From 2a3bd7fb694cd7708ec2247f4b97f06bb1748d50 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:53:07 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0194.json | 140 +++++++-------- 2001/0xxx/CVE-2001-0838.json | 120 ++++++------- 2008/0xxx/CVE-2008-0144.json | 160 ++++++++--------- 2008/0xxx/CVE-2008-0210.json | 130 +++++++------- 2008/0xxx/CVE-2008-0222.json | 140 +++++++-------- 2008/0xxx/CVE-2008-0556.json | 180 +++++++++---------- 2008/1xxx/CVE-2008-1036.json | 260 +++++++++++++-------------- 2008/1xxx/CVE-2008-1699.json | 160 ++++++++--------- 2008/1xxx/CVE-2008-1700.json | 130 +++++++------- 2008/5xxx/CVE-2008-5062.json | 180 +++++++++---------- 2008/5xxx/CVE-2008-5073.json | 150 ++++++++-------- 2008/5xxx/CVE-2008-5617.json | 170 +++++++++--------- 2008/5xxx/CVE-2008-5780.json | 140 +++++++-------- 2013/0xxx/CVE-2013-0096.json | 140 +++++++-------- 2013/0xxx/CVE-2013-0382.json | 130 +++++++------- 2013/0xxx/CVE-2013-0431.json | 320 ++++++++++++++++----------------- 2013/0xxx/CVE-2013-0462.json | 120 ++++++------- 2013/0xxx/CVE-2013-0579.json | 130 +++++++------- 2013/3xxx/CVE-2013-3210.json | 130 +++++++------- 2013/3xxx/CVE-2013-3593.json | 120 ++++++------- 2013/3xxx/CVE-2013-3668.json | 34 ++-- 2013/4xxx/CVE-2013-4118.json | 170 +++++++++--------- 2013/4xxx/CVE-2013-4167.json | 150 ++++++++-------- 2013/4xxx/CVE-2013-4443.json | 34 ++-- 2013/4xxx/CVE-2013-4869.json | 130 +++++++------- 2013/6xxx/CVE-2013-6911.json | 160 ++++++++--------- 2013/7xxx/CVE-2013-7322.json | 170 +++++++++--------- 2017/10xxx/CVE-2017-10262.json | 142 +++++++-------- 2017/10xxx/CVE-2017-10310.json | 142 +++++++-------- 2017/10xxx/CVE-2017-10539.json | 34 ++-- 2017/12xxx/CVE-2017-12017.json | 34 ++-- 2017/12xxx/CVE-2017-12309.json | 140 +++++++-------- 2017/12xxx/CVE-2017-12464.json | 130 +++++++------- 2017/12xxx/CVE-2017-12528.json | 142 +++++++-------- 2017/12xxx/CVE-2017-12771.json | 34 ++-- 2017/12xxx/CVE-2017-12896.json | 190 ++++++++++---------- 2017/13xxx/CVE-2017-13096.json | 142 +++++++-------- 2017/13xxx/CVE-2017-13227.json | 34 ++-- 2017/13xxx/CVE-2017-13723.json | 180 +++++++++---------- 2017/13xxx/CVE-2017-13861.json | 180 +++++++++---------- 2017/13xxx/CVE-2017-13886.json | 120 ++++++------- 2017/17xxx/CVE-2017-17345.json | 34 ++-- 2017/17xxx/CVE-2017-17474.json | 120 ++++++------- 2017/17xxx/CVE-2017-17629.json | 130 +++++++------- 2018/0xxx/CVE-2018-0231.json | 140 +++++++-------- 2018/18xxx/CVE-2018-18463.json | 34 ++-- 2018/18xxx/CVE-2018-18494.json | 306 +++++++++++++++---------------- 2018/18xxx/CVE-2018-18769.json | 34 ++-- 2018/18xxx/CVE-2018-18851.json | 34 ++-- 2018/18xxx/CVE-2018-18977.json | 34 ++-- 2018/19xxx/CVE-2018-19083.json | 120 ++++++------- 2018/19xxx/CVE-2018-19196.json | 130 +++++++------- 2018/19xxx/CVE-2018-19604.json | 34 ++-- 2018/19xxx/CVE-2018-19865.json | 220 +++++++++++------------ 2018/1xxx/CVE-2018-1285.json | 34 ++-- 2018/1xxx/CVE-2018-1388.json | 226 +++++++++++------------ 2018/1xxx/CVE-2018-1614.json | 200 ++++++++++----------- 2018/5xxx/CVE-2018-5192.json | 34 ++-- 58 files changed, 3753 insertions(+), 3753 deletions(-) diff --git a/2001/0xxx/CVE-2001-0194.json b/2001/0xxx/CVE-2001-0194.json index 50f51d5d5c1..be546984aee 100644 --- a/2001/0xxx/CVE-2001-0194.json +++ b/2001/0xxx/CVE-2001-0194.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MDKSA-2001:020-1", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-020.php3" - }, - { - "name" : "cups-httpgets-dos(6043)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6043" - }, - { - "name" : "6064", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2001:020-1", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-020.php3" + }, + { + "name": "6064", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6064" + }, + { + "name": "cups-httpgets-dos(6043)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6043" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0838.json b/2001/0xxx/CVE-2001-0838.json index 36a60e291c6..c8ad398a00d 100644 --- a/2001/0xxx/CVE-2001-0838.json +++ b/2001/0xxx/CVE-2001-0838.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows remote attackers to execute arbitrary code via format string specifiers in the -soa command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011025 RWhoisd remote format string vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100402652724815&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows remote attackers to execute arbitrary code via format string specifiers in the -soa command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011025 RWhoisd remote format string vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100402652724815&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0144.json b/2008/0xxx/CVE-2008-0144.json index 8552dcbbe0b..edcff7c04c8 100644 --- a/2008/0xxx/CVE-2008-0144.json +++ b/2008/0xxx/CVE-2008-0144.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged for local file inclusion using directory traversal sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080105 NetRisk 1.9.7 Remote File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=119955114428283&w=2" - }, - { - "name" : "4833", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4833" - }, - { - "name" : "27136", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27136" - }, - { - "name" : "28328", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28328" - }, - { - "name" : "netrisk-index-file-include(39419)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged for local file inclusion using directory traversal sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27136", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27136" + }, + { + "name": "28328", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28328" + }, + { + "name": "20080105 NetRisk 1.9.7 Remote File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=119955114428283&w=2" + }, + { + "name": "4833", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4833" + }, + { + "name": "netrisk-index-file-include(39419)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39419" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0210.json b/2008/0xxx/CVE-2008-0210.json index 14cece864ec..8977e600d48 100644 --- a/2008/0xxx/CVE-2008-0210.json +++ b/2008/0xxx/CVE-2008-0210.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal attacks without authentication by using CVE-2008-0140." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4846", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4846" - }, - { - "name" : "27154", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal attacks without authentication by using CVE-2008-0140." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27154", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27154" + }, + { + "name": "4846", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4846" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0222.json b/2008/0xxx/CVE-2008-0222.json index 3bc88a330e5..bf03591b6f9 100644 --- a/2008/0xxx/CVE-2008-0222.json +++ b/2008/0xxx/CVE-2008-0222.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4844", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4844" - }, - { - "name" : "27151", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27151" - }, - { - "name" : "wordpress-wpfilemanager-file-upload(39462)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39462" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27151", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27151" + }, + { + "name": "4844", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4844" + }, + { + "name": "wordpress-wpfilemanager-file-upload(39462)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39462" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0556.json b/2008/0xxx/CVE-2008-0556.json index db2991d257f..294142c2b70 100644 --- a/2008/0xxx/CVE-2008-0556.json +++ b/2008/0xxx/CVE-2008-0556.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in OpenCA PKI 0.9.2.5, and possibly earlier versions, allows remote attackers to perform unauthorized actions as authorized users via a link or IMG tag to RAServer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080213 OpenCA XSRF (CVE-2008-0556)", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060300.html" - }, - { - "name" : "https://www.cynops.de/advisories/CVE-2008-0556.txt", - "refsource" : "MISC", - "url" : "https://www.cynops.de/advisories/CVE-2008-0556.txt" - }, - { - "name" : "VU#264385", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/264385" - }, - { - "name" : "ADV-2008-0588", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0588" - }, - { - "name" : "1019426", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019426" - }, - { - "name" : "28951", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28951" - }, - { - "name" : "openca-certificate-csrf(40476)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40476" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in OpenCA PKI 0.9.2.5, and possibly earlier versions, allows remote attackers to perform unauthorized actions as authorized users via a link or IMG tag to RAServer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080213 OpenCA XSRF (CVE-2008-0556)", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060300.html" + }, + { + "name": "https://www.cynops.de/advisories/CVE-2008-0556.txt", + "refsource": "MISC", + "url": "https://www.cynops.de/advisories/CVE-2008-0556.txt" + }, + { + "name": "openca-certificate-csrf(40476)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40476" + }, + { + "name": "ADV-2008-0588", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0588" + }, + { + "name": "28951", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28951" + }, + { + "name": "1019426", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019426" + }, + { + "name": "VU#264385", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/264385" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1036.json b/2008/1xxx/CVE-2008-1036.json index f4a46b8bca7..baf0618ef10 100644 --- a/2008/1xxx/CVE-2008-1036.json +++ b/2008/1xxx/CVE-2008-1036.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0064", - "refsource" : "MISC", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0064" - }, - { - "name" : "APPLE-SA-2008-05-28", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" - }, - { - "name" : "DSA-1762", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1762" - }, - { - "name" : "RHSA-2009:0296", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0296.html" - }, - { - "name" : "USN-747-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-747-1" - }, - { - "name" : "TA08-150A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" - }, - { - "name" : "29412", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29412" - }, - { - "name" : "29488", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29488" - }, - { - "name" : "oval:org.mitre.oval:def:10824", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10824" - }, - { - "name" : "34290", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34290" - }, - { - "name" : "34777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34777" - }, - { - "name" : "ADV-2008-1697", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1697" - }, - { - "name" : "1020139", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020139" - }, - { - "name" : "30430", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30430" - }, - { - "name" : "macosx-icu-security-bypass(42717)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42717" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2009:0296", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0296.html" + }, + { + "name": "macosx-icu-security-bypass(42717)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42717" + }, + { + "name": "34777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34777" + }, + { + "name": "29488", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29488" + }, + { + "name": "1020139", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020139" + }, + { + "name": "TA08-150A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" + }, + { + "name": "30430", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30430" + }, + { + "name": "APPLE-SA-2008-05-28", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" + }, + { + "name": "DSA-1762", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1762" + }, + { + "name": "34290", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34290" + }, + { + "name": "oval:org.mitre.oval:def:10824", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10824" + }, + { + "name": "ADV-2008-1697", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1697" + }, + { + "name": "USN-747-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-747-1" + }, + { + "name": "29412", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29412" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0064", + "refsource": "MISC", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0064" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1699.json b/2008/1xxx/CVE-2008-1699.json index d7a6ac297f4..8e95bab2421 100644 --- a/2008/1xxx/CVE-2008-1699.json +++ b/2008/1xxx/CVE-2008-1699.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in permalink.php in Desi Quintans Writer's Block CMS 3.8a allows remote attackers to execute arbitrary SQL commands via the PostID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080402 Writers Block SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490376/100/0/threaded" - }, - { - "name" : "28564", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28564" - }, - { - "name" : "29652", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29652" - }, - { - "name" : "3803", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3803" - }, - { - "name" : "writersblock-permalink-sql-injection(41619)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in permalink.php in Desi Quintans Writer's Block CMS 3.8a allows remote attackers to execute arbitrary SQL commands via the PostID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "writersblock-permalink-sql-injection(41619)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41619" + }, + { + "name": "29652", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29652" + }, + { + "name": "28564", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28564" + }, + { + "name": "20080402 Writers Block SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490376/100/0/threaded" + }, + { + "name": "3803", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3803" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1700.json b/2008/1xxx/CVE-2008-1700.json index 0ed4eae8322..cf1c3a0ec44 100644 --- a/2008/1xxx/CVE-2008-1700.json +++ b/2008/1xxx/CVE-2008-1700.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to cause a denial of service (memory consumption) via a large number of SendNrlLink directives, which opens a separate window for each directive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mwrinfosecurity.com/publications/mwri_interwoven-worksite-activex-control-remote-code-execution_2008-03-10.pdf", - "refsource" : "MISC", - "url" : "http://www.mwrinfosecurity.com/publications/mwri_interwoven-worksite-activex-control-remote-code-execution_2008-03-10.pdf" - }, - { - "name" : "worksiteweb-webtransferctrl-imanfile-dos(41757)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to cause a denial of service (memory consumption) via a large number of SendNrlLink directives, which opens a separate window for each directive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "worksiteweb-webtransferctrl-imanfile-dos(41757)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41757" + }, + { + "name": "http://www.mwrinfosecurity.com/publications/mwri_interwoven-worksite-activex-control-remote-code-execution_2008-03-10.pdf", + "refsource": "MISC", + "url": "http://www.mwrinfosecurity.com/publications/mwri_interwoven-worksite-activex-control-remote-code-execution_2008-03-10.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5062.json b/2008/5xxx/CVE-2008-5062.json index 6e749a3fcd8..825e726a253 100644 --- a/2008/5xxx/CVE-2008-5062.json +++ b/2008/5xxx/CVE-2008-5062.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in php/cal_pdf.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to read arbitrary files via directory traversal sequences in the thefile parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7049", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7049" - }, - { - "name" : "32196", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32196" - }, - { - "name" : "ADV-2008-3077", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3077" - }, - { - "name" : "49680", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49680" - }, - { - "name" : "32640", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32640" - }, - { - "name" : "4590", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4590" - }, - { - "name" : "mwcal-calpdf-directory-traversal(46455)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46455" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in php/cal_pdf.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to read arbitrary files via directory traversal sequences in the thefile parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49680", + "refsource": "OSVDB", + "url": "http://osvdb.org/49680" + }, + { + "name": "ADV-2008-3077", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3077" + }, + { + "name": "mwcal-calpdf-directory-traversal(46455)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46455" + }, + { + "name": "32196", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32196" + }, + { + "name": "32640", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32640" + }, + { + "name": "4590", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4590" + }, + { + "name": "7049", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7049" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5073.json b/2008/5xxx/CVE-2008-5073.json index 70123cd9c37..0b6f0079591 100644 --- a/2008/5xxx/CVE-2008-5073.json +++ b/2008/5xxx/CVE-2008-5073.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in an ActiveX control in Novell ZENworks Desktop Management 6.5 allows remote attackers to execute arbitrary code via a long argument to the CanUninstall method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080927 Novell ZENWorks for Desktops Version 6.5 Remote (Heap-Based) PoC", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496786/100/0/threaded" - }, - { - "name" : "31435", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31435" - }, - { - "name" : "4595", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4595" - }, - { - "name" : "novell-zenworks-activex-bo(45462)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45462" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in an ActiveX control in Novell ZENworks Desktop Management 6.5 allows remote attackers to execute arbitrary code via a long argument to the CanUninstall method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4595", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4595" + }, + { + "name": "31435", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31435" + }, + { + "name": "20080927 Novell ZENWorks for Desktops Version 6.5 Remote (Heap-Based) PoC", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496786/100/0/threaded" + }, + { + "name": "novell-zenworks-activex-bo(45462)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45462" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5617.json b/2008/5xxx/CVE-2008-5617.json index bc921d33a71..6be93477af1 100644 --- a/2008/5xxx/CVE-2008-5617.json +++ b/2008/5xxx/CVE-2008-5617.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.rsyslog.com/Article322.phtml", - "refsource" : "CONFIRM", - "url" : "http://www.rsyslog.com/Article322.phtml" - }, - { - "name" : "http://www.rsyslog.com/Topic4.phtml", - "refsource" : "CONFIRM", - "url" : "http://www.rsyslog.com/Topic4.phtml" - }, - { - "name" : "http://www.rsyslog.com/Article327.phtml", - "refsource" : "CONFIRM", - "url" : "http://www.rsyslog.com/Article327.phtml" - }, - { - "name" : "32630", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32630" - }, - { - "name" : "32857", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32857" - }, - { - "name" : "rsyslog-allowedsender-security-bypass(47080)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.rsyslog.com/Article327.phtml", + "refsource": "CONFIRM", + "url": "http://www.rsyslog.com/Article327.phtml" + }, + { + "name": "rsyslog-allowedsender-security-bypass(47080)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47080" + }, + { + "name": "http://www.rsyslog.com/Article322.phtml", + "refsource": "CONFIRM", + "url": "http://www.rsyslog.com/Article322.phtml" + }, + { + "name": "http://www.rsyslog.com/Topic4.phtml", + "refsource": "CONFIRM", + "url": "http://www.rsyslog.com/Topic4.phtml" + }, + { + "name": "32630", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32630" + }, + { + "name": "32857", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32857" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5780.json b/2008/5xxx/CVE-2008-5780.json index 276d3e9d4fc..d0ca6527d02 100644 --- a/2008/5xxx/CVE-2008-5780.json +++ b/2008/5xxx/CVE-2008-5780.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7466", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7466" - }, - { - "name" : "4842", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4842" - }, - { - "name" : "forestblog-blog-info-disclosure(47359)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47359" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "forestblog-blog-info-disclosure(47359)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47359" + }, + { + "name": "7466", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7466" + }, + { + "name": "4842", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4842" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0096.json b/2013/0xxx/CVE-2013-0096.json index f59404ced0d..3bc0c16e245 100644 --- a/2013/0xxx/CVE-2013-0096.json +++ b/2013/0xxx/CVE-2013-0096.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka \"Windows Essentials Improper URI Handling Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-0096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-045", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-045" - }, - { - "name" : "TA13-134A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-134A" - }, - { - "name" : "oval:org.mitre.oval:def:16204", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka \"Windows Essentials Improper URI Handling Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA13-134A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-134A" + }, + { + "name": "MS13-045", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-045" + }, + { + "name": "oval:org.mitre.oval:def:16204", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16204" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0382.json b/2013/0xxx/CVE-2013-0382.json index 7e8ac6f1912..e794531d00a 100644 --- a/2013/0xxx/CVE-2013-0382.json +++ b/2013/0xxx/CVE-2013-0382.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Campaign Management." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-0382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Campaign Management." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0431.json b/2013/0xxx/CVE-2013-0431.json index c1e2f232716..9344c4d7e0b 100644 --- a/2013/0xxx/CVE-2013-0431.json +++ b/2013/0xxx/CVE-2013-0431.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka \"Issue 52,\" a different vulnerability than CVE-2013-1490." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-0431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130122 Re: [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/525387/30/0/threaded" - }, - { - "name" : "20130118 [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Jan/142" - }, - { - "name" : "20130122 Re: [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Jan/195" - }, - { - "name" : "http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/", - "refsource" : "MISC", - "url" : "http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/" - }, - { - "name" : "http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53", - "refsource" : "MISC", - "url" : "http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53" - }, - { - "name" : "http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717", - "refsource" : "MISC", - "url" : "http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBMU02874", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "HPSBUX02857", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101103", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101184", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "MDVSA-2013:095", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" - }, - { - "name" : "RHSA-2013:0237", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0237.html" - }, - { - "name" : "RHSA-2013:0247", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0247.html" - }, - { - "name" : "openSUSE-SU-2013:0377", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html" - }, - { - "name" : "TA13-032A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" - }, - { - "name" : "VU#858729", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/858729" - }, - { - "name" : "oval:org.mitre.oval:def:16579", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16579" - }, - { - "name" : "oval:org.mitre.oval:def:19418", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka \"Issue 52,\" a different vulnerability than CVE-2013-1490." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:19418", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19418" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "MDVSA-2013:095", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" + }, + { + "name": "http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717", + "refsource": "MISC", + "url": "http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717" + }, + { + "name": "TA13-032A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" + }, + { + "name": "20130118 [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Jan/142" + }, + { + "name": "VU#858729", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/858729" + }, + { + "name": "RHSA-2013:0237", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0237.html" + }, + { + "name": "HPSBUX02857", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "RHSA-2013:0247", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0247.html" + }, + { + "name": "http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/", + "refsource": "MISC", + "url": "http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/" + }, + { + "name": "20130122 Re: [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Jan/195" + }, + { + "name": "HPSBMU02874", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "SSRT101103", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53", + "refsource": "MISC", + "url": "http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53" + }, + { + "name": "openSUSE-SU-2013:0377", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html" + }, + { + "name": "20130122 Re: [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/525387/30/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:16579", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16579" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" + }, + { + "name": "SSRT101184", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0462.json b/2013/0xxx/CVE-2013-0462.json index 184e9e02e0f..bc74ab55bc6 100644 --- a/2013/0xxx/CVE-2013-0462.json +++ b/2013/0xxx/CVE-2013-0462.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerabilities_fixed_in_ibm_websphere_application_server_7_0_0_2785", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerabilities_fixed_in_ibm_websphere_application_server_7_0_0_2785" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerabilities_fixed_in_ibm_websphere_application_server_7_0_0_2785", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerabilities_fixed_in_ibm_websphere_application_server_7_0_0_2785" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0579.json b/2013/0xxx/CVE-2013-0579.json index a45cb441bb4..facfa13e117 100644 --- a/2013/0xxx/CVE-2013-0579.json +++ b/2013/0xxx/CVE-2013-0579.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote attackers to impersonate arbitrary users by leveraging access to a legitimate user's web browser either (1) before or (2) after authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21651990", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21651990" - }, - { - "name" : "ibm-optim-cve20130579-session-fixation(83331)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83331" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote attackers to impersonate arbitrary users by leveraging access to a legitimate user's web browser either (1) before or (2) after authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-optim-cve20130579-session-fixation(83331)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83331" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651990", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651990" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3210.json b/2013/3xxx/CVE-2013-3210.json index a145deb892c..bd4a3eb73bb 100644 --- a/2013/3xxx/CVE-2013-3210.json +++ b/2013/3xxx/CVE-2013-3210.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/unified/1215/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unified/1215/" - }, - { - "name" : "http://www.opera.com/security/advisory/1047", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/security/advisory/1047" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/security/advisory/1047", + "refsource": "CONFIRM", + "url": "http://www.opera.com/security/advisory/1047" + }, + { + "name": "http://www.opera.com/docs/changelogs/unified/1215/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unified/1215/" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3593.json b/2013/3xxx/CVE-2013-3593.json index 55b936a9f2c..0b3f199c217 100644 --- a/2013/3xxx/CVE-2013-3593.json +++ b/2013/3xxx/CVE-2013-3593.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Baramundi Management Suite 7.5 through 8.9 uses cleartext for (1) client-server communication and (2) data storage, which allows remote attackers to obtain sensitive information by sniffing the network, and allows context-dependent attackers to obtain sensitive information by reading a file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-3593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#392654", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/392654" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Baramundi Management Suite 7.5 through 8.9 uses cleartext for (1) client-server communication and (2) data storage, which allows remote attackers to obtain sensitive information by sniffing the network, and allows context-dependent attackers to obtain sensitive information by reading a file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#392654", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/392654" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3668.json b/2013/3xxx/CVE-2013-3668.json index f194d5c9217..1deedfdd5f0 100644 --- a/2013/3xxx/CVE-2013-3668.json +++ b/2013/3xxx/CVE-2013-3668.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3668", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3668", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4118.json b/2013/4xxx/CVE-2013-4118.json index 1365f408227..4aa6a2c9ada 100644 --- a/2013/4xxx/CVE-2013-4118.json +++ b/2013/4xxx/CVE-2013-4118.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130711 Re: CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/07/11/12" - }, - { - "name" : "[oss-security] 20130712 Re: CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/07/12/2" - }, - { - "name" : "https://github.com/FreeRDP/FreeRDP/commit/7d58aac24fe20ffaad7bd9b40c9ddf457c1b06e7", - "refsource" : "CONFIRM", - "url" : "https://github.com/FreeRDP/FreeRDP/commit/7d58aac24fe20ffaad7bd9b40c9ddf457c1b06e7" - }, - { - "name" : "openSUSE-SU-2016:2400", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-09/msg00101.html" - }, - { - "name" : "openSUSE-SU-2016:2402", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-09/msg00102.html" - }, - { - "name" : "61072", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130711 Re: CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/07/11/12" + }, + { + "name": "[oss-security] 20130712 Re: CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/07/12/2" + }, + { + "name": "openSUSE-SU-2016:2400", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00101.html" + }, + { + "name": "openSUSE-SU-2016:2402", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00102.html" + }, + { + "name": "61072", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61072" + }, + { + "name": "https://github.com/FreeRDP/FreeRDP/commit/7d58aac24fe20ffaad7bd9b40c9ddf457c1b06e7", + "refsource": "CONFIRM", + "url": "https://github.com/FreeRDP/FreeRDP/commit/7d58aac24fe20ffaad7bd9b40c9ddf457c1b06e7" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4167.json b/2013/4xxx/CVE-2013-4167.json index 1d5e435d3dc..a8447d7a5c7 100644 --- a/2013/4xxx/CVE-2013-4167.json +++ b/2013/4xxx/CVE-2013-4167.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) before 1.11.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130721 cve request: cms made simple XSS before 1.11.7", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/07/21/1" - }, - { - "name" : "[oss-security] 20130725 Re: cve request: cms made simple XSS before 1.11.7", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/07/25/7" - }, - { - "name" : "https://twitter.com/LeakFree/status/336942367351394305", - "refsource" : "MISC", - "url" : "https://twitter.com/LeakFree/status/336942367351394305" - }, - { - "name" : "http://forum.cmsmadesimple.org/viewtopic.php?f=1&t=66590&p=299356", - "refsource" : "CONFIRM", - "url" : "http://forum.cmsmadesimple.org/viewtopic.php?f=1&t=66590&p=299356" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) before 1.11.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130725 Re: cve request: cms made simple XSS before 1.11.7", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/07/25/7" + }, + { + "name": "http://forum.cmsmadesimple.org/viewtopic.php?f=1&t=66590&p=299356", + "refsource": "CONFIRM", + "url": "http://forum.cmsmadesimple.org/viewtopic.php?f=1&t=66590&p=299356" + }, + { + "name": "[oss-security] 20130721 cve request: cms made simple XSS before 1.11.7", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/07/21/1" + }, + { + "name": "https://twitter.com/LeakFree/status/336942367351394305", + "refsource": "MISC", + "url": "https://twitter.com/LeakFree/status/336942367351394305" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4443.json b/2013/4xxx/CVE-2013-4443.json index 72e8fd2319d..fa71d6432af 100644 --- a/2013/4xxx/CVE-2013-4443.json +++ b/2013/4xxx/CVE-2013-4443.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4443", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-4443", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4869.json b/2013/4xxx/CVE-2013-4869.json index 1828a1fefde..1263611f84c 100644 --- a/2013/4xxx/CVE-2013-4869.json +++ b/2013/4xxx/CVE-2013-4869.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4869", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the \"hard-coded static encryption key is considered a hardening issue rather than a vulnerability, and as such, has a CVSS score of 0/0.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm" - }, - { - "name" : "cucm-cve20134869-weak-security(85883)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85883" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the \"hard-coded static encryption key is considered a hardening issue rather than a vulnerability, and as such, has a CVSS score of 0/0.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cucm-cve20134869-weak-security(85883)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85883" + }, + { + "name": "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6911.json b/2013/6xxx/CVE-2013-6911.json index b437f0a2100..0905885aa08 100644 --- a/2013/6xxx/CVE-2013-6911.json +++ b/2013/6xxx/CVE-2013-6911.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-6911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cs.cybozu.co.jp/information/20131202up01.php", - "refsource" : "MISC", - "url" : "http://cs.cybozu.co.jp/information/20131202up01.php" - }, - { - "name" : "https://support.cybozu.com/ja-jp/article/7158", - "refsource" : "CONFIRM", - "url" : "https://support.cybozu.com/ja-jp/article/7158" - }, - { - "name" : "JVN#23981867", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN23981867/index.html" - }, - { - "name" : "JVNDB-2013-000113", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113" - }, - { - "name" : "100561", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/100561" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cs.cybozu.co.jp/information/20131202up01.php", + "refsource": "MISC", + "url": "http://cs.cybozu.co.jp/information/20131202up01.php" + }, + { + "name": "https://support.cybozu.com/ja-jp/article/7158", + "refsource": "CONFIRM", + "url": "https://support.cybozu.com/ja-jp/article/7158" + }, + { + "name": "JVNDB-2013-000113", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113" + }, + { + "name": "100561", + "refsource": "OSVDB", + "url": "http://osvdb.org/100561" + }, + { + "name": "JVN#23981867", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN23981867/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7322.json b/2013/7xxx/CVE-2013-7322.json index e303babb4a5..ed0d4906937 100644 --- a/2013/7xxx/CVE-2013-7322.json +++ b/2013/7xxx/CVE-2013-7322.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay attacks, as demonstrated by a commented out line when using libpam-oath." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[OATH-Toolkit-help] 20131209 libpam-oath vulnerable to replay of OTP as result of incorrectly parsing comments in users file?", - "refsource" : "MLIST", - "url" : "http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00000.html" - }, - { - "name" : "[OATH-Toolkit-help] 20131214 Re: libpam-oath vulnerable to replay of OTP as result of incorrectly parsing comments in users file?", - "refsource" : "MLIST", - "url" : "http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00003.html" - }, - { - "name" : "[OATH-Toolkit-help] 20131214 Re: libpam-oath vulnerable to replay of OTP as result of incorrectly parsing comments in users file?", - "refsource" : "MLIST", - "url" : "http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00002.html" - }, - { - "name" : "[oss-security] 20140209 Re: oath-toolkit PAM module OTP token invalidation issue", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q1/296" - }, - { - "name" : "http://www.nongnu.org/oath-toolkit/NEWS.html", - "refsource" : "CONFIRM", - "url" : "http://www.nongnu.org/oath-toolkit/NEWS.html" - }, - { - "name" : "oath-toolkit-cve20137322-replay(91316)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay attacks, as demonstrated by a commented out line when using libpam-oath." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140209 Re: oath-toolkit PAM module OTP token invalidation issue", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q1/296" + }, + { + "name": "[OATH-Toolkit-help] 20131214 Re: libpam-oath vulnerable to replay of OTP as result of incorrectly parsing comments in users file?", + "refsource": "MLIST", + "url": "http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00003.html" + }, + { + "name": "[OATH-Toolkit-help] 20131209 libpam-oath vulnerable to replay of OTP as result of incorrectly parsing comments in users file?", + "refsource": "MLIST", + "url": "http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00000.html" + }, + { + "name": "oath-toolkit-cve20137322-replay(91316)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91316" + }, + { + "name": "[OATH-Toolkit-help] 20131214 Re: libpam-oath vulnerable to replay of OTP as result of incorrectly parsing comments in users file?", + "refsource": "MLIST", + "url": "http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00002.html" + }, + { + "name": "http://www.nongnu.org/oath-toolkit/NEWS.html", + "refsource": "CONFIRM", + "url": "http://www.nongnu.org/oath-toolkit/NEWS.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10262.json b/2017/10xxx/CVE-2017-10262.json index e22fb1731ce..9b116c46d4d 100644 --- a/2017/10xxx/CVE-2017-10262.json +++ b/2017/10xxx/CVE-2017-10262.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Access Manager", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.1.2.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). The supported version that is affected is 11.1.2.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Access Manager", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1.2.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102562", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102562" - }, - { - "name" : "1040211", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040211" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). The supported version that is affected is 11.1.2.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102562", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102562" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "1040211", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040211" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10310.json b/2017/10xxx/CVE-2017-10310.json index d1e66de24c4..a69ac05139d 100644 --- a/2017/10xxx/CVE-2017-10310.json +++ b/2017/10xxx/CVE-2017-10310.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hyperion Financial Reporting", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Security Models). The supported version that is affected is 11.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hyperion Financial Reporting", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101302", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101302" - }, - { - "name" : "1039595", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039595" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Security Models). The supported version that is affected is 11.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039595", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039595" + }, + { + "name": "101302", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101302" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10539.json b/2017/10xxx/CVE-2017-10539.json index 32b47c55a31..b32764ea7e9 100644 --- a/2017/10xxx/CVE-2017-10539.json +++ b/2017/10xxx/CVE-2017-10539.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10539", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10539", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12017.json b/2017/12xxx/CVE-2017-12017.json index 2bb4648fee4..afe543161a6 100644 --- a/2017/12xxx/CVE-2017-12017.json +++ b/2017/12xxx/CVE-2017-12017.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12017", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12017", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12309.json b/2017/12xxx/CVE-2017-12309.json index a2d9b89fa61..d2ef1671888 100644 --- a/2017/12xxx/CVE-2017-12309.json +++ b/2017/12xxx/CVE-2017-12309.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Email Security Appliance", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Email Security Appliance" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses. An exploit could allow the attacker to perform cross-site scripting attacks, cross-user defacement, web cache poisoning, and similar exploits. Cisco Bug IDs: CSCvf16705." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-113" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Email Security Appliance", + "version": { + "version_data": [ + { + "version_value": "Cisco Email Security Appliance" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-esa", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-esa" - }, - { - "name" : "101928", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101928" - }, - { - "name" : "1039831", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039831" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses. An exploit could allow the attacker to perform cross-site scripting attacks, cross-user defacement, web cache poisoning, and similar exploits. Cisco Bug IDs: CSCvf16705." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-113" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039831", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039831" + }, + { + "name": "101928", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101928" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-esa", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-esa" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12464.json b/2017/12xxx/CVE-2017-12464.json index ecb50da6470..721044cfed2 100644 --- a/2017/12xxx/CVE-2017-12464.json +++ b/2017/12xxx/CVE-2017-12464.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ccn-lite-valid.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via vectors involving the keyfile variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/130", - "refsource" : "CONFIRM", - "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/130" - }, - { - "name" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", - "refsource" : "CONFIRM", - "url" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ccn-lite-valid.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via vectors involving the keyfile variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", + "refsource": "CONFIRM", + "url": "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0" + }, + { + "name": "https://github.com/cn-uofbasel/ccn-lite/issues/130", + "refsource": "CONFIRM", + "url": "https://github.com/cn-uofbasel/ccn-lite/issues/130" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12528.json b/2017/12xxx/CVE-2017-12528.json index 70729d97f10..6544a8ad984 100644 --- a/2017/12xxx/CVE-2017-12528.json +++ b/2017/12xxx/CVE-2017-12528.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-08-11T00:00:00", - "ID" : "CVE-2017-12528", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center (iMC) PLAT", - "version" : { - "version_data" : [ - { - "version_value" : "PLAT 7.3 (E0504)" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-08-11T00:00:00", + "ID": "CVE-2017-12528", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center (iMC) PLAT", + "version": { + "version_data": [ + { + "version_value": "PLAT 7.3 (E0504)" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" - }, - { - "name" : "100367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100367" - }, - { - "name" : "1039152", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039152", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039152" + }, + { + "name": "100367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100367" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12771.json b/2017/12xxx/CVE-2017-12771.json index 914e348c0c4..375f564e965 100644 --- a/2017/12xxx/CVE-2017-12771.json +++ b/2017/12xxx/CVE-2017-12771.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12771", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12771", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12896.json b/2017/12xxx/CVE-2017-12896.json index 113acc58e67..c0295ffdc79 100644 --- a/2017/12xxx/CVE-2017-12896.json +++ b/2017/12xxx/CVE-2017-12896.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tcpdump.org/tcpdump-changes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tcpdump.org/tcpdump-changes.txt" - }, - { - "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/4e430c6b0d8b7e77c7abca7e7afb0c3e727502f2", - "refsource" : "CONFIRM", - "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/4e430c6b0d8b7e77c7abca7e7afb0c3e727502f2" - }, - { - "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/f76e7feb41a4327d2b0978449bbdafe98d4a3771", - "refsource" : "CONFIRM", - "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/f76e7feb41a4327d2b0978449bbdafe98d4a3771" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "DSA-3971", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3971" - }, - { - "name" : "GLSA-201709-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-23" - }, - { - "name" : "RHEA-2018:0705", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHEA-2018:0705" - }, - { - "name" : "1039307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-23" + }, + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "DSA-3971", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3971" + }, + { + "name": "1039307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039307" + }, + { + "name": "https://github.com/the-tcpdump-group/tcpdump/commit/f76e7feb41a4327d2b0978449bbdafe98d4a3771", + "refsource": "CONFIRM", + "url": "https://github.com/the-tcpdump-group/tcpdump/commit/f76e7feb41a4327d2b0978449bbdafe98d4a3771" + }, + { + "name": "https://github.com/the-tcpdump-group/tcpdump/commit/4e430c6b0d8b7e77c7abca7e7afb0c3e727502f2", + "refsource": "CONFIRM", + "url": "https://github.com/the-tcpdump-group/tcpdump/commit/4e430c6b0d8b7e77c7abca7e7afb0c3e727502f2" + }, + { + "name": "http://www.tcpdump.org/tcpdump-changes.txt", + "refsource": "CONFIRM", + "url": "http://www.tcpdump.org/tcpdump-changes.txt" + }, + { + "name": "RHEA-2018:0705", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHEA-2018:0705" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13096.json b/2017/13xxx/CVE-2017-13096.json index cac012f8cff..eae0c5c5748 100644 --- a/2017/13xxx/CVE-2017-13096.json +++ b/2017/13xxx/CVE-2017-13096.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2017-13096", - "STATE" : "PUBLIC", - "TITLE" : "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of Rights Block to remove or relax access control" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Standard", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_name" : "P1735", - "version_value" : "P1735" - } - ] - } - } - ] - }, - "vendor_name" : "IEEE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax access control. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-310" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-13096", + "STATE": "PUBLIC", + "TITLE": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of Rights Block to remove or relax access control" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Standard", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "P1735", + "version_value": "P1735" + } + ] + } + } + ] + }, + "vendor_name": "IEEE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#739007", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/739007" - }, - { - "name" : "101699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101699" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax access control. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-310" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101699" + }, + { + "name": "VU#739007", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/739007" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13227.json b/2017/13xxx/CVE-2017-13227.json index d48ea10f64f..689f3e5129f 100644 --- a/2017/13xxx/CVE-2017-13227.json +++ b/2017/13xxx/CVE-2017-13227.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13227", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13227", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13723.json b/2017/13xxx/CVE-2017-13723.json index a2f78510254..1fc61d122a0 100644 --- a/2017/13xxx/CVE-2017-13723.json +++ b/2017/13xxx/CVE-2017-13723.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20171004 Fwd: X server fixes for CVE-2017-13721 & CVE-2017-13723", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/10/04/10" - }, - { - "name" : "[xorg-announce] 20171004 [ANNOUNCE] xorg-server 1.19.4", - "refsource" : "MLIST", - "url" : "https://lists.x.org/archives/xorg-announce/2017-October/002808.html" - }, - { - "name" : "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html" - }, - { - "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=94f11ca5cf011ef123bd222cabeaef6f424d76ac", - "refsource" : "CONFIRM", - "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=94f11ca5cf011ef123bd222cabeaef6f424d76ac" - }, - { - "name" : "DSA-4000", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-4000" - }, - { - "name" : "GLSA-201710-30", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-30" - }, - { - "name" : "101253", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101253" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101253", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101253" + }, + { + "name": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=94f11ca5cf011ef123bd222cabeaef6f424d76ac", + "refsource": "CONFIRM", + "url": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=94f11ca5cf011ef123bd222cabeaef6f424d76ac" + }, + { + "name": "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html" + }, + { + "name": "GLSA-201710-30", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-30" + }, + { + "name": "[oss-security] 20171004 Fwd: X server fixes for CVE-2017-13721 & CVE-2017-13723", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/10/04/10" + }, + { + "name": "DSA-4000", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-4000" + }, + { + "name": "[xorg-announce] 20171004 [ANNOUNCE] xorg-server 1.19.4", + "refsource": "MLIST", + "url": "https://lists.x.org/archives/xorg-announce/2017-October/002808.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13861.json b/2017/13xxx/CVE-2017-13861.json index b2454c8d6b6..ec0ef624891 100644 --- a/2017/13xxx/CVE-2017-13861.json +++ b/2017/13xxx/CVE-2017-13861.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-13861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"IOSurface\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-13861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43320", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43320/" - }, - { - "name" : "https://support.apple.com/HT208325", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208325" - }, - { - "name" : "https://support.apple.com/HT208327", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208327" - }, - { - "name" : "https://support.apple.com/HT208334", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208334" - }, - { - "name" : "102134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102134" - }, - { - "name" : "1039952", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039952" - }, - { - "name" : "1039953", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039953" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"IOSurface\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102134" + }, + { + "name": "https://support.apple.com/HT208327", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208327" + }, + { + "name": "43320", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43320/" + }, + { + "name": "https://support.apple.com/HT208325", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208325" + }, + { + "name": "1039953", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039953" + }, + { + "name": "https://support.apple.com/HT208334", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208334" + }, + { + "name": "1039952", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039952" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13886.json b/2017/13xxx/CVE-2017-13886.json index 594bbbf11e4..35f06c50c53 100644 --- a/2017/13xxx/CVE-2017-13886.json +++ b/2017/13xxx/CVE-2017-13886.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-13886", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In macOS High Sierra before 10.13.2, an access issue existed with privileged WiFi system configuration. This issue was addressed with additional restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-13886", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208331", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208331" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In macOS High Sierra before 10.13.2, an access issue existed with privileged WiFi system configuration. This issue was addressed with additional restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208331", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208331" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17345.json b/2017/17xxx/CVE-2017-17345.json index dcf5ffe87e7..dc0fba7ece7 100644 --- a/2017/17xxx/CVE-2017-17345.json +++ b/2017/17xxx/CVE-2017-17345.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17345", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17345", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17474.json b/2017/17xxx/CVE-2017-17474.json index c9296675ca6..06394ee3652 100644 --- a/2017/17xxx/CVE-2017-17474.json +++ b/2017/17xxx/CVE-2017-17474.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\\\.\\Viragtlt DeviceIoControl request of 0x82730070." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x82730070", - "refsource" : "MISC", - "url" : "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x82730070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\\\.\\Viragtlt DeviceIoControl request of 0x82730070." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x82730070", + "refsource": "MISC", + "url": "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x82730070" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17629.json b/2017/17xxx/CVE-2017-17629.json index 2617575b0ed..d06140072a4 100644 --- a/2017/17xxx/CVE-2017-17629.json +++ b/2017/17xxx/CVE-2017-17629.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43287", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43287/" - }, - { - "name" : "https://packetstormsecurity.com/files/145327/Secure-E-commerce-Script-2.0.1-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/145327/Secure-E-commerce-Script-2.0.1-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43287", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43287/" + }, + { + "name": "https://packetstormsecurity.com/files/145327/Secure-E-commerce-Script-2.0.1-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/145327/Secure-E-commerce-Script-2.0.1-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0231.json b/2018/0xxx/CVE-2018-0231.json index c6fee90a566..42ead8c11e1 100644 --- a/2018/0xxx/CVE-2018-0231.json +++ b/2018/0xxx/CVE-2018-0231.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Adaptive Security Appliance", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Adaptive Security Appliance" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Transport Layer Security (TLS) library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of the affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious TLS message to an interface enabled for Secure Layer Socket (SSL) services on an affected device. Messages using SSL Version 3 (SSLv3) or SSL Version 2 (SSLv2) cannot be be used to exploit this vulnerability. An exploit could allow the attacker to cause a buffer underflow, triggering a crash on an affected device. This vulnerability affects Cisco ASA Software and Cisco FTD Software that is running on the following Cisco products: Adaptive Security Virtual Appliance (ASAv), Firepower Threat Defense Virtual (FTDv), Firepower 2100 Series Security Appliance. Cisco Bug IDs: CSCve18902, CSCve34335, CSCve38446." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Adaptive Security Appliance", + "version": { + "version_data": [ + { + "version_value": "Cisco Adaptive Security Appliance" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01" - }, - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa3", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa3" - }, - { - "name" : "1040725", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Transport Layer Security (TLS) library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of the affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious TLS message to an interface enabled for Secure Layer Socket (SSL) services on an affected device. Messages using SSL Version 3 (SSLv3) or SSL Version 2 (SSLv2) cannot be be used to exploit this vulnerability. An exploit could allow the attacker to cause a buffer underflow, triggering a crash on an affected device. This vulnerability affects Cisco ASA Software and Cisco FTD Software that is running on the following Cisco products: Adaptive Security Virtual Appliance (ASAv), Firepower Threat Defense Virtual (FTDv), Firepower 2100 Series Security Appliance. Cisco Bug IDs: CSCve18902, CSCve34335, CSCve38446." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa3", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa3" + }, + { + "name": "1040725", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040725" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18463.json b/2018/18xxx/CVE-2018-18463.json index 5dc4006ad46..46d91f775c2 100644 --- a/2018/18xxx/CVE-2018-18463.json +++ b/2018/18xxx/CVE-2018-18463.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18463", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18463", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18494.json b/2018/18xxx/CVE-2018-18494.json index 3c2409d8fc6..77666cec14d 100644 --- a/2018/18xxx/CVE-2018-18494.json +++ b/2018/18xxx/CVE-2018-18494.json @@ -1,155 +1,155 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-18494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "60.4" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "60.4" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "64" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-18494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "60.4" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "60.4" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "64" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1487964", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1487964" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-29/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-29/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-30/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-30/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-31/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-31/" - }, - { - "name" : "DSA-4354", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4354" - }, - { - "name" : "DSA-4362", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4362" - }, - { - "name" : "GLSA-201903-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201903-04" - }, - { - "name" : "RHSA-2018:3831", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3831" - }, - { - "name" : "RHSA-2018:3833", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3833" - }, - { - "name" : "RHSA-2019:0159", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0159" - }, - { - "name" : "RHSA-2019:0160", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0160" - }, - { - "name" : "USN-3844-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3844-1/" - }, - { - "name" : "USN-3868-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3868-1/" - }, - { - "name" : "106168", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106168" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-29/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-29/" + }, + { + "name": "[debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html" + }, + { + "name": "RHSA-2018:3833", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3833" + }, + { + "name": "RHSA-2018:3831", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3831" + }, + { + "name": "DSA-4362", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4362" + }, + { + "name": "GLSA-201903-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201903-04" + }, + { + "name": "USN-3844-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3844-1/" + }, + { + "name": "106168", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106168" + }, + { + "name": "RHSA-2019:0159", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0159" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-31/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-31/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-30/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-30/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1487964", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1487964" + }, + { + "name": "DSA-4354", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4354" + }, + { + "name": "USN-3868-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3868-1/" + }, + { + "name": "RHSA-2019:0160", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0160" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18769.json b/2018/18xxx/CVE-2018-18769.json index 5f9269fe214..05901ad6551 100644 --- a/2018/18xxx/CVE-2018-18769.json +++ b/2018/18xxx/CVE-2018-18769.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18769", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18769", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18851.json b/2018/18xxx/CVE-2018-18851.json index 34cbb5ba6a3..f411bed75d4 100644 --- a/2018/18xxx/CVE-2018-18851.json +++ b/2018/18xxx/CVE-2018-18851.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18851", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18851", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18977.json b/2018/18xxx/CVE-2018-18977.json index 5db391991c4..d7d77025917 100644 --- a/2018/18xxx/CVE-2018-18977.json +++ b/2018/18xxx/CVE-2018-18977.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18977", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18977", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19083.json b/2018/19xxx/CVE-2018-19083.json index 432c8b9f647..c890594092c 100644 --- a/2018/19xxx/CVE-2018-19083.json +++ b/2018/19xxx/CVE-2018-19083.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WeCenter 3.2.0 through 3.2.2 has XSS in the views/default/question/index.tpl.html htmlspecialchars_decode function via the /?/publish/ajax/publish_question/ question_content parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.iwantacve.cn/index.php/archives/76/", - "refsource" : "MISC", - "url" : "http://www.iwantacve.cn/index.php/archives/76/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WeCenter 3.2.0 through 3.2.2 has XSS in the views/default/question/index.tpl.html htmlspecialchars_decode function via the /?/publish/ajax/publish_question/ question_content parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.iwantacve.cn/index.php/archives/76/", + "refsource": "MISC", + "url": "http://www.iwantacve.cn/index.php/archives/76/" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19196.json b/2018/19xxx/CVE-2018-19196.json index beb1a304532..98e2e332156 100644 --- a/2018/19xxx/CVE-2018-19196.json +++ b/2018/19xxx/CVE-2018-19196.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in XiaoCms 20141229. It allows remote attackers to execute arbitrary code by using the type parameter to bypass the standard admin\\controller\\uploadfile.php restrictions on uploaded file types (jpg, jpeg, bmp, png, gif), as demonstrated by an admin/index.php?c=uploadfile&a=uploadify_upload&type=php URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/XiaoCms/blob/master/GETSHELL.md", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/XiaoCms/blob/master/GETSHELL.md" - }, - { - "name" : "https://www.patec.cn/newsshow.php?cid=24&id=136", - "refsource" : "MISC", - "url" : "https://www.patec.cn/newsshow.php?cid=24&id=136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in XiaoCms 20141229. It allows remote attackers to execute arbitrary code by using the type parameter to bypass the standard admin\\controller\\uploadfile.php restrictions on uploaded file types (jpg, jpeg, bmp, png, gif), as demonstrated by an admin/index.php?c=uploadfile&a=uploadify_upload&type=php URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.patec.cn/newsshow.php?cid=24&id=136", + "refsource": "MISC", + "url": "https://www.patec.cn/newsshow.php?cid=24&id=136" + }, + { + "name": "https://github.com/AvaterXXX/XiaoCms/blob/master/GETSHELL.md", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/XiaoCms/blob/master/GETSHELL.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19604.json b/2018/19xxx/CVE-2018-19604.json index 7873b24db9b..7524e8263f4 100644 --- a/2018/19xxx/CVE-2018-19604.json +++ b/2018/19xxx/CVE-2018-19604.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19604", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19604", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19865.json b/2018/19xxx/CVE-2018-19865.json index cb1778b34ec..6a91133c86a 100644 --- a/2018/19xxx/CVE-2018-19865.json +++ b/2018/19xxx/CVE-2018-19865.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19865", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/", - "refsource" : "MISC", - "url" : "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/" - }, - { - "name" : "https://codereview.qt-project.org/#/c/243666/", - "refsource" : "MISC", - "url" : "https://codereview.qt-project.org/#/c/243666/" - }, - { - "name" : "https://codereview.qt-project.org/#/c/244569/", - "refsource" : "MISC", - "url" : "https://codereview.qt-project.org/#/c/244569/" - }, - { - "name" : "https://codereview.qt-project.org/#/c/244687/", - "refsource" : "MISC", - "url" : "https://codereview.qt-project.org/#/c/244687/" - }, - { - "name" : "https://codereview.qt-project.org/#/c/244845/", - "refsource" : "MISC", - "url" : "https://codereview.qt-project.org/#/c/244845/" - }, - { - "name" : "https://codereview.qt-project.org/#/c/245283/", - "refsource" : "MISC", - "url" : "https://codereview.qt-project.org/#/c/245283/" - }, - { - "name" : "https://codereview.qt-project.org/#/c/245293/", - "refsource" : "MISC", - "url" : "https://codereview.qt-project.org/#/c/245293/" - }, - { - "name" : "https://codereview.qt-project.org/#/c/245312/", - "refsource" : "MISC", - "url" : "https://codereview.qt-project.org/#/c/245312/" - }, - { - "name" : "https://codereview.qt-project.org/#/c/245638/", - "refsource" : "MISC", - "url" : "https://codereview.qt-project.org/#/c/245638/" - }, - { - "name" : "https://codereview.qt-project.org/#/c/245640/", - "refsource" : "MISC", - "url" : "https://codereview.qt-project.org/#/c/245640/" - }, - { - "name" : "https://codereview.qt-project.org/#/c/246630/", - "refsource" : "MISC", - "url" : "https://codereview.qt-project.org/#/c/246630/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://codereview.qt-project.org/#/c/245283/", + "refsource": "MISC", + "url": "https://codereview.qt-project.org/#/c/245283/" + }, + { + "name": "https://codereview.qt-project.org/#/c/243666/", + "refsource": "MISC", + "url": "https://codereview.qt-project.org/#/c/243666/" + }, + { + "name": "https://codereview.qt-project.org/#/c/245638/", + "refsource": "MISC", + "url": "https://codereview.qt-project.org/#/c/245638/" + }, + { + "name": "https://codereview.qt-project.org/#/c/244569/", + "refsource": "MISC", + "url": "https://codereview.qt-project.org/#/c/244569/" + }, + { + "name": "https://codereview.qt-project.org/#/c/245312/", + "refsource": "MISC", + "url": "https://codereview.qt-project.org/#/c/245312/" + }, + { + "name": "https://codereview.qt-project.org/#/c/246630/", + "refsource": "MISC", + "url": "https://codereview.qt-project.org/#/c/246630/" + }, + { + "name": "https://codereview.qt-project.org/#/c/245293/", + "refsource": "MISC", + "url": "https://codereview.qt-project.org/#/c/245293/" + }, + { + "name": "https://codereview.qt-project.org/#/c/244687/", + "refsource": "MISC", + "url": "https://codereview.qt-project.org/#/c/244687/" + }, + { + "name": "https://codereview.qt-project.org/#/c/245640/", + "refsource": "MISC", + "url": "https://codereview.qt-project.org/#/c/245640/" + }, + { + "name": "https://codereview.qt-project.org/#/c/244845/", + "refsource": "MISC", + "url": "https://codereview.qt-project.org/#/c/244845/" + }, + { + "name": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/", + "refsource": "MISC", + "url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1285.json b/2018/1xxx/CVE-2018-1285.json index e88ef3a3414..c136cc032ee 100644 --- a/2018/1xxx/CVE-2018-1285.json +++ b/2018/1xxx/CVE-2018-1285.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1285", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1285", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1388.json b/2018/1xxx/CVE-2018-1388.json index 7dc7ce00888..d37ef36d325 100644 --- a/2018/1xxx/CVE-2018-1388.json +++ b/2018/1xxx/CVE-2018-1388.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-02-01T00:00:00", - "ID" : "CVE-2018-1388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere MQ", - "version" : { - "version_data" : [ - { - "version_value" : "7.0.1.1" - }, - { - "version_value" : "7.0.1.2" - }, - { - "version_value" : "7.0.1.3" - }, - { - "version_value" : "7.0.1.4" - }, - { - "version_value" : "7.0.1" - }, - { - "version_value" : "7.0.1.5" - }, - { - "version_value" : "7.0.1.6" - }, - { - "version_value" : "7.0.1.8" - }, - { - "version_value" : "7.0.1.7" - }, - { - "version_value" : "7.0.1.9" - }, - { - "version_value" : "7.0.1.10" - }, - { - "version_value" : "7.0.1.11" - }, - { - "version_value" : "7.0.1.12" - }, - { - "version_value" : "7.0.1.13" - }, - { - "version_value" : "7.0.1.14" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. IBM X-Force ID: 138212." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-02-01T00:00:00", + "ID": "CVE-2018-1388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere MQ", + "version": { + "version_data": [ + { + "version_value": "7.0.1.1" + }, + { + "version_value": "7.0.1.2" + }, + { + "version_value": "7.0.1.3" + }, + { + "version_value": "7.0.1.4" + }, + { + "version_value": "7.0.1" + }, + { + "version_value": "7.0.1.5" + }, + { + "version_value": "7.0.1.6" + }, + { + "version_value": "7.0.1.8" + }, + { + "version_value": "7.0.1.7" + }, + { + "version_value": "7.0.1.9" + }, + { + "version_value": "7.0.1.10" + }, + { + "version_value": "7.0.1.11" + }, + { + "version_value": "7.0.1.12" + }, + { + "version_value": "7.0.1.13" + }, + { + "version_value": "7.0.1.14" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/138212", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/138212" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22013022", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22013022" - }, - { - "name" : "103698", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. IBM X-Force ID: 138212." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103698", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103698" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22013022", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22013022" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138212", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138212" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1614.json b/2018/1xxx/CVE-2018-1614.json index 72bbf5e1e86..6fb37146618 100644 --- a/2018/1xxx/CVE-2018-1614.json +++ b/2018/1xxx/CVE-2018-1614.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-06-21T00:00:00", - "ID" : "CVE-2018-1614", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Application Server", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.5" - }, - { - "version_value" : "9.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "N", - "PR" : "N", - "S" : "C", - "SCORE" : "5.800", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-06-21T00:00:00", + "ID": "CVE-2018-1614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Application Server", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.5" + }, + { + "version_value": "9.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www-01.ibm.com/support/docview.wss?uid=swg22016887https://www-01.ibm.com/support/docview.wss?uid=swg22016887", - "refsource" : "CONFIRM", - "url" : "https://www-01.ibm.com/support/docview.wss?uid=swg22016887https://www-01.ibm.com/support/docview.wss?uid=swg22016887" - }, - { - "name" : "1041168", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041168" - }, - { - "name" : "ibm-websphere-cve20181614-info-disc(144270)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "N", + "PR": "N", + "S": "C", + "SCORE": "5.800", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-websphere-cve20181614-info-disc(144270)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144270" + }, + { + "name": "1041168", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041168" + }, + { + "name": "https://www-01.ibm.com/support/docview.wss?uid=swg22016887https://www-01.ibm.com/support/docview.wss?uid=swg22016887", + "refsource": "CONFIRM", + "url": "https://www-01.ibm.com/support/docview.wss?uid=swg22016887https://www-01.ibm.com/support/docview.wss?uid=swg22016887" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5192.json b/2018/5xxx/CVE-2018-5192.json index ed8c56e4e2e..d98aaa9d408 100644 --- a/2018/5xxx/CVE-2018-5192.json +++ b/2018/5xxx/CVE-2018-5192.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5192", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5192", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file