diff --git a/2008/0xxx/CVE-2008-0459.json b/2008/0xxx/CVE-2008-0459.json index 79b01cc752f..2e790b7774d 100644 --- a/2008/0xxx/CVE-2008-0459.json +++ b/2008/0xxx/CVE-2008-0459.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in update/index.php in Liquid-Silver CMS 0.35, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the update parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4976", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4976" - }, - { - "name" : "27425", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27425" - }, - { - "name" : "ADV-2008-0309", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0309" - }, - { - "name" : "28619", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28619" - }, - { - "name" : "liquidsilvercms-index-file-include(39895)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in update/index.php in Liquid-Silver CMS 0.35, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the update parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4976", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4976" + }, + { + "name": "27425", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27425" + }, + { + "name": "liquidsilvercms-index-file-include(39895)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39895" + }, + { + "name": "28619", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28619" + }, + { + "name": "ADV-2008-0309", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0309" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0999.json b/2008/0xxx/CVE-2008-0999.json index fea7b54f71d..6d278898af5 100644 --- a/2008/0xxx/CVE-2008-0999.json +++ b/2008/0xxx/CVE-2008-0999.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=307562", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307562" - }, - { - "name" : "APPLE-SA-2008-03-18", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" - }, - { - "name" : "TA08-079A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-079A.html" - }, - { - "name" : "28389", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28389" - }, - { - "name" : "28304", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28304" - }, - { - "name" : "ADV-2008-0924", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0924/references" - }, - { - "name" : "1019669", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019669" - }, - { - "name" : "29420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29420" - }, - { - "name" : "macos-udf-dos(41280)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28304", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28304" + }, + { + "name": "TA08-079A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html" + }, + { + "name": "ADV-2008-0924", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0924/references" + }, + { + "name": "1019669", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019669" + }, + { + "name": "29420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29420" + }, + { + "name": "APPLE-SA-2008-03-18", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" + }, + { + "name": "macos-udf-dos(41280)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41280" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307562", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307562" + }, + { + "name": "28389", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28389" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1295.json b/2008/1xxx/CVE-2008-1295.json index 261d6625f8d..d1db2ca539d 100644 --- a/2008/1xxx/CVE-2008-1295.json +++ b/2008/1xxx/CVE-2008-1295.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in archives.php in Gregory Kokanosky (aka Greg's Place) phpMyNewsletter 0.8 beta 5 and earlier allows remote attackers to execute arbitrary SQL commands via the msg_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5231", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5231" - }, - { - "name" : "28189", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28189" - }, - { - "name" : "phpmynewsletter-archives-sql-injection(41197)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41197" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in archives.php in Gregory Kokanosky (aka Greg's Place) phpMyNewsletter 0.8 beta 5 and earlier allows remote attackers to execute arbitrary SQL commands via the msg_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpmynewsletter-archives-sql-injection(41197)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41197" + }, + { + "name": "5231", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5231" + }, + { + "name": "28189", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28189" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1343.json b/2008/1xxx/CVE-2008-1343.json index 300f682296e..c665623f244 100644 --- a/2008/1xxx/CVE-2008-1343.json +++ b/2008/1xxx/CVE-2008-1343.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in (1) pkgadd and (2) pkgrm in SCO UnixWare 7.1.4 allows local users to gain privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SCOSA-2008.1", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/unixware7/714/security/p534589/p534589.txt" - }, - { - "name" : "28236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28236" - }, - { - "name" : "ADV-2008-0871", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0871" - }, - { - "name" : "29370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29370" - }, - { - "name" : "sco-unixware-pkgadd-privilege-escalation(41200)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in (1) pkgadd and (2) pkgrm in SCO UnixWare 7.1.4 allows local users to gain privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sco-unixware-pkgadd-privilege-escalation(41200)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41200" + }, + { + "name": "SCOSA-2008.1", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/unixware7/714/security/p534589/p534589.txt" + }, + { + "name": "29370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29370" + }, + { + "name": "28236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28236" + }, + { + "name": "ADV-2008-0871", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0871" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1592.json b/2008/1xxx/CVE-2008-1592.json index 9cefee792ff..b7557e92405 100644 --- a/2008/1xxx/CVE-2008-1592.json +++ b/2008/1xxx/CVE-2008-1592.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to \"Pathway panels.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21297035", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21297035" - }, - { - "name" : "28235", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28235" - }, - { - "name" : "29360", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29360" - }, - { - "name" : "ADV-2008-0869", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0869" - }, - { - "name" : "1019610", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019610" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to \"Pathway panels.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29360", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29360" + }, + { + "name": "ADV-2008-0869", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0869" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21297035", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21297035" + }, + { + "name": "1019610", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019610" + }, + { + "name": "28235", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28235" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1669.json b/2008/1xxx/CVE-2008-1669.json index 5c6bd8bc64d..bc3494fb290 100644 --- a/2008/1xxx/CVE-2008-1669.json +++ b/2008/1xxx/CVE-2008-1669.json @@ -1,282 +1,282 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain \"re-ordered access to the descriptor table.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-1669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080507 rPSA-2008-0162-1 kernel", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491740/100/0/threaded" - }, - { - "name" : "[Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2008/000023.html" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.2" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0162", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0162" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2518", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2518" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.4", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.4" - }, - { - "name" : "DSA-1575", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1575" - }, - { - "name" : "FEDORA-2008-3873", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00232.html" - }, - { - "name" : "FEDORA-2008-3949", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00294.html" - }, - { - "name" : "FEDORA-2008-4043", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00357.html" - }, - { - "name" : "MDVSA-2008:105", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:105" - }, - { - "name" : "MDVSA-2008:167", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:167" - }, - { - "name" : "MDVSA-2008:104", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:104" - }, - { - "name" : "RHSA-2008:0211", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0211.html" - }, - { - "name" : "RHSA-2008:0233", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0233.html" - }, - { - "name" : "RHSA-2008:0237", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0237.html" - }, - { - "name" : "SUSE-SA:2008:030", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html" - }, - { - "name" : "SUSE-SA:2008:032", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html" - }, - { - "name" : "SUSE-SA:2008:035", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html" - }, - { - "name" : "SUSE-SA:2008:038", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html" - }, - { - "name" : "USN-614-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/614-1/" - }, - { - "name" : "USN-618-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-618-1" - }, - { - "name" : "29076", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29076" - }, - { - "name" : "oval:org.mitre.oval:def:10065", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10065" - }, - { - "name" : "30982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30982" - }, - { - "name" : "ADV-2008-1451", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1451/references" - }, - { - "name" : "ADV-2008-1452", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1452/references" - }, - { - "name" : "ADV-2008-2222", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2222/references" - }, - { - "name" : "1019974", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019974" - }, - { - "name" : "30077", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30077" - }, - { - "name" : "30108", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30108" - }, - { - "name" : "30260", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30260" - }, - { - "name" : "30276", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30276" - }, - { - "name" : "30252", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30252" - }, - { - "name" : "30164", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30164" - }, - { - "name" : "30515", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30515" - }, - { - "name" : "30769", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30769" - }, - { - "name" : "30818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30818" - }, - { - "name" : "30962", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30962" - }, - { - "name" : "31246", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31246" - }, - { - "name" : "30101", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30101" - }, - { - "name" : "30110", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30110" - }, - { - "name" : "30112", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30112" - }, - { - "name" : "30116", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30116" - }, - { - "name" : "linux-kernel-fcntlsetlk-dos(42242)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42242" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain \"re-ordered access to the descriptor table.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30276", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30276" + }, + { + "name": "30962", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30962" + }, + { + "name": "SUSE-SA:2008:038", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html" + }, + { + "name": "20080507 rPSA-2008-0162-1 kernel", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491740/100/0/threaded" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.2" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2518", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2518" + }, + { + "name": "SUSE-SA:2008:035", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html" + }, + { + "name": "RHSA-2008:0237", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0237.html" + }, + { + "name": "ADV-2008-1451", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1451/references" + }, + { + "name": "ADV-2008-1452", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1452/references" + }, + { + "name": "MDVSA-2008:167", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:167" + }, + { + "name": "USN-618-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-618-1" + }, + { + "name": "30982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30982" + }, + { + "name": "29076", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29076" + }, + { + "name": "30116", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30116" + }, + { + "name": "RHSA-2008:0233", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0233.html" + }, + { + "name": "30110", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30110" + }, + { + "name": "DSA-1575", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1575" + }, + { + "name": "oval:org.mitre.oval:def:10065", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10065" + }, + { + "name": "FEDORA-2008-3873", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00232.html" + }, + { + "name": "ADV-2008-2222", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2222/references" + }, + { + "name": "30515", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30515" + }, + { + "name": "USN-614-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/614-1/" + }, + { + "name": "1019974", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019974" + }, + { + "name": "MDVSA-2008:105", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:105" + }, + { + "name": "30101", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30101" + }, + { + "name": "30164", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30164" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0162", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0162" + }, + { + "name": "30108", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30108" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.4", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.4" + }, + { + "name": "30252", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30252" + }, + { + "name": "FEDORA-2008-4043", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00357.html" + }, + { + "name": "RHSA-2008:0211", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0211.html" + }, + { + "name": "FEDORA-2008-3949", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00294.html" + }, + { + "name": "30769", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30769" + }, + { + "name": "30077", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30077" + }, + { + "name": "[Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2008/000023.html" + }, + { + "name": "linux-kernel-fcntlsetlk-dos(42242)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42242" + }, + { + "name": "MDVSA-2008:104", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:104" + }, + { + "name": "30260", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30260" + }, + { + "name": "SUSE-SA:2008:030", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html" + }, + { + "name": "31246", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31246" + }, + { + "name": "30818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30818" + }, + { + "name": "30112", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30112" + }, + { + "name": "SUSE-SA:2008:032", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1719.json b/2008/1xxx/CVE-2008-1719.json index cede7d189f9..8139e9770f3 100644 --- a/2008/1xxx/CVE-2008-1719.json +++ b/2008/1xxx/CVE-2008-1719.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Nuke ET 3.2 and 3.4 allow remote attackers to perform actions as administrators, as demonstrated by inserting an XSS sequence into a document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mrzayas.es/2008/04/07/xsrf-en-nuke-et-3x/", - "refsource" : "MISC", - "url" : "http://www.mrzayas.es/2008/04/07/xsrf-en-nuke-et-3x/" - }, - { - "name" : "29651", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29651" - }, - { - "name" : "nukeet-multiple-unspecified-csrf(41851)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Nuke ET 3.2 and 3.4 allow remote attackers to perform actions as administrators, as demonstrated by inserting an XSS sequence into a document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29651", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29651" + }, + { + "name": "http://www.mrzayas.es/2008/04/07/xsrf-en-nuke-et-3x/", + "refsource": "MISC", + "url": "http://www.mrzayas.es/2008/04/07/xsrf-en-nuke-et-3x/" + }, + { + "name": "nukeet-multiple-unspecified-csrf(41851)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41851" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1795.json b/2008/1xxx/CVE-2008-1795.json index 1f625fc539c..955172f398d 100644 --- a/2008/1xxx/CVE-2008-1795.json +++ b/2008/1xxx/CVE-2008-1795.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080326 Blackboard Academic Suite Multiple XSS Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490096/100/0/threaded" - }, - { - "name" : "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/", - "refsource" : "MISC", - "url" : "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/" - }, - { - "name" : "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite", - "refsource" : "MISC", - "url" : "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite" - }, - { - "name" : "28455", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28455" - }, - { - "name" : "1019710", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019710" - }, - { - "name" : "29543", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29543" - }, - { - "name" : "3810", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3810" - }, - { - "name" : "blackboard-searchtext-xss(41478)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite", + "refsource": "MISC", + "url": "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite" + }, + { + "name": "1019710", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019710" + }, + { + "name": "3810", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3810" + }, + { + "name": "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/", + "refsource": "MISC", + "url": "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/" + }, + { + "name": "29543", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29543" + }, + { + "name": "20080326 Blackboard Academic Suite Multiple XSS Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490096/100/0/threaded" + }, + { + "name": "28455", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28455" + }, + { + "name": "blackboard-searchtext-xss(41478)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41478" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1876.json b/2008/1xxx/CVE-2008-1876.json index 51f27b835b3..91c985810c7 100644 --- a/2008/1xxx/CVE-2008-1876.json +++ b/2008/1xxx/CVE-2008-1876.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in VisualPic 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the _CONFIG[files][functions_page] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5375", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5375" - }, - { - "name" : "ADV-2008-1127", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1127/references" - }, - { - "name" : "visualpic-index-file-include(41667)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41667" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in VisualPic 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the _CONFIG[files][functions_page] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5375", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5375" + }, + { + "name": "visualpic-index-file-include(41667)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41667" + }, + { + "name": "ADV-2008-1127", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1127/references" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4133.json b/2008/4xxx/CVE-2008-4133.json index 40cba2d2ee8..6d7ee9786f8 100644 --- a/2008/4xxx/CVE-2008-4133.json +++ b/2008/4xxx/CVE-2008-4133.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080908 [scip_Advisory 3808] D-Link DIR-100 long url filter evasion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496072/100/0/threaded" - }, - { - "name" : "20080908 [scip_Advisory 3808] D-Link DIR-100 long url filter evasion", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0133.html" - }, - { - "name" : "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808", - "refsource" : "MISC", - "url" : "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808" - }, - { - "name" : "31050", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31050" - }, - { - "name" : "1020825", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020825" - }, - { - "name" : "31767", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31767" - }, - { - "name" : "4276", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4276" - }, - { - "name" : "dlink-dir100-webproxyfilter-security-bypass(44961)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44961" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31050", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31050" + }, + { + "name": "31767", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31767" + }, + { + "name": "20080908 [scip_Advisory 3808] D-Link DIR-100 long url filter evasion", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0133.html" + }, + { + "name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808", + "refsource": "MISC", + "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808" + }, + { + "name": "4276", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4276" + }, + { + "name": "dlink-dir100-webproxyfilter-security-bypass(44961)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44961" + }, + { + "name": "1020825", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020825" + }, + { + "name": "20080908 [scip_Advisory 3808] D-Link DIR-100 long url filter evasion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496072/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4746.json b/2008/4xxx/CVE-2008-4746.json index d20a5b5a1c1..9bf942dec02 100644 --- a/2008/4xxx/CVE-2008-4746.json +++ b/2008/4xxx/CVE-2008-4746.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Uniwin eCart Professional 2.0.17 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) search.asp and (2) cartUtil.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.uniwin.com/eCart_revisions.asp", - "refsource" : "CONFIRM", - "url" : "http://www.uniwin.com/eCart_revisions.asp" - }, - { - "name" : "31545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31545" - }, - { - "name" : "uniwinecart-search-cartutil-sql-injection(44609)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Uniwin eCart Professional 2.0.17 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) search.asp and (2) cartUtil.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31545" + }, + { + "name": "uniwinecart-search-cartutil-sql-injection(44609)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44609" + }, + { + "name": "http://www.uniwin.com/eCart_revisions.asp", + "refsource": "CONFIRM", + "url": "http://www.uniwin.com/eCart_revisions.asp" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4821.json b/2008/4xxx/CVE-2008-4821.json index 8b4da92377b..75da946f550 100644 --- a/2008/4xxx/CVE-2008-4821.json +++ b/2008/4xxx/CVE-2008-4821.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb08-20.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb08-20.html" - }, - { - "name" : "http://support.apple.com/kb/HT3338", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3338" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm" - }, - { - "name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=", - "refsource" : "CONFIRM", - "url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=" - }, - { - "name" : "APPLE-SA-2008-12-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html" - }, - { - "name" : "GLSA-200903-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200903-23.xml" - }, - { - "name" : "RHSA-2008:0980", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0980.html" - }, - { - "name" : "248586", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1" - }, - { - "name" : "TA08-350A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-350A.html" - }, - { - "name" : "32129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32129" - }, - { - "name" : "34226", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34226" - }, - { - "name" : "ADV-2008-3444", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3444" - }, - { - "name" : "1021149", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021149" - }, - { - "name" : "32702", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32702" - }, - { - "name" : "33179", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33179" - }, - { - "name" : "33390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33390" - }, - { - "name" : "adobe-flash-jar-information-disclosure(46534)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46534" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=", + "refsource": "CONFIRM", + "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=" + }, + { + "name": "32129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32129" + }, + { + "name": "33390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33390" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm" + }, + { + "name": "ADV-2008-3444", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3444" + }, + { + "name": "32702", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32702" + }, + { + "name": "TA08-350A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb08-20.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb08-20.html" + }, + { + "name": "33179", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33179" + }, + { + "name": "34226", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34226" + }, + { + "name": "adobe-flash-jar-information-disclosure(46534)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46534" + }, + { + "name": "GLSA-200903-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml" + }, + { + "name": "http://support.apple.com/kb/HT3338", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3338" + }, + { + "name": "RHSA-2008:0980", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm" + }, + { + "name": "APPLE-SA-2008-12-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html" + }, + { + "name": "248586", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1" + }, + { + "name": "1021149", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021149" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5064.json b/2008/5xxx/CVE-2008-5064.json index 9b4fe5ed497..380b9eb53a5 100644 --- a/2008/5xxx/CVE-2008-5064.json +++ b/2008/5xxx/CVE-2008-5064.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in liga.php in H&H WebSoccer 2.80 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstorm.linuxsecurity.com/0810-exploits/hhwebsoccer-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstorm.linuxsecurity.com/0810-exploits/hhwebsoccer-sql.txt" - }, - { - "name" : "31963", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31963" - }, - { - "name" : "32422", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32422" - }, - { - "name" : "websoccer-liga-sql-injection(46164)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in liga.php in H&H WebSoccer 2.80 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32422", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32422" + }, + { + "name": "http://packetstorm.linuxsecurity.com/0810-exploits/hhwebsoccer-sql.txt", + "refsource": "MISC", + "url": "http://packetstorm.linuxsecurity.com/0810-exploits/hhwebsoccer-sql.txt" + }, + { + "name": "websoccer-liga-sql-injection(46164)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46164" + }, + { + "name": "31963", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31963" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5546.json b/2008/5xxx/CVE-2008-5546.json index e65c1bcfa84..0df2aeb9d38 100644 --- a/2008/5xxx/CVE-2008-5546.json +++ b/2008/5xxx/CVE-2008-5546.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VirusBlokAda VBA32 3.12.8.5, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498995/100/0/threaded" - }, - { - "name" : "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499043/100/0/threaded" - }, - { - "name" : "4723", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4723" - }, - { - "name" : "multiple-antivirus-mzheader-code-execution(47435)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VirusBlokAda VBA32 3.12.8.5, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "multiple-antivirus-mzheader-code-execution(47435)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435" + }, + { + "name": "4723", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4723" + }, + { + "name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded" + }, + { + "name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5673.json b/2008/5xxx/CVE-2008-5673.json index f276d9f4d3d..4d7b8920296 100644 --- a/2008/5xxx/CVE-2008-5673.json +++ b/2008/5xxx/CVE-2008-5673.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHParanoid before 0.4 does not properly restrict access to the members area by unauthenticated users, which has unknown impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=575358", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=575358" - }, - { - "name" : "28847", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28847" - }, - { - "name" : "phparanoid-membersarea-security-bypass(40516)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40516" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHParanoid before 0.4 does not properly restrict access to the members area by unauthenticated users, which has unknown impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phparanoid-membersarea-security-bypass(40516)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40516" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=575358", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=575358" + }, + { + "name": "28847", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28847" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3315.json b/2013/3xxx/CVE-2013-3315.json index cc38957015f..cae9dd15d66 100644 --- a/2013/3xxx/CVE-2013-3315.json +++ b/2013/3xxx/CVE-2013-3315.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The server in TIBCO Silver Mobile 1.1.0 does not properly verify access to the administrator role before executing a command, which allows authenticated users to gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tibco.com/mk/advisory.jsp", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/mk/advisory.jsp" - }, - { - "name" : "http://www.tibco.com/multimedia/silver-mobile-advisory-2013-05-08_tcm8-18595.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/multimedia/silver-mobile-advisory-2013-05-08_tcm8-18595.txt" - }, - { - "name" : "http://www.tibco.com/services/support/advisories/silver-mobile-advisory_20130508.jsp", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/services/support/advisories/silver-mobile-advisory_20130508.jsp" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The server in TIBCO Silver Mobile 1.1.0 does not properly verify access to the administrator role before executing a command, which allows authenticated users to gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/services/support/advisories/silver-mobile-advisory_20130508.jsp", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/services/support/advisories/silver-mobile-advisory_20130508.jsp" + }, + { + "name": "http://www.tibco.com/mk/advisory.jsp", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/mk/advisory.jsp" + }, + { + "name": "http://www.tibco.com/multimedia/silver-mobile-advisory-2013-05-08_tcm8-18595.txt", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/multimedia/silver-mobile-advisory-2013-05-08_tcm8-18595.txt" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3659.json b/2013/3xxx/CVE-2013-3659.json index 0cfb1acdccb..ec41fbb8a27 100644 --- a/2013/3xxx/CVE-2013-3659.json +++ b/2013/3xxx/CVE-2013-3659.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for Android does not properly connect to Wi-Fi access points, which allows remote attackers to obtain sensitive information by leveraging presence in an 802.11 network's coverage area." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-3659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jvn.jp/en/jp/JVN44035194/995312/index.html", - "refsource" : "CONFIRM", - "url" : "http://jvn.jp/en/jp/JVN44035194/995312/index.html" - }, - { - "name" : "https://play.google.com/store/apps/details?id=com.nttdocomo.android.gs.utility", - "refsource" : "CONFIRM", - "url" : "https://play.google.com/store/apps/details?id=com.nttdocomo.android.gs.utility" - }, - { - "name" : "JVN#44035194", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN44035194/index.html" - }, - { - "name" : "JVNDB-2013-000075", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000075" - }, - { - "name" : "docomooverseasusage-wifi-info-disclosure(86361)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86361" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for Android does not properly connect to Wi-Fi access points, which allows remote attackers to obtain sensitive information by leveraging presence in an 802.11 network's coverage area." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://play.google.com/store/apps/details?id=com.nttdocomo.android.gs.utility", + "refsource": "CONFIRM", + "url": "https://play.google.com/store/apps/details?id=com.nttdocomo.android.gs.utility" + }, + { + "name": "JVN#44035194", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN44035194/index.html" + }, + { + "name": "http://jvn.jp/en/jp/JVN44035194/995312/index.html", + "refsource": "CONFIRM", + "url": "http://jvn.jp/en/jp/JVN44035194/995312/index.html" + }, + { + "name": "JVNDB-2013-000075", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000075" + }, + { + "name": "docomooverseasusage-wifi-info-disclosure(86361)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86361" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4359.json b/2013/4xxx/CVE-2013-4359.json index 95f4e416658..6f193f2c878 100644 --- a/2013/4xxx/CVE-2013-4359.json +++ b/2013/4xxx/CVE-2013-4359.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130916 Re: CVE request: proftpd: mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/09/17/6" - }, - { - "name" : "http://kingcope.wordpress.com/2013/09/11/proftpd-mod_sftpmod_sftp_pam-invalid-pool-allocation-in-kbdint-authentication/", - "refsource" : "MISC", - "url" : "http://kingcope.wordpress.com/2013/09/11/proftpd-mod_sftpmod_sftp_pam-invalid-pool-allocation-in-kbdint-authentication/" - }, - { - "name" : "http://bugs.proftpd.org/show_bug.cgi?id=3973", - "refsource" : "CONFIRM", - "url" : "http://bugs.proftpd.org/show_bug.cgi?id=3973" - }, - { - "name" : "DSA-2767", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2767" - }, - { - "name" : "openSUSE-SU-2013:1563", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-10/msg00032.html" - }, - { - "name" : "openSUSE-SU-2015:1031", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-06/msg00020.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://kingcope.wordpress.com/2013/09/11/proftpd-mod_sftpmod_sftp_pam-invalid-pool-allocation-in-kbdint-authentication/", + "refsource": "MISC", + "url": "http://kingcope.wordpress.com/2013/09/11/proftpd-mod_sftpmod_sftp_pam-invalid-pool-allocation-in-kbdint-authentication/" + }, + { + "name": "[oss-security] 20130916 Re: CVE request: proftpd: mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/09/17/6" + }, + { + "name": "DSA-2767", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2767" + }, + { + "name": "openSUSE-SU-2015:1031", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00020.html" + }, + { + "name": "openSUSE-SU-2013:1563", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00032.html" + }, + { + "name": "http://bugs.proftpd.org/show_bug.cgi?id=3973", + "refsource": "CONFIRM", + "url": "http://bugs.proftpd.org/show_bug.cgi?id=3973" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4376.json b/2013/4xxx/CVE-2013-4376.json index 51b7eecb9a0..9fdc6090f74 100644 --- a/2013/4xxx/CVE-2013-4376.json +++ b/2013/4xxx/CVE-2013-4376.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server before 4.0.0.2 allows remote attackers to execute arbitrary code via unspecified vectors, related to the path to libx2go-server-db-sqlite3-wrapper.pl." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[X2Go-Announcement] 20130519 X2Go Server (4.0.0.2) released", - "refsource" : "MLIST", - "url" : "https://lists.berlios.de/pipermail/x2go-announcement/2013-May/000125.html" - }, - { - "name" : "[oss-security] 20130925 Re: CVE request: X2Go server", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/09/25/11" - }, - { - "name" : "http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=42264c88d7885474ebe3763b2991681ddfcfa69a", - "refsource" : "CONFIRM", - "url" : "http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=42264c88d7885474ebe3763b2991681ddfcfa69a" - }, - { - "name" : "GLSA-201310-19", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201310-19.xml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server before 4.0.0.2 allows remote attackers to execute arbitrary code via unspecified vectors, related to the path to libx2go-server-db-sqlite3-wrapper.pl." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201310-19", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201310-19.xml" + }, + { + "name": "http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=42264c88d7885474ebe3763b2991681ddfcfa69a", + "refsource": "CONFIRM", + "url": "http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=42264c88d7885474ebe3763b2991681ddfcfa69a" + }, + { + "name": "[oss-security] 20130925 Re: CVE request: X2Go server", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/09/25/11" + }, + { + "name": "[X2Go-Announcement] 20130519 X2Go Server (4.0.0.2) released", + "refsource": "MLIST", + "url": "https://lists.berlios.de/pipermail/x2go-announcement/2013-May/000125.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4378.json b/2013/4xxx/CVE-2013-4378.json index 3da4e20f17a..cdbf030cb65 100644 --- a/2013/4xxx/CVE-2013-4378.json +++ b/2013/4xxx/CVE-2013-4378.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130926 Re: CVE request: Javamelody blind XSS through X-Forwarded-For header", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q3/679" - }, - { - "name" : "https://code.google.com/p/javamelody/issues/detail?id=346", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/javamelody/issues/detail?id=346" - }, - { - "name" : "https://code.google.com/p/javamelody/source/detail?r=3515", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/javamelody/source/detail?r=3515" - }, - { - "name" : "https://code.google.com/p/javamelody/wiki/ReleaseNotes", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/javamelody/wiki/ReleaseNotes" - }, - { - "name" : "62679", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62679" - }, - { - "name" : "97778", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/97778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130926 Re: CVE request: Javamelody blind XSS through X-Forwarded-For header", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q3/679" + }, + { + "name": "https://code.google.com/p/javamelody/source/detail?r=3515", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/javamelody/source/detail?r=3515" + }, + { + "name": "https://code.google.com/p/javamelody/wiki/ReleaseNotes", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/javamelody/wiki/ReleaseNotes" + }, + { + "name": "62679", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62679" + }, + { + "name": "https://code.google.com/p/javamelody/issues/detail?id=346", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/javamelody/issues/detail?id=346" + }, + { + "name": "97778", + "refsource": "OSVDB", + "url": "http://osvdb.org/97778" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4466.json b/2013/4xxx/CVE-2013-4466.json index b132be9ef4e..76b44715d44 100644 --- a/2013/4xxx/CVE-2013-4466.json +++ b/2013/4xxx/CVE-2013-4466.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[gnutls-devel] 20131023 gnutls 3.1.15", - "refsource" : "MLIST", - "url" : "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7049" - }, - { - "name" : "[gnutls-devel] 20131023 gnutls 3.2.5", - "refsource" : "MLIST", - "url" : "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7050" - }, - { - "name" : "[oss-security] 20131024 Re: CVE Request: gnutls/libdane buffer overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/10/25/2" - }, - { - "name" : "http://www.gnutls.org/security.html#GNUTLS-SA-2013-3", - "refsource" : "CONFIRM", - "url" : "http://www.gnutls.org/security.html#GNUTLS-SA-2013-3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20131024 Re: CVE Request: gnutls/libdane buffer overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/10/25/2" + }, + { + "name": "[gnutls-devel] 20131023 gnutls 3.2.5", + "refsource": "MLIST", + "url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7050" + }, + { + "name": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-3", + "refsource": "CONFIRM", + "url": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-3" + }, + { + "name": "[gnutls-devel] 20131023 gnutls 3.1.15", + "refsource": "MLIST", + "url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7049" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6425.json b/2013/6xxx/CVE-2013-6425.json index 659c3766e05..a8461ce5db7 100644 --- a/2013/6xxx/CVE-2013-6425.json +++ b/2013/6xxx/CVE-2013-6425.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Pixman] 20131110 [ANNOUNCE] pixman release 0.32.0 now available", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/pixman/2013-November/003109.html" - }, - { - "name" : "[oss-security] 20131203 CVE Request: xorg-server and pixman", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/12/03/8" - }, - { - "name" : "[oss-security] 20131204 Re: CVE Request: xorg-server and pixman", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/12/04/8" - }, - { - "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=67484", - "refsource" : "MISC", - "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=67484" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1197921", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1197921" - }, - { - "name" : "http://cgit.freedesktop.org/pixman/commit/?id=5e14da97f16e421d084a9e735be21b1025150f0c", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/pixman/commit/?id=5e14da97f16e421d084a9e735be21b1025150f0c" - }, - { - "name" : "DSA-2823", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2823" - }, - { - "name" : "RHSA-2013:1869", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1869.html" - }, - { - "name" : "openSUSE-SU-2014:0007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00001.html" - }, - { - "name" : "openSUSE-SU-2014:0011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00005.html" - }, - { - "name" : "openSUSE-SU-2014:0014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00008.html" - }, - { - "name" : "openSUSE-SU-2014:0145", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00097.html" - }, - { - "name" : "USN-2047-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2047-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1869", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1869.html" + }, + { + "name": "USN-2047-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2047-1" + }, + { + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=67484", + "refsource": "MISC", + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=67484" + }, + { + "name": "[Pixman] 20131110 [ANNOUNCE] pixman release 0.32.0 now available", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/pixman/2013-November/003109.html" + }, + { + "name": "[oss-security] 20131204 Re: CVE Request: xorg-server and pixman", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/12/04/8" + }, + { + "name": "openSUSE-SU-2014:0011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00005.html" + }, + { + "name": "openSUSE-SU-2014:0014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00008.html" + }, + { + "name": "openSUSE-SU-2014:0145", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00097.html" + }, + { + "name": "DSA-2823", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2823" + }, + { + "name": "http://cgit.freedesktop.org/pixman/commit/?id=5e14da97f16e421d084a9e735be21b1025150f0c", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/pixman/commit/?id=5e14da97f16e421d084a9e735be21b1025150f0c" + }, + { + "name": "openSUSE-SU-2014:0007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00001.html" + }, + { + "name": "[oss-security] 20131203 CVE Request: xorg-server and pixman", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/12/03/8" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1197921", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1197921" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6966.json b/2013/6xxx/CVE-2013-6966.json index e5b7d653807..86d38395c19 100644 --- a/2013/6xxx/CVE-2013-6966.json +++ b/2013/6xxx/CVE-2013-6966.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6966", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-6966", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32149", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32149" - }, - { - "name" : "20131212 Cisco WebEx Training Center Open Redirect Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6966" - }, - { - "name" : "100909", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/100909" - }, - { - "name" : "1029492", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029492" - }, - { - "name" : "cisco-webex-cve20136966-open-redirect(89686)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89686" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029492", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029492" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32149", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32149" + }, + { + "name": "20131212 Cisco WebEx Training Center Open Redirect Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6966" + }, + { + "name": "cisco-webex-cve20136966-open-redirect(89686)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89686" + }, + { + "name": "100909", + "refsource": "OSVDB", + "url": "http://osvdb.org/100909" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6968.json b/2013/6xxx/CVE-2013-6968.json index b164a471391..e68deb130f6 100644 --- a/2013/6xxx/CVE-2013-6968.json +++ b/2013/6xxx/CVE-2013-6968.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a series of requests, aka Bug ID CSCul36003." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-6968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32147", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32147" - }, - { - "name" : "20131212 Cisco WebEx Training Center Registered Attendee Email Enumeration Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6968" - }, - { - "name" : "100913", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/100913" - }, - { - "name" : "1029492", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029492" - }, - { - "name" : "cisco-webex-cve20136968-info-disc(89688)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89688" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a series of requests, aka Bug ID CSCul36003." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029492", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029492" + }, + { + "name": "100913", + "refsource": "OSVDB", + "url": "http://osvdb.org/100913" + }, + { + "name": "20131212 Cisco WebEx Training Center Registered Attendee Email Enumeration Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6968" + }, + { + "name": "cisco-webex-cve20136968-info-disc(89688)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89688" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32147", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32147" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6998.json b/2013/6xxx/CVE-2013-6998.json index eea3b9a05a6..229c8b356ed 100644 --- a/2013/6xxx/CVE-2013-6998.json +++ b/2013/6xxx/CVE-2013-6998.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6998", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-6870. Reason: This candidate is a duplicate of CVE-2013-6870. Notes: All CVE users should reference CVE-2013-6870 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6998", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-6870. Reason: This candidate is a duplicate of CVE-2013-6870. Notes: All CVE users should reference CVE-2013-6870 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7287.json b/2013/7xxx/CVE-2013-7287.json index 2652dfa6837..6886d519910 100644 --- a/2013/7xxx/CVE-2013-7287.json +++ b/2013/7xxx/CVE-2013-7287.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7287", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7287", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7332.json b/2013/7xxx/CVE-2013-7332.json index 5758c69c4dd..76a0a3f7f71 100644 --- a/2013/7xxx/CVE-2013-7332.json +++ b/2013/7xxx/CVE-2013-7332.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7332", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7332", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/", - "refsource" : "MISC", - "url" : "https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/", + "refsource": "MISC", + "url": "https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10371.json b/2017/10xxx/CVE-2017-10371.json index f7054fcfaf3..836b850a86a 100644 --- a/2017/10xxx/CVE-2017-10371.json +++ b/2017/10xxx/CVE-2017-10371.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10371", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10371", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10439.json b/2017/10xxx/CVE-2017-10439.json index 0b9f31a94f8..7e7f99fb6e3 100644 --- a/2017/10xxx/CVE-2017-10439.json +++ b/2017/10xxx/CVE-2017-10439.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10439", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10439", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10592.json b/2017/10xxx/CVE-2017-10592.json index 283e1bf382c..840bcb111e3 100644 --- a/2017/10xxx/CVE-2017-10592.json +++ b/2017/10xxx/CVE-2017-10592.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10592", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10592", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10781.json b/2017/10xxx/CVE-2017-10781.json index fba1dbd78a0..d0e4583d6b1 100644 --- a/2017/10xxx/CVE-2017-10781.json +++ b/2017/10xxx/CVE-2017-10781.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByName+0x00000000000000a5.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10781", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByName+0x00000000000000a5.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10781", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10781" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10856.json b/2017/10xxx/CVE-2017-10856.json index 9133ae2acd2..da3f48bee22 100644 --- a/2017/10xxx/CVE-2017-10856.json +++ b/2017/10xxx/CVE-2017-10856.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-10856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SEIL/X", - "version" : { - "version_data" : [ - { - "version_value" : "4.60 to 5.72" - } - ] - } - }, - { - "product_name" : "SEIL/B1", - "version" : { - "version_data" : [ - { - "version_value" : "4.60 to 5.72" - } - ] - } - }, - { - "product_name" : "SEIL/x86", - "version" : { - "version_data" : [ - { - "version_value" : "3.20 to 5.72" - } - ] - } - }, - { - "product_name" : "SEIL/BPV4", - "version" : { - "version_data" : [ - { - "version_value" : "5.00 to 5.72" - } - ] - } - } - ] - }, - "vendor_name" : "Internet Initiative Japan Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to 5.72, SEIL/x86 3.20 to 5.72, SEIL/BPV4 5.00 to 5.72 allows remote attackers to cause a temporary failure of the device's encrypted communications via a specially crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial-of-service (DoS)" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-10856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SEIL/X", + "version": { + "version_data": [ + { + "version_value": "4.60 to 5.72" + } + ] + } + }, + { + "product_name": "SEIL/B1", + "version": { + "version_data": [ + { + "version_value": "4.60 to 5.72" + } + ] + } + }, + { + "product_name": "SEIL/x86", + "version": { + "version_data": [ + { + "version_value": "3.20 to 5.72" + } + ] + } + }, + { + "product_name": "SEIL/BPV4", + "version": { + "version_data": [ + { + "version_value": "5.00 to 5.72" + } + ] + } + } + ] + }, + "vendor_name": "Internet Initiative Japan Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.seil.jp/support/security/a01811.html", - "refsource" : "MISC", - "url" : "http://www.seil.jp/support/security/a01811.html" - }, - { - "name" : "JVN#76692689", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN76692689/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to 5.72, SEIL/x86 3.20 to 5.72, SEIL/BPV4 5.00 to 5.72 allows remote attackers to cause a temporary failure of the device's encrypted communications via a specially crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial-of-service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#76692689", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN76692689/index.html" + }, + { + "name": "http://www.seil.jp/support/security/a01811.html", + "refsource": "MISC", + "url": "http://www.seil.jp/support/security/a01811.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12407.json b/2017/12xxx/CVE-2017-12407.json index dd96d613a94..8a55d4f8e55 100644 --- a/2017/12xxx/CVE-2017-12407.json +++ b/2017/12xxx/CVE-2017-12407.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12407", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12407", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13249.json b/2017/13xxx/CVE-2017-13249.json index 302308b1233..c0fa9840162 100644 --- a/2017/13xxx/CVE-2017-13249.json +++ b/2017/13xxx/CVE-2017-13249.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-03-05T00:00:00", - "ID" : "CVE-2017-13249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In impeg2d_api_set_display_frame of impeg2d_api_main.c, there is an out of bound write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70399408." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-03-05T00:00:00", + "ID": "CVE-2017-13249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-03-01" - }, - { - "name" : "103255", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In impeg2d_api_set_display_frame of impeg2d_api_main.c, there is an out of bound write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70399408." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103255", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103255" + }, + { + "name": "https://source.android.com/security/bulletin/2018-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-03-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13312.json b/2017/13xxx/CVE-2017-13312.json index 776c616b4e1..ff43ad53db9 100644 --- a/2017/13xxx/CVE-2017-13312.json +++ b/2017/13xxx/CVE-2017-13312.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13312", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13312", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13791.json b/2017/13xxx/CVE-2017-13791.json index 783a61b416e..b9397b650a1 100644 --- a/2017/13xxx/CVE-2017-13791.json +++ b/2017/13xxx/CVE-2017-13791.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-13791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-13791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43176", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43176/" - }, - { - "name" : "https://support.apple.com/HT208219", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208219" - }, - { - "name" : "https://support.apple.com/HT208222", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208222" - }, - { - "name" : "https://support.apple.com/HT208223", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208223" - }, - { - "name" : "https://support.apple.com/HT208224", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208224" - }, - { - "name" : "https://support.apple.com/HT208225", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208225" - }, - { - "name" : "GLSA-201712-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201712-01" - }, - { - "name" : "1039703", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208225", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208225" + }, + { + "name": "https://support.apple.com/HT208222", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208222" + }, + { + "name": "43176", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43176/" + }, + { + "name": "https://support.apple.com/HT208219", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208219" + }, + { + "name": "https://support.apple.com/HT208224", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208224" + }, + { + "name": "GLSA-201712-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201712-01" + }, + { + "name": "1039703", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039703" + }, + { + "name": "https://support.apple.com/HT208223", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208223" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13870.json b/2017/13xxx/CVE-2017-13870.json index 69a5b8f844f..15dc34f2b0e 100644 --- a/2017/13xxx/CVE-2017-13870.json +++ b/2017/13xxx/CVE-2017-13870.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-13870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-13870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208324", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208324" - }, - { - "name" : "https://support.apple.com/HT208326", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208326" - }, - { - "name" : "https://support.apple.com/HT208327", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208327" - }, - { - "name" : "https://support.apple.com/HT208328", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208328" - }, - { - "name" : "https://support.apple.com/HT208334", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208334" - }, - { - "name" : "GLSA-201801-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201801-09" - }, - { - "name" : "102181", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102181" - }, - { - "name" : "1040012", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040012" - }, - { - "name" : "1040013", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102181", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102181" + }, + { + "name": "1040013", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040013" + }, + { + "name": "https://support.apple.com/HT208327", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208327" + }, + { + "name": "1040012", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040012" + }, + { + "name": "https://support.apple.com/HT208334", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208334" + }, + { + "name": "https://support.apple.com/HT208324", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208324" + }, + { + "name": "https://support.apple.com/HT208326", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208326" + }, + { + "name": "GLSA-201801-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201801-09" + }, + { + "name": "https://support.apple.com/HT208328", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208328" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13946.json b/2017/13xxx/CVE-2017-13946.json index 9ce121ad6ae..24398e147b0 100644 --- a/2017/13xxx/CVE-2017-13946.json +++ b/2017/13xxx/CVE-2017-13946.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13946", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13946", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17127.json b/2017/17xxx/CVE-2017-17127.json index 8be8aed9e84..5a98da12c40 100644 --- a/2017/17xxx/CVE-2017-17127.json +++ b/2017/17xxx/CVE-2017-17127.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.libav.org/show_bug.cgi?id=1099", - "refsource" : "MISC", - "url" : "https://bugzilla.libav.org/show_bug.cgi?id=1099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.libav.org/show_bug.cgi?id=1099", + "refsource": "MISC", + "url": "https://bugzilla.libav.org/show_bug.cgi?id=1099" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17467.json b/2017/17xxx/CVE-2017-17467.json index ba2db998ed5..8f3ace3d4b6 100644 --- a/2017/17xxx/CVE-2017-17467.json +++ b/2017/17xxx/CVE-2017-17467.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\\\.\\Viragtlt DeviceIoControl request of 0x82730074." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x82730074", - "refsource" : "MISC", - "url" : "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x82730074" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\\\.\\Viragtlt DeviceIoControl request of 0x82730074." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x82730074", + "refsource": "MISC", + "url": "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x82730074" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17696.json b/2017/17xxx/CVE-2017-17696.json index 6266234b73d..3539f8bd52a 100644 --- a/2017/17xxx/CVE-2017-17696.json +++ b/2017/17xxx/CVE-2017-17696.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Techno - Portfolio Management Panel through 2017-11-16 allows full path disclosure via an invalid s parameter to panel/search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Techno-Portfolio-Management-Panel.md", - "refsource" : "MISC", - "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Techno-Portfolio-Management-Panel.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Techno - Portfolio Management Panel through 2017-11-16 allows full path disclosure via an invalid s parameter to panel/search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Techno-Portfolio-Management-Panel.md", + "refsource": "MISC", + "url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Techno-Portfolio-Management-Panel.md" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17700.json b/2017/17xxx/CVE-2017-17700.json index daca96a55f1..c6d3b8b5ac9 100644 --- a/2017/17xxx/CVE-2017-17700.json +++ b/2017/17xxx/CVE-2017-17700.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025a4 DeviceIoControl request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/mmmxny/K7-Antivirus/tree/master/cve1", - "refsource" : "MISC", - "url" : "https://github.com/mmmxny/K7-Antivirus/tree/master/cve1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025a4 DeviceIoControl request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mmmxny/K7-Antivirus/tree/master/cve1", + "refsource": "MISC", + "url": "https://github.com/mmmxny/K7-Antivirus/tree/master/cve1" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17860.json b/2017/17xxx/CVE-2017-17860.json index 5070cff9a5b..158ce18c5fe 100644 --- a/2017/17xxx/CVE-2017-17860.json +++ b/2017/17xxx/CVE-2017-17860.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_PUBLIC" : "2018-01-16T00:00:00", - "ID" : "CVE-2017-17860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Samsung Gear products, Bluetooth link key is updated to the different key which is same with attacker's link key. It can be attacked without user's intention only if attacker can reveal the Bluetooth address of target device and paired user's smartphone" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_PUBLIC": "2018-01-16T00:00:00", + "ID": "CVE-2017-17860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://drive.google.com/open?id=0B5L-0MoH_v7fcGljUS1SYnlkOHM", - "refsource" : "MISC", - "url" : "https://drive.google.com/open?id=0B5L-0MoH_v7fcGljUS1SYnlkOHM" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Samsung Gear products, Bluetooth link key is updated to the different key which is same with attacker's link key. It can be attacked without user's intention only if attacker can reveal the Bluetooth address of target device and paired user's smartphone" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://drive.google.com/open?id=0B5L-0MoH_v7fcGljUS1SYnlkOHM", + "refsource": "MISC", + "url": "https://drive.google.com/open?id=0B5L-0MoH_v7fcGljUS1SYnlkOHM" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9012.json b/2017/9xxx/CVE-2017-9012.json index 03c38f5a8b7..c6682ded9c6 100644 --- a/2017/9xxx/CVE-2017-9012.json +++ b/2017/9xxx/CVE-2017-9012.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9012", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9012", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9078.json b/2017/9xxx/CVE-2017-9078.json index cfc88629724..4e71e55383a 100644 --- a/2017/9xxx/CVE-2017-9078.json +++ b/2017/9xxx/CVE-2017-9078.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2017q2/001985.html", - "refsource" : "CONFIRM", - "url" : "http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2017q2/001985.html" - }, - { - "name" : "DSA-3859", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3859" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3859", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3859" + }, + { + "name": "http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2017q2/001985.html", + "refsource": "CONFIRM", + "url": "http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2017q2/001985.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9825.json b/2017/9xxx/CVE-2017-9825.json index 94dd5ddfed2..4f51b49dc85 100644 --- a/2017/9xxx/CVE-2017-9825.json +++ b/2017/9xxx/CVE-2017-9825.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9825", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9825", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0505.json b/2018/0xxx/CVE-2018-0505.json index 8f168906e3a..11594fb0136 100644 --- a/2018/0xxx/CVE-2018-0505.json +++ b/2018/0xxx/CVE-2018-0505.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@debian.org", - "DATE_PUBLIC" : "2018-09-20T21:18:00.000Z", - "ID" : "CVE-2018-0505", - "STATE" : "PUBLIC", - "TITLE" : "BotPasswords can bypass CentralAuth's account lock" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "mediawiki", - "version" : { - "version_data" : [ - { - "version_value" : "before 1.31.1, 1.30.1, 1.29.3 and 1.27.5" - } - ] - } - } - ] - }, - "vendor_name" : "mediawiki" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authentication bypass" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "DATE_PUBLIC": "2018-09-20T21:18:00.000Z", + "ID": "CVE-2018-0505", + "STATE": "PUBLIC", + "TITLE": "BotPasswords can bypass CentralAuth's account lock" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "mediawiki", + "version": { + "version_data": [ + { + "version_value": "before 1.31.1, 1.30.1, 1.29.3 and 1.27.5" + } + ] + } + } + ] + }, + "vendor_name": "mediawiki" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[wikitech-l] 20180920 Security release: 1.27.5 / 1.29.3 / 1.30.1 / 1.31.1", - "refsource" : "MLIST", - "url" : "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html" - }, - { - "name" : "https://phabricator.wikimedia.org/T194605", - "refsource" : "CONFIRM", - "url" : "https://phabricator.wikimedia.org/T194605" - }, - { - "name" : "DSA-4301", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4301" - }, - { - "name" : "1041695", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041695" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[wikitech-l] 20180920 Security release: 1.27.5 / 1.29.3 / 1.30.1 / 1.31.1", + "refsource": "MLIST", + "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html" + }, + { + "name": "https://phabricator.wikimedia.org/T194605", + "refsource": "CONFIRM", + "url": "https://phabricator.wikimedia.org/T194605" + }, + { + "name": "1041695", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041695" + }, + { + "name": "DSA-4301", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4301" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0531.json b/2018/0xxx/CVE-2018-0531.json index 63cb92b1103..1f389ef5e7a 100644 --- a/2018/0xxx/CVE-2018-0531.json +++ b/2018/0xxx/CVE-2018-0531.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cybozu Garoon", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.0 to 4.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Cybozu, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Fails to restrict access" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cybozu Garoon", + "version": { + "version_data": [ + { + "version_value": "3.0.0 to 4.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Cybozu, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.cybozu.com/ja-jp/article/9349", - "refsource" : "CONFIRM", - "url" : "https://support.cybozu.com/ja-jp/article/9349" - }, - { - "name" : "JVN#65268217", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN65268217/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to restrict access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.cybozu.com/ja-jp/article/9349", + "refsource": "CONFIRM", + "url": "https://support.cybozu.com/ja-jp/article/9349" + }, + { + "name": "JVN#65268217", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN65268217/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0597.json b/2018/0xxx/CVE-2018-0597.json index 2f37ae8e1dc..b7ff9903fd0 100644 --- a/2018/0xxx/CVE-2018-0597.json +++ b/2018/0xxx/CVE-2018-0597.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "The installer of Visual Studio Code", - "version" : { - "version_data" : [ - { - "version_value" : "" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "The installer of Visual Studio Code", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/", - "refsource" : "MISC", - "url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" - }, - { - "name" : "JVN#91151862", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN91151862/index.html" - }, - { - "name" : "104563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/", + "refsource": "MISC", + "url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" + }, + { + "name": "JVN#91151862", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN91151862/index.html" + }, + { + "name": "104563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104563" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0793.json b/2018/0xxx/CVE-2018-0793.json index a80bae07efc..8ecb9354017 100644 --- a/2018/0xxx/CVE-2018-0793.json +++ b/2018/0xxx/CVE-2018-0793.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-01-09T00:00:00", - "ID" : "CVE-2018-0793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Outlook", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka \"Microsoft Outlook Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0791." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-01-09T00:00:00", + "ID": "CVE-2018-0793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Outlook", + "version": { + "version_data": [ + { + "version_value": "Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0793", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0793" - }, - { - "name" : "102375", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102375" - }, - { - "name" : "1040154", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka \"Microsoft Outlook Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0791." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040154", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040154" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0793", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0793" + }, + { + "name": "102375", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102375" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18631.json b/2018/18xxx/CVE-2018-18631.json index 41a1c6dfec5..17d51bfcfec 100644 --- a/2018/18xxx/CVE-2018-18631.json +++ b/2018/18xxx/CVE-2018-18631.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18631", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18631", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18707.json b/2018/18xxx/CVE-2018-18707.json index 581dd2ef777..2b29fb06d8e 100644 --- a/2018/18xxx/CVE-2018-18707.json +++ b/2018/18xxx/CVE-2018-18707.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the \"ssid\" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-07/Tenda.md", - "refsource" : "MISC", - "url" : "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-07/Tenda.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the \"ssid\" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-07/Tenda.md", + "refsource": "MISC", + "url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-07/Tenda.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18732.json b/2018/18xxx/CVE-2018-18732.json index ddf9bedbef5..2e87b52aaa0 100644 --- a/2018/18xxx/CVE-2018-18732.json +++ b/2018/18xxx/CVE-2018-18732.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ZIllR0/Routers/blob/master/Tenda/stack2.md", - "refsource" : "MISC", - "url" : "https://github.com/ZIllR0/Routers/blob/master/Tenda/stack2.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ZIllR0/Routers/blob/master/Tenda/stack2.md", + "refsource": "MISC", + "url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/stack2.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19195.json b/2018/19xxx/CVE-2018-19195.json index 780628cc378..c9a4b55d7fc 100644 --- a/2018/19xxx/CVE-2018-19195.json +++ b/2018/19xxx/CVE-2018-19195.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in XiaoCms 20141229. There is XSS related to the template\\default\\show_product.html file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/XiaoCms/blob/master/XSS.md#xss2", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/XiaoCms/blob/master/XSS.md#xss2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in XiaoCms 20141229. There is XSS related to the template\\default\\show_product.html file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/XiaoCms/blob/master/XSS.md#xss2", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/XiaoCms/blob/master/XSS.md#xss2" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19261.json b/2018/19xxx/CVE-2018-19261.json index a68b7777baf..0395c4ce219 100644 --- a/2018/19xxx/CVE-2018-19261.json +++ b/2018/19xxx/CVE-2018-19261.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19261", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-19261", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19295.json b/2018/19xxx/CVE-2018-19295.json index 61668eeb2a2..17864661bfc 100644 --- a/2018/19xxx/CVE-2018-19295.json +++ b/2018/19xxx/CVE-2018-19295.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/sylabs/singularity/releases/tag/2.6.1", - "refsource" : "CONFIRM", - "url" : "https://github.com/sylabs/singularity/releases/tag/2.6.1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/sylabs/singularity/releases/tag/2.6.1", + "refsource": "CONFIRM", + "url": "https://github.com/sylabs/singularity/releases/tag/2.6.1" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1177.json b/2018/1xxx/CVE-2018-1177.json index de86becfa83..d2c53e03548 100644 --- a/2018/1xxx/CVE-2018-1177.json +++ b/2018/1xxx/CVE-2018-1177.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-1177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.0.29935" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the addAnnot method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5488." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416-Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-1177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-315", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-315" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the addAnnot method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5488." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416-Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-315", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-315" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1239.json b/2018/1xxx/CVE-2018-1239.json index bc7dcb76b07..a1610ac237d 100644 --- a/2018/1xxx/CVE-2018-1239.json +++ b/2018/1xxx/CVE-2018-1239.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "DATE_PUBLIC" : "2018-05-03T00:00:00", - "ID" : "CVE-2018-1239", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Unity Operating Environment (OE)", - "version" : { - "version_data" : [ - { - "version_value" : "versions prior to 4.3.0.1522077968" - } - ] - } - } - ] - }, - "vendor_name" : "Dell EMC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS command injection vulnerabilities" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-05-03T00:00:00", + "ID": "CVE-2018-1239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Unity Operating Environment (OE)", + "version": { + "version_data": [ + { + "version_value": "versions prior to 4.3.0.1522077968" + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180503 DSA-2018-063: Dell EMC Unity Family OS Command Injection Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/15" - }, - { - "name" : "104092", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104092" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS command injection vulnerabilities" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180503 DSA-2018-063: Dell EMC Unity Family OS Command Injection Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/15" + }, + { + "name": "104092", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104092" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1296.json b/2018/1xxx/CVE-2018-1296.json index ef6dccd117a..e46f56f9b9d 100644 --- a/2018/1xxx/CVE-2018-1296.json +++ b/2018/1xxx/CVE-2018-1296.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2019-01-24T00:00:00", - "ID" : "CVE-2018-1296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Hadoop", - "version" : { - "version_data" : [ - { - "version_value" : "Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, 2.5.0 to 2.7.5" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2019-01-24T00:00:00", + "ID": "CVE-2018-1296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Hadoop", + "version": { + "version_data": [ + { + "version_value": "Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, 2.5.0 to 2.7.5" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://lists.apache.org/thread.html/a5b15bc76fbdad2ee40761aacf954a13aeef67e305f86d483f267e8e@%3Cuser.hadoop.apache.org%3E", - "refsource" : "MISC", - "url" : "https://lists.apache.org/thread.html/a5b15bc76fbdad2ee40761aacf954a13aeef67e305f86d483f267e8e@%3Cuser.hadoop.apache.org%3E" - }, - { - "name" : "106764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106764" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106764" + }, + { + "name": "https://lists.apache.org/thread.html/a5b15bc76fbdad2ee40761aacf954a13aeef67e305f86d483f267e8e@%3Cuser.hadoop.apache.org%3E", + "refsource": "MISC", + "url": "https://lists.apache.org/thread.html/a5b15bc76fbdad2ee40761aacf954a13aeef67e305f86d483f267e8e@%3Cuser.hadoop.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1447.json b/2018/1xxx/CVE-2018-1447.json index e7905013856..cbd38caace6 100644 --- a/2018/1xxx/CVE-2018-1447.json +++ b/2018/1xxx/CVE-2018-1447.json @@ -1,153 +1,153 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-03-29T00:00:00", - "ID" : "CVE-2018-1447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Spectrum Protect", - "version" : { - "version_data" : [ - { - "version_value" : "7.1" - }, - { - "version_value" : "8.1" - } - ] - } - }, - { - "product_name" : "Spectrum Protect Snapshot", - "version" : { - "version_data" : [ - { - "version_value" : "4.1.3" - }, - { - "version_value" : "4.1.4" - }, - { - "version_value" : "4.1.6" - } - ] - } - }, - { - "product_name" : "Spectrum Protect for Virtual Environments", - "version" : { - "version_data" : [ - { - "version_value" : "7.1" - }, - { - "version_value" : "8.1" - } - ] - } - }, - { - "product_name" : "Spectrum Protect for Space Management", - "version" : { - "version_data" : [ - { - "version_value" : "7.1" - }, - { - "version_value" : "8.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "H", - "AV" : "L", - "C" : "H", - "I" : "N", - "PR" : "N", - "S" : "U", - "SCORE" : "5.100", - "UI" : "N" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-03-29T00:00:00", + "ID": "CVE-2018-1447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spectrum Protect", + "version": { + "version_data": [ + { + "version_value": "7.1" + }, + { + "version_value": "8.1" + } + ] + } + }, + { + "product_name": "Spectrum Protect Snapshot", + "version": { + "version_data": [ + { + "version_value": "4.1.3" + }, + { + "version_value": "4.1.4" + }, + { + "version_value": "4.1.6" + } + ] + } + }, + { + "product_name": "Spectrum Protect for Virtual Environments", + "version": { + "version_data": [ + { + "version_value": "7.1" + }, + { + "version_value": "8.1" + } + ] + } + }, + { + "product_name": "Spectrum Protect for Space Management", + "version": { + "version_data": [ + { + "version_value": "7.1" + }, + { + "version_value": "8.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/139972", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/139972" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22014669", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22014669" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22014957", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22014957" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22015066", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22015066" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22015071", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22015071" - }, - { - "name" : "104511", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104511" - }, - { - "name" : "1041012", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "H", + "AV": "L", + "C": "H", + "I": "N", + "PR": "N", + "S": "U", + "SCORE": "5.100", + "UI": "N" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22015066", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22015066" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22014957", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22014957" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139972", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139972" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22015071", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22015071" + }, + { + "name": "104511", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104511" + }, + { + "name": "1041012", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041012" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22014669", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22014669" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1590.json b/2018/1xxx/CVE-2018-1590.json index 010588fec39..812caa3e87b 100644 --- a/2018/1xxx/CVE-2018-1590.json +++ b/2018/1xxx/CVE-2018-1590.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1590", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1590", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1639.json b/2018/1xxx/CVE-2018-1639.json index a99b63ffa6f..c481163b75c 100644 --- a/2018/1xxx/CVE-2018-1639.json +++ b/2018/1xxx/CVE-2018-1639.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-11-14T00:00:00", - "ID" : "CVE-2018-1639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jazz Reporting Service", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - }, - { - "version_value" : "6.0.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an authenticated user to obtain sensitive information beyond its assigned privileges. IBM X-Force ID: 144579." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "N", - "PR" : "L", - "S" : "U", - "SCORE" : "4.300", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-11-14T00:00:00", + "ID": "CVE-2018-1639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jazz Reporting Service", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + }, + { + "version_value": "6.0.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10731727", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10731727" - }, - { - "name" : "ibm-jazz-cve20181639-info-disc(144579)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an authenticated user to obtain sensitive information beyond its assigned privileges. IBM X-Force ID: 144579." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "N", + "PR": "L", + "S": "U", + "SCORE": "4.300", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10731727", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10731727" + }, + { + "name": "ibm-jazz-cve20181639-info-disc(144579)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144579" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1958.json b/2018/1xxx/CVE-2018-1958.json index 4eff9146030..66631c13149 100644 --- a/2018/1xxx/CVE-2018-1958.json +++ b/2018/1xxx/CVE-2018-1958.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1958", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1958", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file