-19.xml" - }, - { - "name" : "10085", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10085" - }, - { - "name" : "11333", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11333" - }, - { - "name" : "lcdproc-testfuncfunc-format-string(15817)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15817" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in test_func_func in LCDProc 0.4.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the str variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "lcdproc-testfuncfunc-format-string(15817)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15817" + }, + { + "name": "http://lists.omnipotent.net/pipermail/lcdproc/2004-April/008884.html", + "refsource": "CONFIRM", + "url": "http://lists.omnipotent.net/pipermail/lcdproc/2004-April/008884.html" + }, + { + "name": "GLSA-200404-19", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200404-19.xml" + }, + { + "name": "20040408 PSR - #2004-002 Remote - LCDProc", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108146376315229&w=2" + }, + { + "name": "10085", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10085" + }, + { + "name": "11333", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11333" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0209.json b/2008/0xxx/CVE-2008-0209.json index ffe8c63eeb1..1725888d42c 100644 --- a/2008/0xxx/CVE-2008-0209.json +++ b/2008/0xxx/CVE-2008-0209.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to redirect users to arbitrary web sites via a URL in the target parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080107 [HSC] Snitz Forums Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485836/100/200/threaded" - }, - { - "name" : "http://hackerscenter.com/archive/view.asp?id=28145", - "refsource" : "MISC", - "url" : "http://hackerscenter.com/archive/view.asp?id=28145" - }, - { - "name" : "http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to redirect users to arbitrary web sites via a URL in the target parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hackerscenter.com/archive/view.asp?id=28145", + "refsource": "MISC", + "url": "http://hackerscenter.com/archive/view.asp?id=28145" + }, + { + "name": "20080107 [HSC] Snitz Forums Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485836/100/200/threaded" + }, + { + "name": "http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0259.json b/2008/0xxx/CVE-2008-0259.json index 9d1adfb4eab..8d3ba73c7cb 100644 --- a/2008/0xxx/CVE-2008-0259.json +++ b/2008/0xxx/CVE-2008-0259.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0259", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php in minimal Gallery 0.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) thumbcat and (2) thumb parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4902", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4902" - }, - { - "name" : "27265", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27265" - }, - { - "name" : "28391", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28391" - }, - { - "name" : "minimalgallery-mgthumbs-file-include(39649)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39649" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php in minimal Gallery 0.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) thumbcat and (2) thumb parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27265", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27265" + }, + { + "name": "4902", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4902" + }, + { + "name": "minimalgallery-mgthumbs-file-include(39649)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39649" + }, + { + "name": "28391", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28391" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0656.json b/2008/0xxx/CVE-2008-0656.json index 95bfe15c329..5bcedb5e93f 100644 --- a/2008/0xxx/CVE-2008-0656.json +++ b/2008/0xxx/CVE-2008-0656.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0656", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080205 CYBSEC Security Advisory: Arbitrary file overwrite in Documentum Administrator / Documentum Webtop", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487603/100/0/threaded" - }, - { - "name" : "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf", - "refsource" : "MISC", - "url" : "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf" - }, - { - "name" : "27632", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27632" - }, - { - "name" : "ADV-2008-0439", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0439" - }, - { - "name" : "1019305", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019305" - }, - { - "name" : "28810", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28810" - }, - { - "name" : "3626", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3626" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf", + "refsource": "MISC", + "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf" + }, + { + "name": "1019305", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019305" + }, + { + "name": "28810", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28810" + }, + { + "name": "ADV-2008-0439", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0439" + }, + { + "name": "27632", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27632" + }, + { + "name": "3626", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3626" + }, + { + "name": "20080205 CYBSEC Security Advisory: Arbitrary file overwrite in Documentum Administrator / Documentum Webtop", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487603/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0947.json b/2008/0xxx/CVE-2008-0947.json index fda35999812..4262d88c207 100644 --- a/2008/0xxx/CVE-2008-0947.json +++ b/2008/0xxx/CVE-2008-0947.json @@ -1,247 +1,247 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489762/100/0/threaded" - }, - { - "name" : "20080318 MITKRB5-SA-2008-002: array overrun in RPC library used by kadmin (resend, corrected subject)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489784/100/0/threaded" - }, - { - "name" : "20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489883/100/0/threaded" - }, - { - "name" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt", - "refsource" : "CONFIRM", - "url" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0112", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0112" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112" - }, - { - "name" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html" - }, - { - "name" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html" - }, - { - "name" : "DSA-1524", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1524" - }, - { - "name" : "FEDORA-2008-2637", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html" - }, - { - "name" : "FEDORA-2008-2647", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html" - }, - { - "name" : "GLSA-200803-31", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200803-31.xml" - }, - { - "name" : "HPSBOV02682", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130497213107107&w=2" - }, - { - "name" : "SSRT100495", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130497213107107&w=2" - }, - { - "name" : "MDVSA-2008:070", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:070" - }, - { - "name" : "MDVSA-2008:069", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:069" - }, - { - "name" : "RHSA-2008:0164", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0164.html" - }, - { - "name" : "SUSE-SA:2008:016", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html" - }, - { - "name" : "USN-587-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-587-1" - }, - { - "name" : "TA08-079B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-079B.html" - }, - { - "name" : "VU#374121", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/374121" - }, - { - "name" : "28302", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28302" - }, - { - "name" : "oval:org.mitre.oval:def:10984", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10984" - }, - { - "name" : "ADV-2008-0922", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0922/references" - }, - { - "name" : "ADV-2008-1102", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1102/references" - }, - { - "name" : "1019631", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019631" - }, - { - "name" : "29428", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29428" - }, - { - "name" : "29438", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29438" - }, - { - "name" : "29435", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29435" - }, - { - "name" : "29451", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29451" - }, - { - "name" : "29457", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29457" - }, - { - "name" : "29464", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29464" - }, - { - "name" : "29462", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29462" - }, - { - "name" : "29516", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29516" - }, - { - "name" : "29663", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29663" - }, - { - "name" : "29424", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29424" - }, - { - "name" : "3752", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3752" - }, - { - "name" : "krb5-rpclibrary-bo(41273)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3752", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3752" + }, + { + "name": "TA08-079B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-079B.html" + }, + { + "name": "29457", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29457" + }, + { + "name": "MDVSA-2008:069", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:069" + }, + { + "name": "20080318 MITKRB5-SA-2008-002: array overrun in RPC library used by kadmin (resend, corrected subject)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489784/100/0/threaded" + }, + { + "name": "29464", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29464" + }, + { + "name": "28302", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28302" + }, + { + "name": "FEDORA-2008-2637", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0112", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0112" + }, + { + "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html" + }, + { + "name": "SSRT100495", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2" + }, + { + "name": "29451", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29451" + }, + { + "name": "29663", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29663" + }, + { + "name": "FEDORA-2008-2647", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112" + }, + { + "name": "29438", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29438" + }, + { + "name": "RHSA-2008:0164", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0164.html" + }, + { + "name": "MDVSA-2008:070", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:070" + }, + { + "name": "ADV-2008-0922", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0922/references" + }, + { + "name": "29435", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29435" + }, + { + "name": "oval:org.mitre.oval:def:10984", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10984" + }, + { + "name": "20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489883/100/0/threaded" + }, + { + "name": "29428", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29428" + }, + { + "name": "DSA-1524", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1524" + }, + { + "name": "20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489762/100/0/threaded" + }, + { + "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html" + }, + { + "name": "SUSE-SA:2008:016", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html" + }, + { + "name": "29516", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29516" + }, + { + "name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt", + "refsource": "CONFIRM", + "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt" + }, + { + "name": "29462", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29462" + }, + { + "name": "29424", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29424" + }, + { + "name": "1019631", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019631" + }, + { + "name": "USN-587-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-587-1" + }, + { + "name": "ADV-2008-1102", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1102/references" + }, + { + "name": "GLSA-200803-31", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200803-31.xml" + }, + { + "name": "HPSBOV02682", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2" + }, + { + "name": "VU#374121", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/374121" + }, + { + "name": "krb5-rpclibrary-bo(41273)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41273" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3214.json b/2008/3xxx/CVE-2008-3214.json index 73a535fff18..f1e63c4bdd5 100644 --- a/2008/3xxx/CVE-2008-3214.json +++ b/2008/3xxx/CVE-2008-3214.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dnsmasq 2.25 allows remote attackers to cause a denial of service (daemon crash) by (1) renewing a nonexistent lease or (2) sending a DHCPREQUEST for an IP address that is not in the same network, related to the DHCP NAK response from the daemon." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080630 CVE request for dnsmasq DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/06/30/7" - }, - { - "name" : "[oss-security] 20080701 Re: CVE request for dnsmasq DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/07/01/8" - }, - { - "name" : "[oss-security] 20080702 Re: CVE request for dnsmasq DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/07/02/4" - }, - { - "name" : "[oss-security] 20080703 Re: CVE request for dnsmasq DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/07/03/4" - }, - { - "name" : "[oss-security] 20080708 Re: CVE request for dnsmasq DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/07/08/8" - }, - { - "name" : "[oss-security] 20080712 Re: CVE request for dnsmasq DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/07/12/3" - }, - { - "name" : "http://freshmeat.net/projects/dnsmasq/?branch_id=1991&release_id=217681", - "refsource" : "CONFIRM", - "url" : "http://freshmeat.net/projects/dnsmasq/?branch_id=1991&release_id=217681" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/47438", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/47438" - }, - { - "name" : "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG", - "refsource" : "CONFIRM", - "url" : "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG" - }, - { - "name" : "dnsmasq-multiple-dos(43929)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dnsmasq 2.25 allows remote attackers to cause a denial of service (daemon crash) by (1) renewing a nonexistent lease or (2) sending a DHCPREQUEST for an IP address that is not in the same network, related to the DHCP NAK response from the daemon." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/47438", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/47438" + }, + { + "name": "[oss-security] 20080712 Re: CVE request for dnsmasq DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/07/12/3" + }, + { + "name": "[oss-security] 20080708 Re: CVE request for dnsmasq DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/07/08/8" + }, + { + "name": "dnsmasq-multiple-dos(43929)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43929" + }, + { + "name": "http://freshmeat.net/projects/dnsmasq/?branch_id=1991&release_id=217681", + "refsource": "CONFIRM", + "url": "http://freshmeat.net/projects/dnsmasq/?branch_id=1991&release_id=217681" + }, + { + "name": "[oss-security] 20080701 Re: CVE request for dnsmasq DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/07/01/8" + }, + { + "name": "[oss-security] 20080630 CVE request for dnsmasq DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/06/30/7" + }, + { + "name": "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG", + "refsource": "CONFIRM", + "url": "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG" + }, + { + "name": "[oss-security] 20080702 Re: CVE request for dnsmasq DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/07/02/4" + }, + { + "name": "[oss-security] 20080703 Re: CVE request for dnsmasq DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/07/03/4" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3406.json b/2008/3xxx/CVE-2008-3406.json index 74b2d61b19f..ab2e417e4f4 100644 --- a/2008/3xxx/CVE-2008-3406.json +++ b/2008/3xxx/CVE-2008-3406.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in showcat.php in phpLinkat 0.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6140", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6140" - }, - { - "name" : "30386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30386" - }, - { - "name" : "4087", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4087" - }, - { - "name" : "phplinkat-showcat-sql-injection(44060)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in showcat.php in phpLinkat 0.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phplinkat-showcat-sql-injection(44060)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44060" + }, + { + "name": "6140", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6140" + }, + { + "name": "30386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30386" + }, + { + "name": "4087", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4087" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3537.json b/2008/3xxx/CVE-2008-3537.json index 1c7f614f66c..ded5fb49d56 100644 --- a/2008/3xxx/CVE-2008-3537.json +++ b/2008/3xxx/CVE-2008-3537.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3536." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02362", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122037165310549&w=2" - }, - { - "name" : "SSRT080044", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122037165310549&w=2" - }, - { - "name" : "SSRT080045", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122037165310549&w=2" - }, - { - "name" : "30984", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30984" - }, - { - "name" : "ADV-2008-2485", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2485" - }, - { - "name" : "1020795", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020795" - }, - { - "name" : "31688", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31688" - }, - { - "name" : "4209", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3536." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMA02362", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122037165310549&w=2" + }, + { + "name": "4209", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4209" + }, + { + "name": "1020795", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020795" + }, + { + "name": "ADV-2008-2485", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2485" + }, + { + "name": "31688", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31688" + }, + { + "name": "SSRT080045", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122037165310549&w=2" + }, + { + "name": "30984", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30984" + }, + { + "name": "SSRT080044", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122037165310549&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3820.json b/2008/3xxx/CVE-2008-3820.json index 9eed8bbfc56..70f38f5fe95 100644 --- a/2008/3xxx/CVE-2008-3820.json +++ b/2008/3xxx/CVE-2008-3820.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain \"root access\" to IEV via unspecified use of TCP sessions to these ports." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2008-3820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090121 Cisco Security Manager Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6192a.shtml" - }, - { - "name" : "33381", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33381" - }, - { - "name" : "ADV-2009-0214", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0214" - }, - { - "name" : "1021619", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021619" - }, - { - "name" : "33633", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33633" - }, - { - "name" : "cisco-securitymanager-iev-weak-security(48134)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain \"root access\" to IEV via unspecified use of TCP sessions to these ports." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33381", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33381" + }, + { + "name": "cisco-securitymanager-iev-weak-security(48134)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48134" + }, + { + "name": "1021619", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021619" + }, + { + "name": "ADV-2009-0214", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0214" + }, + { + "name": "33633", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33633" + }, + { + "name": "20090121 Cisco Security Manager Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6192a.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3854.json b/2008/3xxx/CVE-2008-3854.json index ebb424e0b03..84a5394936f 100644 --- a/2008/3xxx/CVE-2008-3854.json +++ b/2008/3xxx/CVE-2008-3854.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080916 Team SHATTER Security Advisory: IBM DB2 UDB - Buffer overrun in XMLQUERY and XMLEXISTS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496406/100/0/threaded" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21255607", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21255607" - }, - { - "name" : "IZ16346", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ16346" - }, - { - "name" : "IZ18434", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ18434" - }, - { - "name" : "IZ18431", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ18431" - }, - { - "name" : "29601", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29601" - }, - { - "name" : "ADV-2008-1769", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1769" - }, - { - "name" : "30558", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30558" - }, - { - "name" : "ibm-db2-multiple-bo(42935)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42935" - }, - { - "name" : "ibm-db2-sqlrlaka-bo(42930)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42930" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607" + }, + { + "name": "ibm-db2-multiple-bo(42935)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42935" + }, + { + "name": "20080916 Team SHATTER Security Advisory: IBM DB2 UDB - Buffer overrun in XMLQUERY and XMLEXISTS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496406/100/0/threaded" + }, + { + "name": "IZ18431", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ18431" + }, + { + "name": "ADV-2008-1769", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1769" + }, + { + "name": "29601", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29601" + }, + { + "name": "IZ18434", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ18434" + }, + { + "name": "ibm-db2-sqlrlaka-bo(42930)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42930" + }, + { + "name": "IZ16346", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ16346" + }, + { + "name": "30558", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30558" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3988.json b/2008/3xxx/CVE-2008-3988.json index cee3603068b..f39adf09ecd 100644 --- a/2008/3xxx/CVE-2008-3988.json +++ b/2008/3xxx/CVE-2008-3988.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the iSupplier Portal component in Oracle E-Business Suite 11.5.10.2 and 12.0.4 allows remote attackers to affect confidentiality via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2008-3988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html" - }, - { - "name" : "ADV-2008-2825", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2825" - }, - { - "name" : "1021057", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021057" - }, - { - "name" : "32291", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32291" - }, - { - "name" : "oracle-ebusiness-isupplier-info-disclosure(45891)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45891" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the iSupplier Portal component in Oracle E-Business Suite 11.5.10.2 and 12.0.4 allows remote attackers to affect confidentiality via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1021057", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021057" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html" + }, + { + "name": "32291", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32291" + }, + { + "name": "oracle-ebusiness-isupplier-info-disclosure(45891)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45891" + }, + { + "name": "ADV-2008-2825", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2825" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4364.json b/2008/4xxx/CVE-2008-4364.json index 7c3768ecbc8..6d45c1e474f 100644 --- a/2008/4xxx/CVE-2008-4364.json +++ b/2008/4xxx/CVE-2008-4364.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to execute arbitrary SQL commands via the (1) id parameter in the \"page\" page and (2) txtSearch parameter in the \"Search\" page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080928 ParsaWeb CMS SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496799/100/0/threaded" - }, - { - "name" : "6610", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6610" - }, - { - "name" : "http://www.bugreport.ir/index_53.htm", - "refsource" : "MISC", - "url" : "http://www.bugreport.ir/index_53.htm" - }, - { - "name" : "31450", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31450" - }, - { - "name" : "4343", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4343" - }, - { - "name" : "parsaweb-id-txtsearch-sql-injection(45494)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45494" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to execute arbitrary SQL commands via the (1) id parameter in the \"page\" page and (2) txtSearch parameter in the \"Search\" page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31450", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31450" + }, + { + "name": "4343", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4343" + }, + { + "name": "20080928 ParsaWeb CMS SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496799/100/0/threaded" + }, + { + "name": "parsaweb-id-txtsearch-sql-injection(45494)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45494" + }, + { + "name": "6610", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6610" + }, + { + "name": "http://www.bugreport.ir/index_53.htm", + "refsource": "MISC", + "url": "http://www.bugreport.ir/index_53.htm" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4492.json b/2008/4xxx/CVE-2008-4492.json index d107788d70f..299b53c1674 100644 --- a/2008/4xxx/CVE-2008-4492.json +++ b/2008/4xxx/CVE-2008-4492.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows remote attackers to execute arbitrary SQL commands via the usNick cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6693", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6693" - }, - { - "name" : "31624", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31624" - }, - { - "name" : "4362", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4362" - }, - { - "name" : "yourownbux-referrals-sql-injection(45737)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45737" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows remote attackers to execute arbitrary SQL commands via the usNick cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "yourownbux-referrals-sql-injection(45737)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45737" + }, + { + "name": "31624", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31624" + }, + { + "name": "4362", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4362" + }, + { + "name": "6693", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6693" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4530.json b/2008/4xxx/CVE-2008-4530.json index dbe4ced6e3f..5a6e459c508 100644 --- a/2008/4xxx/CVE-2008-4530.json +++ b/2008/4xxx/CVE-2008-4530.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote authenticated users with permissions to inject arbitrary web script or HTML via unspecified vectors related to posting of answers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/315919", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/315919" - }, - { - "name" : "31554", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31554" - }, - { - "name" : "32106", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32106" - }, - { - "name" : "brilliantgallery-unspecified-xss(45636)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote authenticated users with permissions to inject arbitrary web script or HTML via unspecified vectors related to posting of answers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "brilliantgallery-unspecified-xss(45636)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45636" + }, + { + "name": "32106", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32106" + }, + { + "name": "http://drupal.org/node/315919", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/315919" + }, + { + "name": "31554", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31554" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4532.json b/2008/4xxx/CVE-2008-4532.json index 5c5d02c8595..92ad32ea7da 100644 --- a/2008/4xxx/CVE-2008-4532.json +++ b/2008/4xxx/CVE-2008-4532.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in MaxiScript Website Directory allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081003 Website Directory - XSS Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496967/100/0/threaded" - }, - { - "name" : "31562", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31562" - }, - { - "name" : "32176", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32176" - }, - { - "name" : "4393", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4393" - }, - { - "name" : "websitedirectory-index-xss(45657)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in MaxiScript Website Directory allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32176", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32176" + }, + { + "name": "4393", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4393" + }, + { + "name": "20081003 Website Directory - XSS Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496967/100/0/threaded" + }, + { + "name": "websitedirectory-index-xss(45657)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45657" + }, + { + "name": "31562", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31562" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4568.json b/2008/4xxx/CVE-2008-4568.json index 7d1b00d9344..b35538e69bb 100644 --- a/2008/4xxx/CVE-2008-4568.json +++ b/2008/4xxx/CVE-2008-4568.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4568", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4568", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4595.json b/2008/4xxx/CVE-2008-4595.json index da2d9a009cf..5d583f459d4 100644 --- a/2008/4xxx/CVE-2008-4595.json +++ b/2008/4xxx/CVE-2008-4595.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Slaytanic Scripts Content Plus 2.1.1 have unknown impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=632842", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=632842" - }, - { - "name" : "31798", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31798" - }, - { - "name" : "32245", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32245" - }, - { - "name" : "contentplus-unknown-unspecified(45947)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45947" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Slaytanic Scripts Content Plus 2.1.1 have unknown impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "contentplus-unknown-unspecified(45947)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45947" + }, + { + "name": "31798", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31798" + }, + { + "name": "32245", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32245" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=632842", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=632842" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7120.json b/2008/7xxx/CVE-2008-7120.json index 54ce3de148e..3bb01dd11c2 100644 --- a/2008/7xxx/CVE-2008-7120.json +++ b/2008/7xxx/CVE-2008-7120.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.packetstormsecurity.org/0809-exploits/hotlinks-sql.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.org/0809-exploits/hotlinks-sql.txt" - }, - { - "name" : "31118", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31118", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31118" + }, + { + "name": "http://www.packetstormsecurity.org/0809-exploits/hotlinks-sql.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.org/0809-exploits/hotlinks-sql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7196.json b/2008/7xxx/CVE-2008-7196.json index dc9865f2d57..9a2bfec3d60 100644 --- a/2008/7xxx/CVE-2008-7196.json +++ b/2008/7xxx/CVE-2008-7196.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in metashell before 0.03 has unknown impact and attack vectors related to a \"PATH execution security flaw,\" possibly an untrusted search path vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[fm-news] 20080126 Newsletter for Friday, January 25th 2008", - "refsource" : "MLIST", - "url" : "http://archives.neohapsis.com/archives/apps/freshmeat/2008-01/0032.html" - }, - { - "name" : "40573", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40573" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in metashell before 0.03 has unknown impact and attack vectors related to a \"PATH execution security flaw,\" possibly an untrusted search path vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40573", + "refsource": "OSVDB", + "url": "http://osvdb.org/40573" + }, + { + "name": "[fm-news] 20080126 Newsletter for Friday, January 25th 2008", + "refsource": "MLIST", + "url": "http://archives.neohapsis.com/archives/apps/freshmeat/2008-01/0032.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2232.json b/2013/2xxx/CVE-2013-2232.json index f3ce3070b60..3934d05a143 100644 --- a/2013/2xxx/CVE-2013-2232.json +++ b/2013/2xxx/CVE-2013-2232.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130702 Re: CVE Request: kernel: ipv6: using ipv4 vs ipv6 structure during routing lookup in sendmsg", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/07/02/5" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a963a37d384d71ad43b3e9e79d68d42fbe0901f3", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a963a37d384d71ad43b3e9e79d68d42fbe0901f3" - }, - { - "name" : "https://github.com/torvalds/linux/commit/a963a37d384d71ad43b3e9e79d68d42fbe0901f3", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/a963a37d384d71ad43b3e9e79d68d42fbe0901f3" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2", - "refsource" : "CONFIRM", - "url" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2" - }, - { - "name" : "DSA-2766", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2766" - }, - { - "name" : "RHSA-2013:1166", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1166.html" - }, - { - "name" : "RHSA-2013:1173", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1173.html" - }, - { - "name" : "SUSE-SU-2013:1473", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html" - }, - { - "name" : "SUSE-SU-2013:1474", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html" - }, - { - "name" : "openSUSE-SU-2013:1971", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html" - }, - { - "name" : "USN-1912-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1912-1" - }, - { - "name" : "USN-1913-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1913-1" - }, - { - "name" : "USN-1938-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1938-1" - }, - { - "name" : "USN-1941-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1941-1" - }, - { - "name" : "USN-1942-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1942-1" - }, - { - "name" : "USN-1943-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1943-1" - }, - { - "name" : "USN-1944-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1944-1" - }, - { - "name" : "USN-1945-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1945-1" - }, - { - "name" : "USN-1946-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1946-1" - }, - { - "name" : "USN-1947-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1947-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1943-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1943-1" + }, + { + "name": "RHSA-2013:1166", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1166.html" + }, + { + "name": "[oss-security] 20130702 Re: CVE Request: kernel: ipv6: using ipv4 vs ipv6 structure during routing lookup in sendmsg", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/07/02/5" + }, + { + "name": "USN-1913-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1913-1" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a963a37d384d71ad43b3e9e79d68d42fbe0901f3", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a963a37d384d71ad43b3e9e79d68d42fbe0901f3" + }, + { + "name": "SUSE-SU-2013:1473", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html" + }, + { + "name": "USN-1938-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1938-1" + }, + { + "name": "USN-1944-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1944-1" + }, + { + "name": "USN-1945-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1945-1" + }, + { + "name": "RHSA-2013:1173", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1173.html" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2", + "refsource": "CONFIRM", + "url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2" + }, + { + "name": "DSA-2766", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2766" + }, + { + "name": "openSUSE-SU-2013:1971", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/a963a37d384d71ad43b3e9e79d68d42fbe0901f3", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/a963a37d384d71ad43b3e9e79d68d42fbe0901f3" + }, + { + "name": "SUSE-SU-2013:1474", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html" + }, + { + "name": "USN-1947-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1947-1" + }, + { + "name": "USN-1941-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1941-1" + }, + { + "name": "USN-1942-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1942-1" + }, + { + "name": "USN-1912-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1912-1" + }, + { + "name": "USN-1946-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1946-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2243.json b/2013/2xxx/CVE-2013-2243.json index 49bcd5fffe8..9cb9d58d26c 100644 --- a/2013/2xxx/CVE-2013-2243.json +++ b/2013/2xxx/CVE-2013-2243.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 allows remote authenticated users to obtain sensitive answer information by reading the HTML source code of a document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39546", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39546" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=232500", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=232500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 allows remote authenticated users to obtain sensitive answer information by reading the HTML source code of a document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://moodle.org/mod/forum/discuss.php?d=232500", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=232500" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39546", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39546" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2349.json b/2013/2xxx/CVE-2013-2349.json index f32f7bd5e1b..084bb39f402 100644 --- a/2013/2xxx/CVE-2013-2349.json +++ b/2013/2xxx/CVE-2013-2349.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1896." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-2349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02895", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422" - }, - { - "name" : "SSRT101222", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422" - }, - { - "name" : "SSRT101253", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1896." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMU02895", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422" + }, + { + "name": "SSRT101253", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422" + }, + { + "name": "SSRT101222", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2441.json b/2013/2xxx/CVE-2013-2441.json index 0b0aa088b92..284a6a7934c 100644 --- a/2013/2xxx/CVE-2013-2441.json +++ b/2013/2xxx/CVE-2013-2441.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Agile EDM component in Oracle Supply Chain Products Suite 6.1.1.0, 6.1.2.0, and 6.1.2.2 allows remote authenticated users to affect integrity via unknown vectors related to Java Client." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-2441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Agile EDM component in Oracle Supply Chain Products Suite 6.1.1.0, 6.1.2.0, and 6.1.2.2 allows remote authenticated users to affect integrity via unknown vectors related to Java Client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2962.json b/2013/2xxx/CVE-2013-2962.json index bc11e512538..15e59da822e 100644 --- a/2013/2xxx/CVE-2013-2962.json +++ b/2013/2xxx/CVE-2013-2962.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Launcher in IBM WebSphere Transformation Extender 8.4.x before 8.4.0.4 allows local users to cause a denial of service (process crash or Admin Console command-stream outage) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-2962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21662870", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21662870" - }, - { - "name" : "ibm-websphere-cve20132962-dos(83722)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83722" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Launcher in IBM WebSphere Transformation Extender 8.4.x before 8.4.0.4 allows local users to cause a denial of service (process crash or Admin Console command-stream outage) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21662870", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21662870" + }, + { + "name": "ibm-websphere-cve20132962-dos(83722)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83722" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3921.json b/2013/3xxx/CVE-2013-3921.json index f476730987c..23908565bfa 100644 --- a/2013/3xxx/CVE-2013-3921.json +++ b/2013/3xxx/CVE-2013-3921.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Easytime Studio Easy File Manager 1.1 for iOS allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) to the default URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-033.txt", - "refsource" : "MISC", - "url" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-033.txt" - }, - { - "name" : "easyfilemanager-cve20133921-dir-traversal(89169)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89169" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Easytime Studio Easy File Manager 1.1 for iOS allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) to the default URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-033.txt", + "refsource": "MISC", + "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-033.txt" + }, + { + "name": "easyfilemanager-cve20133921-dir-traversal(89169)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89169" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6004.json b/2013/6xxx/CVE-2013-6004.json index 3747430137d..9f78f23c57c 100644 --- a/2013/6xxx/CVE-2013-6004.json +++ b/2013/6xxx/CVE-2013-6004.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-6004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cs.cybozu.co.jp/information/20131202up01.php", - "refsource" : "MISC", - "url" : "http://cs.cybozu.co.jp/information/20131202up01.php" - }, - { - "name" : "https://support.cybozu.com/ja-jp/article/6929", - "refsource" : "CONFIRM", - "url" : "https://support.cybozu.com/ja-jp/article/6929" - }, - { - "name" : "JVN#87729477", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN87729477/index.html" - }, - { - "name" : "JVNDB-2013-000117", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cs.cybozu.co.jp/information/20131202up01.php", + "refsource": "MISC", + "url": "http://cs.cybozu.co.jp/information/20131202up01.php" + }, + { + "name": "JVN#87729477", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN87729477/index.html" + }, + { + "name": "JVNDB-2013-000117", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000117" + }, + { + "name": "https://support.cybozu.com/ja-jp/article/6929", + "refsource": "CONFIRM", + "url": "https://support.cybozu.com/ja-jp/article/6929" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6447.json b/2013/6xxx/CVE-2013-6447.json index 5f029e989f6..223bfc89fce 100644 --- a/2013/6xxx/CVE-2013-6447.json +++ b/2013/6xxx/CVE-2013-6447.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have other impacts via a crafted XML file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1044784", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1044784" - }, - { - "name" : "https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5", - "refsource" : "CONFIRM", - "url" : "https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5" - }, - { - "name" : "RHSA-2014:0045", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0045.html" - }, - { - "name" : "1029652", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029652" - }, - { - "name" : "56572", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have other impacts via a crafted XML file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029652", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029652" + }, + { + "name": "https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5", + "refsource": "CONFIRM", + "url": "https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5" + }, + { + "name": "56572", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56572" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1044784", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1044784" + }, + { + "name": "RHSA-2014:0045", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0045.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6459.json b/2013/6xxx/CVE-2013-6459.json index 08b0695b5eb..fab0fcb486f 100644 --- a/2013/6xxx/CVE-2013-6459.json +++ b/2013/6xxx/CVE-2013-6459.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/mislav/will_paginate/releases/tag/v3.0.5", - "refsource" : "CONFIRM", - "url" : "https://github.com/mislav/will_paginate/releases/tag/v3.0.5" - }, - { - "name" : "RHSA-2018:0336", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0336" - }, - { - "name" : "64509", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64509" - }, - { - "name" : "56180", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56180", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56180" + }, + { + "name": "RHSA-2018:0336", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0336" + }, + { + "name": "64509", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64509" + }, + { + "name": "https://github.com/mislav/will_paginate/releases/tag/v3.0.5", + "refsource": "CONFIRM", + "url": "https://github.com/mislav/will_paginate/releases/tag/v3.0.5" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6569.json b/2013/6xxx/CVE-2013-6569.json index 01b340d96f6..dafc769f542 100644 --- a/2013/6xxx/CVE-2013-6569.json +++ b/2013/6xxx/CVE-2013-6569.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6569", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6569", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6595.json b/2013/6xxx/CVE-2013-6595.json index 7c6c387a716..4b5a227632e 100644 --- a/2013/6xxx/CVE-2013-6595.json +++ b/2013/6xxx/CVE-2013-6595.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6595", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6595", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7167.json b/2013/7xxx/CVE-2013-7167.json index 80cdc9807b2..b80c23ab44f 100644 --- a/2013/7xxx/CVE-2013-7167.json +++ b/2013/7xxx/CVE-2013-7167.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7167", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-7167", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7169.json b/2013/7xxx/CVE-2013-7169.json index 4cbf35da0f2..2a0b859387b 100644 --- a/2013/7xxx/CVE-2013-7169.json +++ b/2013/7xxx/CVE-2013-7169.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7169", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-7169", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7302.json b/2013/7xxx/CVE-2013-7302.json index fde2950b1a5..0c6a9376114 100644 --- a/2013/7xxx/CVE-2013-7302.json +++ b/2013/7xxx/CVE-2013-7302.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the \"Log in new customers after checkout\" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://drupal.org/node/2158651", - "refsource" : "MISC", - "url" : "https://drupal.org/node/2158651" - }, - { - "name" : "https://drupal.org/node/2158565", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/2158565" - }, - { - "name" : "https://drupal.org/node/2158567", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/2158567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the \"Log in new customers after checkout\" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://drupal.org/node/2158651", + "refsource": "MISC", + "url": "https://drupal.org/node/2158651" + }, + { + "name": "https://drupal.org/node/2158567", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/2158567" + }, + { + "name": "https://drupal.org/node/2158565", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/2158565" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10065.json b/2017/10xxx/CVE-2017-10065.json index a7dfab02c06..4a714eadde8 100644 --- a/2017/10xxx/CVE-2017-10065.json +++ b/2017/10xxx/CVE-2017-10065.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.2, 13.3, 13.4, 14.0 and 14.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Point-of-Service. While the vulnerability is in Oracle Retail Point-of-Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Point-of-Service accessible data as well as unauthorized read access to a subset of Oracle Retail Point-of-Service accessible data. CVSS 3.0 Base Score 8.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101359", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101359" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.2, 13.3, 13.4, 14.0 and 14.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Point-of-Service. While the vulnerability is in Oracle Retail Point-of-Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Point-of-Service accessible data as well as unauthorized read access to a subset of Oracle Retail Point-of-Service accessible data. CVSS 3.0 Base Score 8.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101359", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101359" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10519.json b/2017/10xxx/CVE-2017-10519.json index f13c5e8c52b..f3d09cd4a10 100644 --- a/2017/10xxx/CVE-2017-10519.json +++ b/2017/10xxx/CVE-2017-10519.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10519", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10519", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14012.json b/2017/14xxx/CVE-2017-14012.json index b04622b451a..dcad10e72c0 100644 --- a/2017/14xxx/CVE-2017-14012.json +++ b/2017/14xxx/CVE-2017-14012.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2017-10-19T00:00:00", - "ID" : "CVE-2017-14012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ZOOM LATITUDE PRM", - "version" : { - "version_data" : [ - { - "version_value" : "Model 3120" - } - ] - } - } - ] - }, - "vendor_name" : "Boston Scientific" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Boston Scientific ZOOM LATITUDE PRM Model 3120 does not encrypt PHI at rest. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data - CWE-311" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2017-10-19T00:00:00", + "ID": "CVE-2017-14012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ZOOM LATITUDE PRM", + "version": { + "version_data": [ + { + "version_value": "Model 3120" + } + ] + } + } + ] + }, + "vendor_name": "Boston Scientific" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-292-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-292-01" - }, - { - "name" : "101510", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101510" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Boston Scientific ZOOM LATITUDE PRM Model 3120 does not encrypt PHI at rest. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data - CWE-311" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101510", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101510" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-292-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-292-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14484.json b/2017/14xxx/CVE-2017-14484.json index 2587a969a2d..1c2a1b2a723 100644 --- a/2017/14xxx/CVE-2017-14484.json +++ b/2017/14xxx/CVE-2017-14484.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe \"chown -R\" command is executed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=603408", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=603408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe \"chown -R\" command is executed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=603408", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=603408" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14756.json b/2017/14xxx/CVE-2017-14756.json index da39a9c5f91..e5fad35ccb3 100644 --- a/2017/14xxx/CVE-2017-14756.json +++ b/2017/14xxx/CVE-2017-14756.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment (cat_id)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Sep/96", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Sep/96" - }, - { - "name" : "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774", - "refsource" : "MISC", - "url" : "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment (cat_id)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774", + "refsource": "MISC", + "url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774" + }, + { + "name": "http://seclists.org/fulldisclosure/2017/Sep/96", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Sep/96" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14768.json b/2017/14xxx/CVE-2017-14768.json index c40c2dfd427..fd8a3f756cb 100644 --- a/2017/14xxx/CVE-2017-14768.json +++ b/2017/14xxx/CVE-2017-14768.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14768", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14768", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15430.json b/2017/15xxx/CVE-2017-15430.json index 13ef60c0d06..29414133531 100644 --- a/2017/15xxx/CVE-2017-15430.json +++ b/2017/15xxx/CVE-2017-15430.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-15430", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 63.0.3239.84 unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 63.0.3239.84 unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unsafe navigation in Chromecast in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Unsafe Navigation" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-15430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 63.0.3239.84 unknown", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 63.0.3239.84 unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/780484", - "refsource" : "MISC", - "url" : "https://crbug.com/780484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unsafe navigation in Chromecast in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unsafe Navigation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/780484", + "refsource": "MISC", + "url": "https://crbug.com/780484" + }, + { + "name": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15610.json b/2017/15xxx/CVE-2017-15610.json index 941fb72e7bf..3ff08fb77c1 100644 --- a/2017/15xxx/CVE-2017-15610.json +++ b/2017/15xxx/CVE-2017-15610.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Octopus before 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an attacker can sign in as the Guest account and export Certificates managed by Octopus, including the private key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/OctopusDeploy/Issues/issues/3869", - "refsource" : "CONFIRM", - "url" : "https://github.com/OctopusDeploy/Issues/issues/3869" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Octopus before 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an attacker can sign in as the Guest account and export Certificates managed by Octopus, including the private key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/OctopusDeploy/Issues/issues/3869", + "refsource": "CONFIRM", + "url": "https://github.com/OctopusDeploy/Issues/issues/3869" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17443.json b/2017/17xxx/CVE-2017-17443.json index bb801719949..5ea0d438ca7 100644 --- a/2017/17xxx/CVE-2017-17443.json +++ b/2017/17xxx/CVE-2017-17443.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OPC Foundation Local Discovery Server (LDS) 1.03.370 required a security update to resolve multiple vulnerabilities that allow attackers to trigger a crash by placing invalid data into the configuration file. This vulnerability requires an attacker with access to the file system where the configuration file is stored; however, if the configuration file is altered the LDS will be unavailable until it is repaired." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-17443.pdf", - "refsource" : "CONFIRM", - "url" : "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-17443.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OPC Foundation Local Discovery Server (LDS) 1.03.370 required a security update to resolve multiple vulnerabilities that allow attackers to trigger a crash by placing invalid data into the configuration file. This vulnerability requires an attacker with access to the file system where the configuration file is stored; however, if the configuration file is altered the LDS will be unavailable until it is repaired." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-17443.pdf", + "refsource": "CONFIRM", + "url": "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-17443.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17686.json b/2017/17xxx/CVE-2017-17686.json index 0661427d08c..e61d1567473 100644 --- a/2017/17xxx/CVE-2017-17686.json +++ b/2017/17xxx/CVE-2017-17686.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17686", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17686", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9326.json b/2017/9xxx/CVE-2017-9326.json index d4fe77eb5c2..20d6cfd7335 100644 --- a/2017/9xxx/CVE-2017-9326.json +++ b/2017/9xxx/CVE-2017-9326.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9326", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9326", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9460.json b/2017/9xxx/CVE-2017-9460.json index ccd060851c6..8b3ef1bb70a 100644 --- a/2017/9xxx/CVE-2017-9460.json +++ b/2017/9xxx/CVE-2017-9460.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9460", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9460", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9810.json b/2017/9xxx/CVE-2017-9810.json index f993c644bbe..9b777e2e23c 100644 --- a/2017/9xxx/CVE-2017-9810.json +++ b/2017/9xxx/CVE-2017-9810.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42269", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42269/" - }, - { - "name" : "20170628 [CORE-2017-0003] - Kaspersky Anti-Virus File Server Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jun/33" - }, - { - "name" : "http://packetstormsecurity.com/files/143190/Kaspersky-Anti-Virus-File-Server-8.0.3.297-XSS-CSRF-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/143190/Kaspersky-Anti-Virus-File-Server-8.0.3.297-XSS-CSRF-Code-Execution.html" - }, - { - "name" : "https://www.coresecurity.com/advisories/kaspersky-anti-virus-file-server-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/kaspersky-anti-virus-file-server-multiple-vulnerabilities" - }, - { - "name" : "99330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99330" - }, - { - "name" : "1038798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20170628 [CORE-2017-0003] - Kaspersky Anti-Virus File Server Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Jun/33" + }, + { + "name": "http://packetstormsecurity.com/files/143190/Kaspersky-Anti-Virus-File-Server-8.0.3.297-XSS-CSRF-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/143190/Kaspersky-Anti-Virus-File-Server-8.0.3.297-XSS-CSRF-Code-Execution.html" + }, + { + "name": "99330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99330" + }, + { + "name": "1038798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038798" + }, + { + "name": "42269", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42269/" + }, + { + "name": "https://www.coresecurity.com/advisories/kaspersky-anti-virus-file-server-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/kaspersky-anti-virus-file-server-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0057.json b/2018/0xxx/CVE-2018-0057.json index 7f1f1f400fd..27f77f28528 100644 --- a/2018/0xxx/CVE-2018-0057.json +++ b/2018/0xxx/CVE-2018-0057.json @@ -1,150 +1,150 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "DATE_PUBLIC" : "2018-10-10T16:00:00.000Z", - "ID" : "CVE-2018-0057", - "STATE" : "PUBLIC", - "TITLE" : "Junos OS: authd allows assignment of IP address requested by DHCP subscriber logging in with Option 50 (Requested IP Address)" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2018-10-10T16:00:00.000Z", + "ID": "CVE-2018-0057", + "STATE": "PUBLIC", + "TITLE": "Junos OS: authd allows assignment of IP address requested by DHCP subscriber logging in with Option 50 (Requested IP Address)" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "15.1", + "version_value": "15.1R7-S2, 15.1R8" + }, + { + "affected": "<", + "version_name": "16.1", + "version_value": "16.1R4-S12, 16.1R7-S2, 16.1R8" + }, + { + "affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S7, 16.2R3" + }, + { + "affected": "<", + "version_name": "17.1", + "version_value": "17.1R2-S9, 17.1R3" + }, + { + "affected": "<", + "version_name": "17.2", + "version_value": "17.2R1-S7, 17.2R2-S6, 17.2R3" + }, + { + "affected": "<", + "version_name": "17.3", + "version_value": "17.3R2-S4, 17.3R3" + }, + { + "affected": "<", + "version_name": "17.4", + "version_value": "17.4R2" + }, + { + "affected": "<", + "version_name": "18.1", + "version_value": "18.1R2-S3, 18.1R3" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Junos OS", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "15.1", - "version_value" : "15.1R7-S2, 15.1R8" - }, - { - "affected" : "<", - "version_name" : "16.1", - "version_value" : "16.1R4-S12, 16.1R7-S2, 16.1R8" - }, - { - "affected" : "<", - "version_name" : "16.2", - "version_value" : "16.2R2-S7, 16.2R3" - }, - { - "affected" : "<", - "version_name" : "17.1", - "version_value" : "17.1R2-S9, 17.1R3" - }, - { - "affected" : "<", - "version_name" : "17.2", - "version_value" : "17.2R1-S7, 17.2R2-S6, 17.2R3" - }, - { - "affected" : "<", - "version_name" : "17.3", - "version_value" : "17.3R2-S4, 17.3R3" - }, - { - "affected" : "<", - "version_name" : "17.4", - "version_value" : "17.4R2" - }, - { - "affected" : "<", - "version_name" : "18.1", - "version_value" : "18.1R2-S3, 18.1R3" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" + "lang": "eng", + "value": "On MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP address, even if there is a static MAC to IP address binding in the access profile. In the problem scenario, with a hardware-address and IP address configured under address-assignment pool, if a subscriber logging in with DHCP Option 50, the subscriber will not be assigned an available address from the matched pool, but will still get the requested IP address. A malicious DHCP subscriber may be able to utilize this vulnerability to create duplicate IP address assignments, leading to a denial of service for valid subscribers or unauthorized information disclosure via IP address assignment spoofing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2, 15.1R8; 16.1 versions prior to 16.1R4-S12, 16.1R7-S2, 16.1R8; 16.2 versions prior to 16.2R2-S7, 16.2R3; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP address, even if there is a static MAC to IP address binding in the access profile. In the problem scenario, with a hardware-address and IP address configured under address-assignment pool, if a subscriber logging in with DHCP Option 50, the subscriber will not be assigned an available address from the matched pool, but will still get the requested IP address. A malicious DHCP subscriber may be able to utilize this vulnerability to create duplicate IP address assignments, leading to a denial of service for valid subscribers or unauthorized information disclosure via IP address assignment spoofing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2, 15.1R8; 16.1 versions prior to 16.1R4-S12, 16.1R7-S2, 16.1R8; 16.2 versions prior to 16.2R2-S7, 16.2R3; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." - } - ], - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "ADJACENT_NETWORK", - "availabilityImpact" : "LOW", - "baseScore" : 6.1, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "NONE", - "privilegesRequired" : "NONE", - "scope" : "CHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } - ] - }, - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10892", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10892" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "The following software releases have been updated to resolve this specific issue: 15.1R7-S2, 15.1R8, 16.1R4-S12, 16.1R7-S2, 16.1R8, 16.2R2-S7, 16.2R3, 17.1R2-S9, 17.1R3, 17.2R1-S7, 17.2R2-S6, 17.2R3, 17.3R2-S4, 17.3R3, 17.4R2, 18.1R2-S3, 18.1R3, 18.2R1, 18.3R1, and all subsequent releases.\n" - } - ], - "source" : { - "advisory" : "JSA10892", - "defect" : [ - "1351334" - ], - "discovery" : "USER" - }, - "work_around" : [ - { - "lang" : "eng", - "value" : "There are no viable workarounds for this issue" - } - ] -} + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10892", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10892" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 15.1R7-S2, 15.1R8, 16.1R4-S12, 16.1R7-S2, 16.1R8, 16.2R2-S7, 16.2R3, 17.1R2-S9, 17.1R3, 17.2R1-S7, 17.2R2-S6, 17.2R3, 17.3R2-S4, 17.3R3, 17.4R2, 18.1R2-S3, 18.1R3, 18.2R1, 18.3R1, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA10892", + "defect": [ + "1351334" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no viable workarounds for this issue" + } + ] +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0152.json b/2018/0xxx/CVE-2018-0152.json index 5649119fd03..bc25e400709 100644 --- a/2018/0xxx/CVE-2018-0152.json +++ b/2018/0xxx/CVE-2018-0152.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS XE Software", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS XE Software" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability exists because the affected software does not reset the privilege level for each web UI session. An attacker who has valid credentials for an affected device could exploit this vulnerability by remotely accessing a VTY line to the device. A successful exploit could allow the attacker to access an affected device with the privileges of the user who previously logged in to the web UI. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the HTTP Server feature is enabled and authentication, authorization, and accounting (AAA) authorization is not configured for EXEC sessions. The default state of the HTTP Server feature is version-dependent. This vulnerability was introduced in Cisco IOS XE Software Release 16.1.1. Cisco Bug IDs: CSCvf71769." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-264" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE Software", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS XE Software" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xepriv", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xepriv" - }, - { - "name" : "103558", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103558" - }, - { - "name" : "1040597", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability exists because the affected software does not reset the privilege level for each web UI session. An attacker who has valid credentials for an affected device could exploit this vulnerability by remotely accessing a VTY line to the device. A successful exploit could allow the attacker to access an affected device with the privileges of the user who previously logged in to the web UI. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the HTTP Server feature is enabled and authentication, authorization, and accounting (AAA) authorization is not configured for EXEC sessions. The default state of the HTTP Server feature is version-dependent. This vulnerability was introduced in Cisco IOS XE Software Release 16.1.1. Cisco Bug IDs: CSCvf71769." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103558", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103558" + }, + { + "name": "1040597", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040597" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xepriv", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xepriv" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0530.json b/2018/0xxx/CVE-2018-0530.json index 9ed3e7c7f38..5b941badff0 100644 --- a/2018/0xxx/CVE-2018-0530.json +++ b/2018/0xxx/CVE-2018-0530.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cybozu Garoon", - "version" : { - "version_data" : [ - { - "version_value" : "3.5.0 to 4.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Cybozu, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cybozu Garoon", + "version": { + "version_data": [ + { + "version_value": "3.5.0 to 4.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Cybozu, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.cybozu.com/ja-jp/article/9326", - "refsource" : "CONFIRM", - "url" : "https://support.cybozu.com/ja-jp/article/9326" - }, - { - "name" : "JVN#65268217", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN65268217/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.cybozu.com/ja-jp/article/9326", + "refsource": "CONFIRM", + "url": "https://support.cybozu.com/ja-jp/article/9326" + }, + { + "name": "JVN#65268217", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN65268217/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0546.json b/2018/0xxx/CVE-2018-0546.json index 1c479834f5c..5c90f991ac2 100644 --- a/2018/0xxx/CVE-2018-0546.json +++ b/2018/0xxx/CVE-2018-0546.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WP All Import", - "version" : { - "version_data" : [ - { - "version_value" : "prior to version 3.4.6" - } - ] - } - } - ] - }, - "vendor_name" : "Soflyy" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.6 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WP All Import", + "version": { + "version_data": [ + { + "version_value": "prior to version 3.4.6" + } + ] + } + } + ] + }, + "vendor_name": "Soflyy" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://plugins.trac.wordpress.org/changeset/1742744/", - "refsource" : "CONFIRM", - "url" : "https://plugins.trac.wordpress.org/changeset/1742744/" - }, - { - "name" : "https://wordpress.org/plugins/wp-all-import/#developers", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/wp-all-import/#developers" - }, - { - "name" : "JVN#33527174", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN33527174/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.6 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://plugins.trac.wordpress.org/changeset/1742744/", + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/1742744/" + }, + { + "name": "https://wordpress.org/plugins/wp-all-import/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/wp-all-import/#developers" + }, + { + "name": "JVN#33527174", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN33527174/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0705.json b/2018/0xxx/CVE-2018-0705.json index c0341647d32..fe492780769 100644 --- a/2018/0xxx/CVE-2018-0705.json +++ b/2018/0xxx/CVE-2018-0705.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cybozu Dezie", - "version" : { - "version_data" : [ - { - "version_value" : "8.0.2 to 8.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Cybozu, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory traversal" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cybozu Dezie", + "version": { + "version_data": [ + { + "version_value": "8.0.2 to 8.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Cybozu, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.cybozu.support/article/34089/", - "refsource" : "MISC", - "url" : "https://kb.cybozu.support/article/34089/" - }, - { - "name" : "JVN#16697622", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN16697622/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#16697622", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN16697622/index.html" + }, + { + "name": "https://kb.cybozu.support/article/34089/", + "refsource": "MISC", + "url": "https://kb.cybozu.support/article/34089/" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16391.json b/2018/16xxx/CVE-2018-16391.json index 38cae0f0427..91d7d469f3c 100644 --- a/2018/16xxx/CVE-2018-16391.json +++ b/2018/16xxx/CVE-2018-16391.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-477b7a40136bb418b10ce271c8664536", - "refsource" : "MISC", - "url" : "https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-477b7a40136bb418b10ce271c8664536" - }, - { - "name" : "https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1", - "refsource" : "MISC", - "url" : "https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1" - }, - { - "name" : "https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/", - "refsource" : "MISC", - "url" : "https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-477b7a40136bb418b10ce271c8664536", + "refsource": "MISC", + "url": "https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-477b7a40136bb418b10ce271c8664536" + }, + { + "name": "https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1", + "refsource": "MISC", + "url": "https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1" + }, + { + "name": "https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/", + "refsource": "MISC", + "url": "https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16925.json b/2018/16xxx/CVE-2018-16925.json index 36c79f6b267..007ed0adfe6 100644 --- a/2018/16xxx/CVE-2018-16925.json +++ b/2018/16xxx/CVE-2018-16925.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16925", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16925", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19210.json b/2018/19xxx/CVE-2018-19210.json index 88bb694d87f..4af76bb59e4 100644 --- a/2018/19xxx/CVE-2018-19210.json +++ b/2018/19xxx/CVE-2018-19210.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190218 [SECURITY] [DLA 1680-1] tiff security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2820", - "refsource" : "MISC", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2820" - }, - { - "name" : "USN-3906-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3906-1/" - }, - { - "name" : "105932", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105932", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105932" + }, + { + "name": "USN-3906-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3906-1/" + }, + { + "name": "[debian-lts-announce] 20190218 [SECURITY] [DLA 1680-1] tiff security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2820", + "refsource": "MISC", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2820" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19344.json b/2018/19xxx/CVE-2018-19344.json index 9e46dec246e..1a5ef426913 100644 --- a/2018/19xxx/CVE-2018-19344.json +++ b/2018/19xxx/CVE-2018-19344.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The u3d plugin 9.3.0.10809 (aka plugins\\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a \"Data from Faulting Address may be used as a return value starting at U3DBrowser!PlugInMain+0x0000000000031a75\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/10/2018/11/2018-11-10/index.html", - "refsource" : "MISC", - "url" : "https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/10/2018/11/2018-11-10/index.html" - }, - { - "name" : "https://yan-1-20.github.io/2018/11/10/2018/11/2018-11-10/", - "refsource" : "MISC", - "url" : "https://yan-1-20.github.io/2018/11/10/2018/11/2018-11-10/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The u3d plugin 9.3.0.10809 (aka plugins\\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a \"Data from Faulting Address may be used as a return value starting at U3DBrowser!PlugInMain+0x0000000000031a75\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/10/2018/11/2018-11-10/index.html", + "refsource": "MISC", + "url": "https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/10/2018/11/2018-11-10/index.html" + }, + { + "name": "https://yan-1-20.github.io/2018/11/10/2018/11/2018-11-10/", + "refsource": "MISC", + "url": "https://yan-1-20.github.io/2018/11/10/2018/11/2018-11-10/" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4325.json b/2018/4xxx/CVE-2018-4325.json index 6875a38da70..27addb9044e 100644 --- a/2018/4xxx/CVE-2018-4325.json +++ b/2018/4xxx/CVE-2018-4325.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4325", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4325", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4420.json b/2018/4xxx/CVE-2018-4420.json index aa568e1878c..cbfecef79ed 100644 --- a/2018/4xxx/CVE-2018-4420.json +++ b/2018/4xxx/CVE-2018-4420.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4420", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4420", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4677.json b/2018/4xxx/CVE-2018-4677.json index c4476241257..c000e1c863a 100644 --- a/2018/4xxx/CVE-2018-4677.json +++ b/2018/4xxx/CVE-2018-4677.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4677", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4677", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4737.json b/2018/4xxx/CVE-2018-4737.json index 2aaa5dd6672..ccacbea211e 100644 --- a/2018/4xxx/CVE-2018-4737.json +++ b/2018/4xxx/CVE-2018-4737.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4737", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4737", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4835.json b/2018/4xxx/CVE-2018-4835.json index 6851e5b005f..e9bfa8eaaa3 100644 --- a/2018/4xxx/CVE-2018-4835.json +++ b/2018/4xxx/CVE-2018-4835.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "DATE_PUBLIC" : "2018-01-25T00:00:00", - "ID" : "CVE-2018-4835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TeleControl Server Basic", - "version" : { - "version_data" : [ - { - "version_value" : "All versions < V3.1" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-287: Improper Authentication" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "DATE_PUBLIC": "2018-01-25T00:00:00", + "ID": "CVE-2018-4835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TeleControl Server Basic", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.1" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-651454.pdf", - "refsource" : "CONFIRM", - "url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-651454.pdf" - }, - { - "name" : "102894", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102894" - }, - { - "name" : "102904", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102904" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-651454.pdf", + "refsource": "CONFIRM", + "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-651454.pdf" + }, + { + "name": "102894", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102894" + }, + { + "name": "102904", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102904" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9847.json b/2019/9xxx/CVE-2019-9847.json new file mode 100644 index 00000000000..98bafffaebb --- /dev/null +++ b/2019/9xxx/CVE-2019-9847.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9847", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file