From 29782714e8d84773430271e71531ada38b646ba4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:32:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/1xxx/CVE-2004-1136.json | 130 ++++++------ 2008/0xxx/CVE-2008-0200.json | 170 ++++++++-------- 2008/0xxx/CVE-2008-0558.json | 130 ++++++------ 2008/0xxx/CVE-2008-0868.json | 150 +++++++------- 2008/3xxx/CVE-2008-3150.json | 150 +++++++------- 2008/3xxx/CVE-2008-3365.json | 190 +++++++++--------- 2008/4xxx/CVE-2008-4335.json | 160 +++++++-------- 2008/4xxx/CVE-2008-4369.json | 150 +++++++------- 2008/4xxx/CVE-2008-4431.json | 150 +++++++------- 2008/4xxx/CVE-2008-4901.json | 150 +++++++------- 2013/2xxx/CVE-2013-2169.json | 34 ++-- 2013/2xxx/CVE-2013-2184.json | 150 +++++++------- 2013/2xxx/CVE-2013-2277.json | 130 ++++++------ 2013/3xxx/CVE-2013-3511.json | 140 ++++++------- 2013/6xxx/CVE-2013-6213.json | 130 ++++++------ 2013/6xxx/CVE-2013-6228.json | 34 ++-- 2013/6xxx/CVE-2013-6310.json | 130 ++++++------ 2013/6xxx/CVE-2013-6375.json | 160 +++++++-------- 2013/7xxx/CVE-2013-7176.json | 150 +++++++------- 2013/7xxx/CVE-2013-7270.json | 310 ++++++++++++++--------------- 2017/10xxx/CVE-2017-10104.json | 152 +++++++------- 2017/14xxx/CVE-2017-14233.json | 34 ++-- 2017/14xxx/CVE-2017-14410.json | 120 +++++------ 2017/14xxx/CVE-2017-14633.json | 150 +++++++------- 2017/14xxx/CVE-2017-14868.json | 140 ++++++------- 2017/14xxx/CVE-2017-14935.json | 120 +++++------ 2017/14xxx/CVE-2017-14973.json | 120 +++++------ 2017/15xxx/CVE-2017-15197.json | 150 +++++++------- 2017/17xxx/CVE-2017-17458.json | 190 +++++++++--------- 2017/17xxx/CVE-2017-17459.json | 140 ++++++------- 2017/9xxx/CVE-2017-9303.json | 130 ++++++------ 2017/9xxx/CVE-2017-9488.json | 120 +++++------ 2018/0xxx/CVE-2018-0205.json | 140 ++++++------- 2018/0xxx/CVE-2018-0676.json | 130 ++++++------ 2018/0xxx/CVE-2018-0804.json | 142 ++++++------- 2018/0xxx/CVE-2018-0864.json | 140 ++++++------- 2018/0xxx/CVE-2018-0979.json | 220 ++++++++++---------- 2018/1000xxx/CVE-2018-1000132.json | 144 +++++++------- 2018/1000xxx/CVE-2018-1000155.json | 126 ++++++------ 2018/1000xxx/CVE-2018-1000413.json | 134 ++++++------- 2018/1000xxx/CVE-2018-1000622.json | 136 ++++++------- 2018/19xxx/CVE-2018-19244.json | 120 +++++------ 2018/19xxx/CVE-2018-19364.json | 160 +++++++-------- 2018/19xxx/CVE-2018-19810.json | 130 ++++++------ 2018/19xxx/CVE-2018-19967.json | 150 +++++++------- 2018/4xxx/CVE-2018-4279.json | 34 ++-- 2018/4xxx/CVE-2018-4975.json | 140 ++++++------- 47 files changed, 3255 insertions(+), 3255 deletions(-) diff --git a/2004/1xxx/CVE-2004-1136.json b/2004/1xxx/CVE-2004-1136.json index 2536c55538a..67ed1fbb1e6 100644 --- a/2004/1xxx/CVE-2004-1136.json +++ b/2004/1xxx/CVE-2004-1136.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in CuteFTP Professional 6.0, and possibly other versions, allows remote FTP servers to cause a denial of service (application crash) via large replies to FTP commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041129 CuteFTP 6.0 Professional Remote Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110182983622642&w=2" - }, - { - "name" : "cuteftp-reply-bo(18309)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18309" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in CuteFTP Professional 6.0, and possibly other versions, allows remote FTP servers to cause a denial of service (application crash) via large replies to FTP commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cuteftp-reply-bo(18309)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18309" + }, + { + "name": "20041129 CuteFTP 6.0 Professional Remote Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110182983622642&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0200.json b/2008/0xxx/CVE-2008-0200.json index caef92ee724..0d88ee68f0e 100644 --- a/2008/0xxx/CVE-2008-0200.json +++ b/2008/0xxx/CVE-2008-0200.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in account/index.html in RotaBanner Local 3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) drop parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080103 securityvulns.com russian vulnerabilities digest", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485786/100/0/threaded" - }, - { - "name" : "20080103 securityvulns.com russian vulnerabilities digest", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html" - }, - { - "name" : "http://securityvulns.ru/Sdocument625.html", - "refsource" : "MISC", - "url" : "http://securityvulns.ru/Sdocument625.html" - }, - { - "name" : "http://websecurity.com.ua/1442/", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/1442/" - }, - { - "name" : "27138", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27138" - }, - { - "name" : "3539", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in account/index.html in RotaBanner Local 3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) drop parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080103 securityvulns.com russian vulnerabilities digest", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html" + }, + { + "name": "http://websecurity.com.ua/1442/", + "refsource": "MISC", + "url": "http://websecurity.com.ua/1442/" + }, + { + "name": "27138", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27138" + }, + { + "name": "20080103 securityvulns.com russian vulnerabilities digest", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded" + }, + { + "name": "3539", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3539" + }, + { + "name": "http://securityvulns.ru/Sdocument625.html", + "refsource": "MISC", + "url": "http://securityvulns.ru/Sdocument625.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0558.json b/2008/0xxx/CVE-2008-0558.json index 91b9900671d..cdb8f39eb79 100644 --- a/2008/0xxx/CVE-2008-0558.json +++ b/2008/0xxx/CVE-2008-0558.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Uniwin eCart Professional before 2.0.16 allows remote attackers to inject arbitrary web script or HTML via the rp parameter to cartView.asp and unspecified other components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "27560", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27560" - }, - { - "name" : "28735", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28735" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Uniwin eCart Professional before 2.0.16 allows remote attackers to inject arbitrary web script or HTML via the rp parameter to cartView.asp and unspecified other components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27560", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27560" + }, + { + "name": "28735", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28735" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0868.json b/2008/0xxx/CVE-2008-0868.json index 3df79a1b32e..b9c3cd4f8e1 100644 --- a/2008/0xxx/CVE-2008-0868.json +++ b/2008/0xxx/CVE-2008-0868.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0868", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA08-188.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/261" - }, - { - "name" : "ADV-2008-0613", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0613" - }, - { - "name" : "1019452", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019452" - }, - { - "name" : "29041", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1019452", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019452" + }, + { + "name": "ADV-2008-0613", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0613" + }, + { + "name": "29041", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29041" + }, + { + "name": "BEA08-188.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/261" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3150.json b/2008/3xxx/CVE-2008-3150.json index 537e81a6e4a..38ce0bfcd29 100644 --- a/2008/3xxx/CVE-2008-3150.json +++ b/2008/3xxx/CVE-2008-3150.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in Neutrino Atomic Edition 0.8.4 allows remote attackers to read and modify files, as demonstrated by manipulating data/sess.php in (1) usb and (2) del_pag actions. NOTE: this can be leveraged for code execution by performing an upload that bypasses the intended access restrictions that were implemented in sess.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6018", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6018" - }, - { - "name" : "30123", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30123" - }, - { - "name" : "30950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30950" - }, - { - "name" : "neutrino-index-code-execution(43616)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43616" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in Neutrino Atomic Edition 0.8.4 allows remote attackers to read and modify files, as demonstrated by manipulating data/sess.php in (1) usb and (2) del_pag actions. NOTE: this can be leveraged for code execution by performing an upload that bypasses the intended access restrictions that were implemented in sess.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "neutrino-index-code-execution(43616)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43616" + }, + { + "name": "30950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30950" + }, + { + "name": "30123", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30123" + }, + { + "name": "6018", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6018" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3365.json b/2008/3xxx/CVE-2008-3365.json index 95b006ba4f3..f4be9137c6b 100644 --- a/2008/3xxx/CVE-2008-3365.json +++ b/2008/3xxx/CVE-2008-3365.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3365", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3365", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080728 [DSECRG-08-033] Local File Include Vulnerability in Pixelpost 1.7.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494817/100/0/threaded" - }, - { - "name" : "6150", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6150" - }, - { - "name" : "http://www.pixelpost.org/blog/2008/07/27/pixelpost-171-security-patch", - "refsource" : "CONFIRM", - "url" : "http://www.pixelpost.org/blog/2008/07/27/pixelpost-171-security-patch" - }, - { - "name" : "30397", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30397" - }, - { - "name" : "ADV-2008-2207", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2207/references" - }, - { - "name" : "31239", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31239" - }, - { - "name" : "4062", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4062" - }, - { - "name" : "pixelpost-languagefull-file-include(44031)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31239", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31239" + }, + { + "name": "20080728 [DSECRG-08-033] Local File Include Vulnerability in Pixelpost 1.7.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494817/100/0/threaded" + }, + { + "name": "pixelpost-languagefull-file-include(44031)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44031" + }, + { + "name": "4062", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4062" + }, + { + "name": "6150", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6150" + }, + { + "name": "http://www.pixelpost.org/blog/2008/07/27/pixelpost-171-security-patch", + "refsource": "CONFIRM", + "url": "http://www.pixelpost.org/blog/2008/07/27/pixelpost-171-security-patch" + }, + { + "name": "ADV-2008-2207", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2207/references" + }, + { + "name": "30397", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30397" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4335.json b/2008/4xxx/CVE-2008-4335.json index a367cb70d79..172c7601e77 100644 --- a/2008/4xxx/CVE-2008-4335.json +++ b/2008/4xxx/CVE-2008-4335.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to execute arbitrary SQL commands via the apa_album_ID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6572", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6572" - }, - { - "name" : "6574", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6574" - }, - { - "name" : "31409", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31409" - }, - { - "name" : "ADV-2008-2691", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2691" - }, - { - "name" : "atomicphotoalbum-album-sql-injection(45433)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to execute arbitrary SQL commands via the apa_album_ID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31409", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31409" + }, + { + "name": "ADV-2008-2691", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2691" + }, + { + "name": "6572", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6572" + }, + { + "name": "atomicphotoalbum-album-sql-injection(45433)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45433" + }, + { + "name": "6574", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6574" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4369.json b/2008/4xxx/CVE-2008-4369.json index a4ceed74d9e..f3209bf26a3 100644 --- a/2008/4xxx/CVE-2008-4369.json +++ b/2008/4xxx/CVE-2008-4369.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in pics.php in Availscript Photo Album allows remote attackers to execute arbitrary SQL commands via the sid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6411", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6411" - }, - { - "name" : "31085", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31085" - }, - { - "name" : "4330", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4330" - }, - { - "name" : "photoalbum-pics-sql-injection(45017)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in pics.php in Availscript Photo Album allows remote attackers to execute arbitrary SQL commands via the sid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31085", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31085" + }, + { + "name": "4330", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4330" + }, + { + "name": "6411", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6411" + }, + { + "name": "photoalbum-pics-sql-injection(45017)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45017" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4431.json b/2008/4xxx/CVE-2008-4431.json index 4a1bdbfe0d1..50bffb6eb92 100644 --- a/2008/4xxx/CVE-2008-4431.json +++ b/2008/4xxx/CVE-2008-4431.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in IceBB 1.0-rc9.3 and earlier allows remote attackers to execute arbitrary SQL commands via the skin parameter, probably related to an incorrect protection mechanism in the clean_string function in includes/functions.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forums.xaos-ia.com/?topic=765", - "refsource" : "CONFIRM", - "url" : "http://forums.xaos-ia.com/?topic=765" - }, - { - "name" : "30656", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30656" - }, - { - "name" : "31439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31439" - }, - { - "name" : "icebb-skin-sql-injection(44403)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in IceBB 1.0-rc9.3 and earlier allows remote attackers to execute arbitrary SQL commands via the skin parameter, probably related to an incorrect protection mechanism in the clean_string function in includes/functions.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31439" + }, + { + "name": "icebb-skin-sql-injection(44403)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44403" + }, + { + "name": "http://forums.xaos-ia.com/?topic=765", + "refsource": "CONFIRM", + "url": "http://forums.xaos-ia.com/?topic=765" + }, + { + "name": "30656", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30656" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4901.json b/2008/4xxx/CVE-2008-4901.json index 48bad3c25ab..c8107d5e279 100644 --- a/2008/4xxx/CVE-2008-4901.json +++ b/2008/4xxx/CVE-2008-4901.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin/admin.php in Article Publisher Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6912", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6912" - }, - { - "name" : "32030", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32030" - }, - { - "name" : "32519", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32519" - }, - { - "name" : "articlepublisherpro-admin-sql-injection(46373)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin/admin.php in Article Publisher Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32030", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32030" + }, + { + "name": "6912", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6912" + }, + { + "name": "articlepublisherpro-admin-sql-injection(46373)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46373" + }, + { + "name": "32519", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32519" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2169.json b/2013/2xxx/CVE-2013-2169.json index 99c6788a307..bfe60ef5c06 100644 --- a/2013/2xxx/CVE-2013-2169.json +++ b/2013/2xxx/CVE-2013-2169.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2169", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-2169", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2184.json b/2013/2xxx/CVE-2013-2184.json index af2f6749fbb..5c392196902 100644 --- a/2013/2xxx/CVE-2013-2184.json +++ b/2013/2xxx/CVE-2013-2184.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130613 CVE request: MovableType before 5.2.6", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q2/560" - }, - { - "name" : "[oss-security] 20130614 Re: CVE request: MovableType before 5.2.6", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q2/568" - }, - { - "name" : "https://movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html", - "refsource" : "MISC", - "url" : "https://movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html" - }, - { - "name" : "DSA-3183", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130614 Re: CVE request: MovableType before 5.2.6", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q2/568" + }, + { + "name": "https://movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html", + "refsource": "MISC", + "url": "https://movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html" + }, + { + "name": "[oss-security] 20130613 CVE request: MovableType before 5.2.6", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q2/560" + }, + { + "name": "DSA-3183", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3183" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2277.json b/2013/2xxx/CVE-2013-2277.json index 1cac3004520..8bb21c86264 100644 --- a/2013/2xxx/CVE-2013-2277.json +++ b/2013/2xxx/CVE-2013-2277.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted H.264 data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=bdeb61ccc67911cfc5e20c7cfb1312d0501ca90a", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=bdeb61ccc67911cfc5e20c7cfb1312d0501ca90a" - }, - { - "name" : "USN-1790-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1790-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted H.264 data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=bdeb61ccc67911cfc5e20c7cfb1312d0501ca90a", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=bdeb61ccc67911cfc5e20c7cfb1312d0501ca90a" + }, + { + "name": "USN-1790-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1790-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3511.json b/2013/3xxx/CVE-2013-3511.json index 4e2c22eba8b..13cdae13a67 100644 --- a/2013/3xxx/CVE-2013-3511.json +++ b/2013/3xxx/CVE-2013-3511.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls", - "refsource" : "MISC", - "url" : "https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-1_GroundWork_Monitoring_Multiple_high_risk_vulnerabilities_part2_wo_poc_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-1_GroundWork_Monitoring_Multiple_high_risk_vulnerabilities_part2_wo_poc_v10.txt" - }, - { - "name" : "VU#345260", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/345260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls", + "refsource": "MISC", + "url": "https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-1_GroundWork_Monitoring_Multiple_high_risk_vulnerabilities_part2_wo_poc_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-1_GroundWork_Monitoring_Multiple_high_risk_vulnerabilities_part2_wo_poc_v10.txt" + }, + { + "name": "VU#345260", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/345260" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6213.json b/2013/6xxx/CVE-2013-6213.json index 3d414ccbbfe..99c29abb00f 100644 --- a/2013/6xxx/CVE-2013-6213.json +++ b/2013/6xxx/CVE-2013-6213.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-6213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02935", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437" - }, - { - "name" : "SSRT101357", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101357", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437" + }, + { + "name": "HPSBMU02935", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6228.json b/2013/6xxx/CVE-2013-6228.json index 55dbebce103..633ddfaec8a 100644 --- a/2013/6xxx/CVE-2013-6228.json +++ b/2013/6xxx/CVE-2013-6228.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6228", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6228", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6310.json b/2013/6xxx/CVE-2013-6310.json index 4f005122751..cbb0a4541a2 100644 --- a/2013/6xxx/CVE-2013-6310.json +++ b/2013/6xxx/CVE-2013-6310.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-6310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676688", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676688" - }, - { - "name" : "ibm-marketing-cve20136310-xss(88560)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88560" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676688", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676688" + }, + { + "name": "ibm-marketing-cve20136310-xss(88560)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88560" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6375.json b/2013/6xxx/CVE-2013-6375.json index 3e4b40ab5c3..fabeeca6ff4 100644 --- a/2013/6xxx/CVE-2013-6375.json +++ b/2013/6xxx/CVE-2013-6375.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an \"inverted boolean parameter.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131120 Xen Security Advisory 78 - Insufficient TLB flushing in VT-d (iommu) code", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/11/20/3" - }, - { - "name" : "[oss-security] 20131121 Re: Xen Security Advisory 78 - Insufficient TLB flushing in VT-d (iommu) code", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/11/21/1" - }, - { - "name" : "GLSA-201407-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201407-03.xml" - }, - { - "name" : "openSUSE-SU-2013:1876", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00059.html" - }, - { - "name" : "1029369", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029369" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an \"inverted boolean parameter.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201407-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201407-03.xml" + }, + { + "name": "[oss-security] 20131121 Re: Xen Security Advisory 78 - Insufficient TLB flushing in VT-d (iommu) code", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/11/21/1" + }, + { + "name": "1029369", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029369" + }, + { + "name": "openSUSE-SU-2013:1876", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00059.html" + }, + { + "name": "[oss-security] 20131120 Xen Security Advisory 78 - Insufficient TLB flushing in VT-d (iommu) code", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/11/20/3" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7176.json b/2013/7xxx/CVE-2013-7176.json index ded016e629d..0dd27fbecc2 100644 --- a/2013/7xxx/CVE-2013-7176.json +++ b/2013/7xxx/CVE-2013-7176.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-7176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/fail2ban/fail2ban/commit/eb2f0c927257120dfc32d2450fd63f1962f38821", - "refsource" : "CONFIRM", - "url" : "https://github.com/fail2ban/fail2ban/commit/eb2f0c927257120dfc32d2450fd63f1962f38821" - }, - { - "name" : "DSA-2979", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2979" - }, - { - "name" : "openSUSE-SU-2014:0348", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html" - }, - { - "name" : "VU#686662", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/686662" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#686662", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/686662" + }, + { + "name": "openSUSE-SU-2014:0348", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html" + }, + { + "name": "DSA-2979", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2979" + }, + { + "name": "https://github.com/fail2ban/fail2ban/commit/eb2f0c927257120dfc32d2450fd63f1962f38821", + "refsource": "CONFIRM", + "url": "https://github.com/fail2ban/fail2ban/commit/eb2f0c927257120dfc32d2450fd63f1962f38821" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7270.json b/2013/7xxx/CVE-2013-7270.json index 0dc1e8badc0..af7ffae5cda 100644 --- a/2013/7xxx/CVE-2013-7270.json +++ b/2013/7xxx/CVE-2013-7270.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131231 Re: CVE request: Linux kernel: net: memory leak in recvmsg handlermsg_name & msg_namelen logic", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/12/31/7" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3d3342602f8bcbf37d7c46641cb9bca7618eb1c", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3d3342602f8bcbf37d7c46641cb9bca7618eb1c" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1039845", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1039845" - }, - { - "name" : "https://github.com/torvalds/linux/commit/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c" - }, - { - "name" : "USN-2113-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2113-1" - }, - { - "name" : "USN-2117-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2117-1" - }, - { - "name" : "USN-2109-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2109-1" - }, - { - "name" : "USN-2110-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2110-1" - }, - { - "name" : "USN-2128-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2128-1" - }, - { - "name" : "USN-2129-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2129-1" - }, - { - "name" : "USN-2135-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2135-1" - }, - { - "name" : "USN-2136-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2136-1" - }, - { - "name" : "USN-2138-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2138-1" - }, - { - "name" : "USN-2139-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2139-1" - }, - { - "name" : "USN-2141-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2141-1" - }, - { - "name" : "64744", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64744" - }, - { - "name" : "55882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55882" - }, - { - "name" : "56036", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56036" - }, - { - "name" : "linux-kernel-cve20137270-info-disc(90131)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2135-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2135-1" + }, + { + "name": "USN-2138-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2138-1" + }, + { + "name": "USN-2113-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2113-1" + }, + { + "name": "USN-2141-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2141-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1039845", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039845" + }, + { + "name": "USN-2110-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2110-1" + }, + { + "name": "USN-2129-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2129-1" + }, + { + "name": "USN-2136-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2136-1" + }, + { + "name": "USN-2128-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2128-1" + }, + { + "name": "linux-kernel-cve20137270-info-disc(90131)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90131" + }, + { + "name": "USN-2139-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2139-1" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4" + }, + { + "name": "USN-2117-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2117-1" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3d3342602f8bcbf37d7c46641cb9bca7618eb1c", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3d3342602f8bcbf37d7c46641cb9bca7618eb1c" + }, + { + "name": "56036", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56036" + }, + { + "name": "USN-2109-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2109-1" + }, + { + "name": "[oss-security] 20131231 Re: CVE request: Linux kernel: net: memory leak in recvmsg handlermsg_name & msg_namelen logic", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/12/31/7" + }, + { + "name": "https://github.com/torvalds/linux/commit/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c" + }, + { + "name": "64744", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64744" + }, + { + "name": "55882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55882" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10104.json b/2017/10xxx/CVE-2017-10104.json index 8683baf0b79..21753a2fc24 100644 --- a/2017/10xxx/CVE-2017-10104.json +++ b/2017/10xxx/CVE-2017-10104.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java Advanced Management Console: 2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Java Advanced Management Console. While the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java Advanced Management Console. CVSS 3.0 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Java Advanced Management Console. While the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java Advanced Management Console." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java Advanced Management Console: 2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20170720-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20170720-0001/" - }, - { - "name" : "99797", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99797" - }, - { - "name" : "1038931", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038931" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Java Advanced Management Console. While the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java Advanced Management Console. CVSS 3.0 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Java Advanced Management Console. While the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java Advanced Management Console." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99797", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99797" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" + }, + { + "name": "1038931", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038931" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14233.json b/2017/14xxx/CVE-2017-14233.json index 3ac029fc16a..40c237896b6 100644 --- a/2017/14xxx/CVE-2017-14233.json +++ b/2017/14xxx/CVE-2017-14233.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14233", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14233", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14410.json b/2017/14xxx/CVE-2017-14410.json index be43040ea0c..36f5b464eca 100644 --- a/2017/14xxx/CVE-2017-14410.json +++ b/2017/14xxx/CVE-2017-14410.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A buffer over-read was discovered in III_i_stereo in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/09/08/mp3gain-global-buffer-overflow-in-iii_i_stereo-mpglibdbllayer3-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/09/08/mp3gain-global-buffer-overflow-in-iii_i_stereo-mpglibdbllayer3-c/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A buffer over-read was discovered in III_i_stereo in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/09/08/mp3gain-global-buffer-overflow-in-iii_i_stereo-mpglibdbllayer3-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/09/08/mp3gain-global-buffer-overflow-in-iii_i_stereo-mpglibdbllayer3-c/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14633.json b/2017/14xxx/CVE-2017-14633.json index cd8c23abea6..da5d64468e3 100644 --- a/2017/14xxx/CVE-2017-14633.json +++ b/2017/14xxx/CVE-2017-14633.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180430 [SECURITY] [DLA 1368-1] libvorbis security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html" - }, - { - "name" : "https://gitlab.xiph.org/xiph/vorbis/issues/2329", - "refsource" : "MISC", - "url" : "https://gitlab.xiph.org/xiph/vorbis/issues/2329" - }, - { - "name" : "DSA-4113", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4113" - }, - { - "name" : "USN-3569-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3569-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3569-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3569-1/" + }, + { + "name": "DSA-4113", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4113" + }, + { + "name": "https://gitlab.xiph.org/xiph/vorbis/issues/2329", + "refsource": "MISC", + "url": "https://gitlab.xiph.org/xiph/vorbis/issues/2329" + }, + { + "name": "[debian-lts-announce] 20180430 [SECURITY] [DLA 1368-1] libvorbis security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14868.json b/2017/14xxx/CVE-2017-14868.json index bedd876c6bf..d1b3e3d1c87 100644 --- a/2017/14xxx/CVE-2017-14868.json +++ b/2017/14xxx/CVE-2017-14868.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14868", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/restlet/restlet-framework-java/issues/1286", - "refsource" : "MISC", - "url" : "https://github.com/restlet/restlet-framework-java/issues/1286" - }, - { - "name" : "https://github.com/restlet/restlet-framework-java/wiki/XEE-security-enhancements", - "refsource" : "MISC", - "url" : "https://github.com/restlet/restlet-framework-java/wiki/XEE-security-enhancements" - }, - { - "name" : "https://lgtm.com/blog/restlet_CVE-2017-14868", - "refsource" : "MISC", - "url" : "https://lgtm.com/blog/restlet_CVE-2017-14868" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/restlet/restlet-framework-java/wiki/XEE-security-enhancements", + "refsource": "MISC", + "url": "https://github.com/restlet/restlet-framework-java/wiki/XEE-security-enhancements" + }, + { + "name": "https://lgtm.com/blog/restlet_CVE-2017-14868", + "refsource": "MISC", + "url": "https://lgtm.com/blog/restlet_CVE-2017-14868" + }, + { + "name": "https://github.com/restlet/restlet-framework-java/issues/1286", + "refsource": "MISC", + "url": "https://github.com/restlet/restlet-framework-java/issues/1286" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14935.json b/2017/14xxx/CVE-2017-14935.json index 2434e1805ab..414d96aa41c 100644 --- a/2017/14xxx/CVE-2017-14935.json +++ b/2017/14xxx/CVE-2017-14935.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40971", - "refsource" : "CONFIRM", - "url" : "http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40971" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40971", + "refsource": "CONFIRM", + "url": "http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40971" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14973.json b/2017/14xxx/CVE-2017-14973.json index 6419a320557..2ea4df69be1 100644 --- a/2017/14xxx/CVE-2017-14973.json +++ b/2017/14xxx/CVE-2017-14973.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user page)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/IDenticard%20Two-Reader%20Controller%20%3C%201.18.8%20-%20CVE-2017-14973", - "refsource" : "MISC", - "url" : "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/IDenticard%20Two-Reader%20Controller%20%3C%201.18.8%20-%20CVE-2017-14973" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user page)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/IDenticard%20Two-Reader%20Controller%20%3C%201.18.8%20-%20CVE-2017-14973", + "refsource": "MISC", + "url": "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/IDenticard%20Two-Reader%20Controller%20%3C%201.18.8%20-%20CVE-2017-14973" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15197.json b/2017/15xxx/CVE-2017-15197.json index a4f9aaa428d..67e309faf1a 100644 --- a/2017/15xxx/CVE-2017-15197.json +++ b/2017/15xxx/CVE-2017-15197.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2017/10/04/9", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2017/10/04/9" - }, - { - "name" : "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0", - "refsource" : "MISC", - "url" : "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0" - }, - { - "name" : "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524", - "refsource" : "MISC", - "url" : "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524" - }, - { - "name" : "https://kanboard.net/news/version-1.0.47", - "refsource" : "MISC", - "url" : "https://kanboard.net/news/version-1.0.47" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0", + "refsource": "MISC", + "url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/10/04/9", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2017/10/04/9" + }, + { + "name": "https://kanboard.net/news/version-1.0.47", + "refsource": "MISC", + "url": "https://kanboard.net/news/version-1.0.47" + }, + { + "name": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524", + "refsource": "MISC", + "url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17458.json b/2017/17xxx/CVE-2017-17458.json index ea25652e8a0..e1226f20a34 100644 --- a/2017/17xxx/CVE-2017-17458.json +++ b/2017/17xxx/CVE-2017-17458.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171228 [SECURITY] [DLA 1224-1] mercurial security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00027.html" - }, - { - "name" : "[debian-lts-announce] 20180705 [SECURITY] [DLA 1414-1] mercurial security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html" - }, - { - "name" : "[debian-lts-announce] 20180727 [SECURITY] [DLA 1414-2] mercurial regression update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00041.html" - }, - { - "name" : "https://bz.mercurial-scm.org/show_bug.cgi?id=5730", - "refsource" : "MISC", - "url" : "https://bz.mercurial-scm.org/show_bug.cgi?id=5730" - }, - { - "name" : "https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-November/107333.html", - "refsource" : "MISC", - "url" : "https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-November/107333.html" - }, - { - "name" : "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.4.1_.282017-11-07.29", - "refsource" : "MISC", - "url" : "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.4.1_.282017-11-07.29" - }, - { - "name" : "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html", - "refsource" : "CONFIRM", - "url" : "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html" - }, - { - "name" : "102926", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102926" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20171228 [SECURITY] [DLA 1224-1] mercurial security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00027.html" + }, + { + "name": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.4.1_.282017-11-07.29", + "refsource": "MISC", + "url": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.4.1_.282017-11-07.29" + }, + { + "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1414-2] mercurial regression update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00041.html" + }, + { + "name": "[debian-lts-announce] 20180705 [SECURITY] [DLA 1414-1] mercurial security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html" + }, + { + "name": "https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-November/107333.html", + "refsource": "MISC", + "url": "https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-November/107333.html" + }, + { + "name": "102926", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102926" + }, + { + "name": "https://bz.mercurial-scm.org/show_bug.cgi?id=5730", + "refsource": "MISC", + "url": "https://bz.mercurial-scm.org/show_bug.cgi?id=5730" + }, + { + "name": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html", + "refsource": "CONFIRM", + "url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17459.json b/2017/17xxx/CVE-2017-17459.json index adf722086ee..c158ae7465c 100644 --- a/2017/17xxx/CVE-2017-17459.json +++ b/2017/17xxx/CVE-2017-17459.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.opensuse.org/show_bug.cgi?id=1071709", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.opensuse.org/show_bug.cgi?id=1071709" - }, - { - "name" : "https://www.fossil-scm.org/xfer/doc/trunk/www/changes.wiki#v2_4", - "refsource" : "CONFIRM", - "url" : "https://www.fossil-scm.org/xfer/doc/trunk/www/changes.wiki#v2_4" - }, - { - "name" : "https://www.fossil-scm.org/xfer/info/1f63db591c77108c", - "refsource" : "CONFIRM", - "url" : "https://www.fossil-scm.org/xfer/info/1f63db591c77108c" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.fossil-scm.org/xfer/info/1f63db591c77108c", + "refsource": "CONFIRM", + "url": "https://www.fossil-scm.org/xfer/info/1f63db591c77108c" + }, + { + "name": "https://www.fossil-scm.org/xfer/doc/trunk/www/changes.wiki#v2_4", + "refsource": "CONFIRM", + "url": "https://www.fossil-scm.org/xfer/doc/trunk/www/changes.wiki#v2_4" + }, + { + "name": "https://bugzilla.opensuse.org/show_bug.cgi?id=1071709", + "refsource": "CONFIRM", + "url": "https://bugzilla.opensuse.org/show_bug.cgi?id=1071709" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9303.json b/2017/9xxx/CVE-2017-9303.json index 2bf1b13eb1e..09581f13019 100644 --- a/2017/9xxx/CVE-2017-9303.json +++ b/2017/9xxx/CVE-2017-9303.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://laravel-news.com/laravel-5-4-22-is-now-released-and-includes-a-security-fix", - "refsource" : "CONFIRM", - "url" : "https://laravel-news.com/laravel-5-4-22-is-now-released-and-includes-a-security-fix" - }, - { - "name" : "98776", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98776" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://laravel-news.com/laravel-5-4-22-is-now-released-and-includes-a-security-fix", + "refsource": "CONFIRM", + "url": "https://laravel-news.com/laravel-5-4-22-is-now-released-and-includes-a-security-fix" + }, + { + "name": "98776", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98776" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9488.json b/2017/9xxx/CVE-2017-9488.json index 1a64f747b45..768e69b2384 100644 --- a/2017/9xxx/CVE-2017-9488.json +++ b/2017/9xxx/CVE-2017-9488.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to access the web UI by establishing a session to the wan0 WAN IPv6 address and then entering unspecified hardcoded credentials. This wan0 interface cannot be accessed from the public Internet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-31.stb-remote-webui.txt", - "refsource" : "MISC", - "url" : "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-31.stb-remote-webui.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to access the web UI by establishing a session to the wan0 WAN IPv6 address and then entering unspecified hardcoded credentials. This wan0 interface cannot be accessed from the public Internet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-31.stb-remote-webui.txt", + "refsource": "MISC", + "url": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-31.stb-remote-webui.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0205.json b/2018/0xxx/CVE-2018-0205.json index fceaf66c4bb..3c9218c1dcf 100644 --- a/2018/0xxx/CVE-2018-0205.json +++ b/2018/0xxx/CVE-2018-0205.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Prime Collaboration Provisioning Tool", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Prime Collaboration Provisioning Tool" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the User Provisioning tab in the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by placing a malicious string in the Prime Collaboration Provisioning database. A successful exploit could allow the attacker to access Cisco Prime Collaboration Provisioning by injecting crafted data into the database. Cisco Bug IDs: CSCvd86609." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Prime Collaboration Provisioning Tool", + "version": { + "version_data": [ + { + "version_value": "Cisco Prime Collaboration Provisioning Tool" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-pcpt1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-pcpt1" - }, - { - "name" : "103145", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103145" - }, - { - "name" : "1040409", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040409" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the User Provisioning tab in the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by placing a malicious string in the Prime Collaboration Provisioning database. A successful exploit could allow the attacker to access Cisco Prime Collaboration Provisioning by injecting crafted data into the database. Cisco Bug IDs: CSCvd86609." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103145", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103145" + }, + { + "name": "1040409", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040409" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-pcpt1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-pcpt1" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0676.json b/2018/0xxx/CVE-2018-0676.json index a9119de6672..1d421e09bca 100644 --- a/2018/0xxx/CVE-2018-0676.json +++ b/2018/0xxx/CVE-2018-0676.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BN-SDWBP3", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.0.9 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Panasonic Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypass authentication to access to the management screen and execute an arbitrary command via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authentication bypass" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BN-SDWBP3", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.0.9 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Panasonic Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://p3.support.panasonic.com/faq/show/5017?&site_domain=p3", - "refsource" : "MISC", - "url" : "https://p3.support.panasonic.com/faq/show/5017?&site_domain=p3" - }, - { - "name" : "JVN#65082538", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN65082538/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypass authentication to access to the management screen and execute an arbitrary command via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#65082538", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN65082538/index.html" + }, + { + "name": "https://p3.support.panasonic.com/faq/show/5017?&site_domain=p3", + "refsource": "MISC", + "url": "https://p3.support.panasonic.com/faq/show/5017?&site_domain=p3" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0804.json b/2018/0xxx/CVE-2018-0804.json index 6e004e7fd83..883e1f3afe7 100644 --- a/2018/0xxx/CVE-2018-0804.json +++ b/2018/0xxx/CVE-2018-0804.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-01-09T00:00:00", - "ID" : "CVE-2018-0804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Equation Editor", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-01-09T00:00:00", + "ID": "CVE-2018-0804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Equation Editor", + "version": { + "version_data": [ + { + "version_value": "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0804", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0804" - }, - { - "name" : "102457", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102457" - }, - { - "name" : "1040153", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040153" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102457", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102457" + }, + { + "name": "1040153", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040153" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0804", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0804" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0864.json b/2018/0xxx/CVE-2018-0864.json index 044661d3fe3..24729e76e30 100644 --- a/2018/0xxx/CVE-2018-0864.json +++ b/2018/0xxx/CVE-2018-0864.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2018-0864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 allow an information disclosure vulnerability due to how web requests are handled, aka \"Microsoft SharePoint Information Disclosure Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-0864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0864", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0864" - }, - { - "name" : "102962", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102962" - }, - { - "name" : "1040376", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040376" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 allow an information disclosure vulnerability due to how web requests are handled, aka \"Microsoft SharePoint Information Disclosure Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0864", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0864" + }, + { + "name": "102962", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102962" + }, + { + "name": "1040376", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040376" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0979.json b/2018/0xxx/CVE-2018-0979.json index 2ac31a85240..73710343776 100644 --- a/2018/0xxx/CVE-2018-0979.json +++ b/2018/0xxx/CVE-2018-0979.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-0979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1511 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1511 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-0979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1511 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1511 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0979", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0979" - }, - { - "name" : "103625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103625" - }, - { - "name" : "1040650", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040650" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103625" + }, + { + "name": "1040650", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040650" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0979", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0979" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000132.json b/2018/1000xxx/CVE-2018-1000132.json index bc31f533946..6cbb7a77f72 100644 --- a/2018/1000xxx/CVE-2018-1000132.json +++ b/2018/1000xxx/CVE-2018-1000132.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2/23/2018 11:20:58", - "ID" : "CVE-2018-1000132", - "REQUESTER" : "gregory.szorc@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mercurial", - "version" : { - "version_data" : [ - { - "version_value" : "4.5 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Mercurial" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control (CWE-285)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2/23/2018 11:20:58", + "ID": "CVE-2018-1000132", + "REQUESTER": "gregory.szorc@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180330 [SECURITY] [DLA 1331-1] mercurial security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00034.html" - }, - { - "name" : "[debian-lts-announce] 20180705 [SECURITY] [DLA 1414-1] mercurial security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html" - }, - { - "name" : "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29", - "refsource" : "CONFIRM", - "url" : "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180330 [SECURITY] [DLA 1331-1] mercurial security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00034.html" + }, + { + "name": "[debian-lts-announce] 20180705 [SECURITY] [DLA 1414-1] mercurial security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html" + }, + { + "name": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29", + "refsource": "CONFIRM", + "url": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000155.json b/2018/1000xxx/CVE-2018-1000155.json index 935fc0149f4..40499b8fc11 100644 --- a/2018/1000xxx/CVE-2018-1000155.json +++ b/2018/1000xxx/CVE-2018-1000155.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-05-18T21:46:02.318830", - "DATE_REQUESTED" : "2018-04-03T08:28:21", - "ID" : "CVE-2018-1000155", - "REQUESTER" : "kash@sect.tu-berlin.de", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OpenFlow", - "version" : { - "version_data" : [ - { - "version_value" : "1.0 onwards" - } - ] - } - } - ] - }, - "vendor_name" : "OpenFlow" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network Instability. This attack appear to be exploitable via Network connectivity: the attacker must first establish a transport connection with the OpenFlow controller and then initiate the OpenFlow handshake." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service and Improper authorization" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-05-18T21:46:02.318830", + "DATE_REQUESTED": "2018-04-03T08:28:21", + "ID": "CVE-2018-1000155", + "REQUESTER": "kash@sect.tu-berlin.de", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://users.sec.t-labs.tu-berlin.de/~hashkash/openflow/BrianOnosSecurityRequest.pdf", - "refsource" : "MISC", - "url" : "http://users.sec.t-labs.tu-berlin.de/~hashkash/openflow/BrianOnosSecurityRequest.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network Instability. This attack appear to be exploitable via Network connectivity: the attacker must first establish a transport connection with the OpenFlow controller and then initiate the OpenFlow handshake." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://users.sec.t-labs.tu-berlin.de/~hashkash/openflow/BrianOnosSecurityRequest.pdf", + "refsource": "MISC", + "url": "http://users.sec.t-labs.tu-berlin.de/~hashkash/openflow/BrianOnosSecurityRequest.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000413.json b/2018/1000xxx/CVE-2018-1000413.json index a78808b0f04..92a42ccd89a 100644 --- a/2018/1000xxx/CVE-2018-1000413.json +++ b/2018/1000xxx/CVE-2018-1000413.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-12-28T04:34:37.680270", - "ID" : "CVE-2018-1000413", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Config File Provider Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "3.1 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-12-28T04:34:37.680270", + "ID": "CVE-2018-1000413", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1080", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1080" - }, - { - "name" : "106532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106532" + }, + { + "name": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1080", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1080" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000622.json b/2018/1000xxx/CVE-2018-1000622.json index fcf6c1afae5..25f2fc50bb3 100644 --- a/2018/1000xxx/CVE-2018-1000622.json +++ b/2018/1000xxx/CVE-2018-1000622.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-07-08T15:52:41.203289", - "DATE_REQUESTED" : "2018-07-06T20:31:25", - "ID" : "CVE-2018-1000622", - "REQUESTER" : "steve@steveklabnik.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "rustdoc", - "version" : { - "version_data" : [ - { - "version_value" : "Between 0.8 and 1.27.0" - } - ] - } - } - ] - }, - "vendor_name" : "The Rust Programming Language" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the --plugin-path flag. This vulnerability appears to have been fixed in 1.27.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-427: Uncontrolled Search Path Element" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-07-08T15:52:41.203289", + "DATE_REQUESTED": "2018-07-06T20:31:25", + "ID": "CVE-2018-1000622", + "REQUESTER": "steve@steveklabnik.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://groups.google.com/forum/#!topic/rustlang-security-announcements/4ybxYLTtXuM", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!topic/rustlang-security-announcements/4ybxYLTtXuM" - }, - { - "name" : "GLSA-201812-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201812-11" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the --plugin-path flag. This vulnerability appears to have been fixed in 1.27.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201812-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201812-11" + }, + { + "name": "https://groups.google.com/forum/#!topic/rustlang-security-announcements/4ybxYLTtXuM", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!topic/rustlang-security-announcements/4ybxYLTtXuM" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19244.json b/2018/19xxx/CVE-2018-19244.json index c1aca99abcb..02451029344 100644 --- a/2018/19xxx/CVE-2018-19244.json +++ b/2018/19xxx/CVE-2018-19244.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 import/export setup option. If a user imports a \"Charles Settings.xml\" file from an attacker, an intranet network may be accessed and information may be leaked." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://whitehatck01.blogspot.com/2018/11/charles-427-xml-external-entity.html", - "refsource" : "MISC", - "url" : "https://whitehatck01.blogspot.com/2018/11/charles-427-xml-external-entity.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 import/export setup option. If a user imports a \"Charles Settings.xml\" file from an attacker, an intranet network may be accessed and information may be leaked." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://whitehatck01.blogspot.com/2018/11/charles-427-xml-external-entity.html", + "refsource": "MISC", + "url": "https://whitehatck01.blogspot.com/2018/11/charles-427-xml-external-entity.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19364.json b/2018/19xxx/CVE-2018-19364.json index dc8b4e3ccad..1408b97e916 100644 --- a/2018/19xxx/CVE-2018-19364.json +++ b/2018/19xxx/CVE-2018-19364.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20181120 CVE-2018-19364 Qemu: 9pfs: Use-after-free due to race condition while updating fid path", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2018/11/20/1" - }, - { - "name" : "[qemu-devel] 20181107 [PATCH] 9p: write lock path in v9fs_co_open2()", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg01139.html" - }, - { - "name" : "[qemu-devel] 20181115 [PATCH] 9p: take write lock on fid path updates", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg02795.html" - }, - { - "name" : "[debian-lts-announce] 20190129 [SECURITY] [DLA 1646-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00023.html" - }, - { - "name" : "USN-3826-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3826-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20190129 [SECURITY] [DLA 1646-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00023.html" + }, + { + "name": "[qemu-devel] 20181107 [PATCH] 9p: write lock path in v9fs_co_open2()", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg01139.html" + }, + { + "name": "USN-3826-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3826-1/" + }, + { + "name": "[oss-security] 20181120 CVE-2018-19364 Qemu: 9pfs: Use-after-free due to race condition while updating fid path", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2018/11/20/1" + }, + { + "name": "[qemu-devel] 20181115 [PATCH] 9p: take write lock on fid path updates", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg02795.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19810.json b/2018/19xxx/CVE-2018-19810.json index 7fa287f44d5..606c93cb89b 100644 --- a/2018/19xxx/CVE-2018-19810.json +++ b/2018/19xxx/CVE-2018-19810.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page \"/VPortal/mgtconsole/GroupMove.jsp\" has reflected XSS via the ConnPoolName, GroupId, or type parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Dec/20" - }, - { - "name" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page \"/VPortal/mgtconsole/GroupMove.jsp\" has reflected XSS via the ConnPoolName, GroupId, or type parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html" + }, + { + "name": "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Dec/20" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19967.json b/2018/19xxx/CVE-2018-19967.json index 59d85a5d6b2..5120297efa3 100644 --- a/2018/19xxx/CVE-2018-19967.json +++ b/2018/19xxx/CVE-2018-19967.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://xenbits.xen.org/xsa/advisory-282.html", - "refsource" : "MISC", - "url" : "https://xenbits.xen.org/xsa/advisory-282.html" - }, - { - "name" : "https://support.citrix.com/article/CTX239432", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX239432" - }, - { - "name" : "DSA-4369", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4369" - }, - { - "name" : "106182", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://xenbits.xen.org/xsa/advisory-282.html", + "refsource": "MISC", + "url": "https://xenbits.xen.org/xsa/advisory-282.html" + }, + { + "name": "https://support.citrix.com/article/CTX239432", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX239432" + }, + { + "name": "DSA-4369", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4369" + }, + { + "name": "106182", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106182" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4279.json b/2018/4xxx/CVE-2018-4279.json index 16842b9d19d..d77b68ff697 100644 --- a/2018/4xxx/CVE-2018-4279.json +++ b/2018/4xxx/CVE-2018-4279.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4279", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4279", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4975.json b/2018/4xxx/CVE-2018-4975.json index add6af1c508..ed92794b6e2 100644 --- a/2018/4xxx/CVE-2018-4975.json +++ b/2018/4xxx/CVE-2018-4975.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" - }, - { - "name" : "104175", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104175" - }, - { - "name" : "1040920", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" + }, + { + "name": "1040920", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040920" + }, + { + "name": "104175", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104175" + } + ] + } +} \ No newline at end of file