From 356819a0fe7e1310b6bb360f955cfe760fc4715b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:54:00 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/0xxx/CVE-2004-0045.json | 180 +++++++------- 2004/0xxx/CVE-2004-0243.json | 140 +++++------ 2004/1xxx/CVE-2004-1053.json | 140 +++++------ 2004/1xxx/CVE-2004-1149.json | 140 +++++------ 2004/1xxx/CVE-2004-1596.json | 160 ++++++------- 2004/1xxx/CVE-2004-1932.json | 140 +++++------ 2008/3xxx/CVE-2008-3117.json | 140 +++++------ 2008/3xxx/CVE-2008-3346.json | 170 +++++++------- 2008/4xxx/CVE-2008-4050.json | 170 +++++++------- 2008/4xxx/CVE-2008-4252.json | 180 +++++++------- 2008/4xxx/CVE-2008-4921.json | 160 ++++++------- 2008/6xxx/CVE-2008-6310.json | 160 ++++++------- 2008/6xxx/CVE-2008-6693.json | 160 ++++++------- 2008/6xxx/CVE-2008-6988.json | 180 +++++++------- 2008/7xxx/CVE-2008-7041.json | 140 +++++------ 2008/7xxx/CVE-2008-7066.json | 140 +++++------ 2013/2xxx/CVE-2013-2753.json | 34 +-- 2013/2xxx/CVE-2013-2879.json | 170 +++++++------- 2013/2xxx/CVE-2013-2919.json | 180 +++++++------- 2013/6xxx/CVE-2013-6368.json | 310 ++++++++++++------------ 2013/6xxx/CVE-2013-6400.json | 190 +++++++-------- 2013/6xxx/CVE-2013-6423.json | 34 +-- 2013/6xxx/CVE-2013-6745.json | 150 ++++++------ 2017/10xxx/CVE-2017-10142.json | 150 ++++++------ 2017/11xxx/CVE-2017-11055.json | 132 +++++------ 2017/11xxx/CVE-2017-11090.json | 122 +++++----- 2017/11xxx/CVE-2017-11859.json | 34 +-- 2017/14xxx/CVE-2017-14148.json | 34 +-- 2017/14xxx/CVE-2017-14297.json | 120 +++++----- 2017/14xxx/CVE-2017-14617.json | 120 +++++----- 2017/14xxx/CVE-2017-14647.json | 120 +++++----- 2017/14xxx/CVE-2017-14712.json | 130 +++++------ 2017/15xxx/CVE-2017-15253.json | 120 +++++----- 2017/15xxx/CVE-2017-15275.json | 240 +++++++++---------- 2017/15xxx/CVE-2017-15292.json | 34 +-- 2017/15xxx/CVE-2017-15307.json | 128 +++++----- 2017/15xxx/CVE-2017-15502.json | 34 +-- 2017/15xxx/CVE-2017-15614.json | 130 +++++------ 2017/9xxx/CVE-2017-9220.json | 120 +++++----- 2017/9xxx/CVE-2017-9833.json | 130 +++++------ 2018/0xxx/CVE-2018-0239.json | 140 +++++------ 2018/0xxx/CVE-2018-0959.json | 362 ++++++++++++++--------------- 2018/0xxx/CVE-2018-0981.json | 288 +++++++++++------------ 2018/1000xxx/CVE-2018-1000057.json | 124 +++++----- 2018/1000xxx/CVE-2018-1000541.json | 35 ++- 2018/1000xxx/CVE-2018-1000662.json | 34 +-- 2018/12xxx/CVE-2018-12900.json | 130 +++++------ 2018/12xxx/CVE-2018-12985.json | 34 +-- 2018/16xxx/CVE-2018-16143.json | 34 +-- 2018/16xxx/CVE-2018-16234.json | 120 +++++----- 2018/16xxx/CVE-2018-16327.json | 120 +++++----- 2018/16xxx/CVE-2018-16549.json | 120 +++++----- 2018/16xxx/CVE-2018-16578.json | 34 +-- 2018/20xxx/CVE-2018-20218.json | 53 ++++- 2018/4xxx/CVE-2018-4290.json | 34 +-- 2018/4xxx/CVE-2018-4295.json | 34 +-- 2018/4xxx/CVE-2018-4484.json | 34 +-- 2018/4xxx/CVE-2018-4649.json | 34 +-- 58 files changed, 3639 insertions(+), 3591 deletions(-) diff --git a/2004/0xxx/CVE-2004-0045.json b/2004/0xxx/CVE-2004-0045.json index 390a4f5eefc..95fea8ba46a 100644 --- a/2004/0xxx/CVE-2004-0045.json +++ b/2004/0xxx/CVE-2004-0045.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040107 [SECURITY] INN: Buffer overflow in control message handling", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-01/0063.html" - }, - { - "name" : "SSA:2004-014-02", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.365791" - }, - { - "name" : "20040108 [OpenPKG-SA-2004.001] OpenPKG Security Advisory (inn)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-01/0064.html" - }, - { - "name" : "VU#759020", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/759020" - }, - { - "name" : "9382", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9382" - }, - { - "name" : "10578", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10578" - }, - { - "name" : "inn-artpost-control-message-bo(14190)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14190" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040108 [OpenPKG-SA-2004.001] OpenPKG Security Advisory (inn)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-01/0064.html" + }, + { + "name": "VU#759020", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/759020" + }, + { + "name": "9382", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9382" + }, + { + "name": "inn-artpost-control-message-bo(14190)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14190" + }, + { + "name": "SSA:2004-014-02", + "refsource": "SLACKWARE", + "url": "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.365791" + }, + { + "name": "10578", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10578" + }, + { + "name": "20040107 [SECURITY] INN: Buffer overflow in control message handling", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-01/0063.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0243.json b/2004/0xxx/CVE-2004-0243.json index 086d653ccd0..063d4259466 100644 --- a/2004/0xxx/CVE-2004-0243.json +++ b/2004/0xxx/CVE-2004-0243.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040203 Re: sqwebmail web login", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107583269206044&w=2" - }, - { - "name" : "20040206 AIX password enumeration possible", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-02/0313.html" - }, - { - "name" : "aix-password-enumeration(15172)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040206 AIX password enumeration possible", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-02/0313.html" + }, + { + "name": "20040203 Re: sqwebmail web login", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107583269206044&w=2" + }, + { + "name": "aix-password-enumeration(15172)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15172" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1053.json b/2004/1xxx/CVE-2004-1053.json index 8d88166be00..8e769537885 100644 --- a/2004/1xxx/CVE-2004-1053.json +++ b/2004/1xxx/CVE-2004-1053.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote malicious servers to execute arbitrary code via certain HTTP headers in an HTTP response, which lead to a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-04:16", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:16.fetch.asc" - }, - { - "name" : "11702", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11702" - }, - { - "name" : "fetch-http-header-bo(18160)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote malicious servers to execute arbitrary code via certain HTTP headers in an HTTP response, which lead to a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11702", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11702" + }, + { + "name": "fetch-http-header-bo(18160)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18160" + }, + { + "name": "FreeBSD-SA-04:16", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:16.fetch.asc" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1149.json b/2004/1xxx/CVE-2004-1149.json index 1eaa2b58164..ce3aa1c7e42 100644 --- a/2004/1xxx/CVE-2004-1149.json +++ b/2004/1xxx/CVE-2004-1149.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041215 Computer Associates eTrust EZ Antivirus Insecure File Permission Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=164" - }, - { - "name" : "http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter", - "refsource" : "CONFIRM", - "url" : "http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter" - }, - { - "name" : "etrust-antivirus-insecure-permissions(18502)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18502" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "etrust-antivirus-insecure-permissions(18502)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18502" + }, + { + "name": "20041215 Computer Associates eTrust EZ Antivirus Insecure File Permission Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=164" + }, + { + "name": "http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter", + "refsource": "CONFIRM", + "url": "http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1596.json b/2004/1xxx/CVE-2004-1596.json index 29c4b181275..ad5df7becd7 100644 --- a/2004/1xxx/CVE-2004-1596.json +++ b/2004/1xxx/CVE-2004-1596.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows remote attackers to gain sensitive information such as passwords and router settings via a direct HTTP request to app_sta.stm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041013 3COM Wireless router (3CRADSL72) information disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109778914829901&w=2" - }, - { - "name" : "20041015 More details on BID 11408 (3com 3cradsl72 wireless router)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/378551" - }, - { - "name" : "20041015 Re: 3COM Wireless router (3CRADSL72) information disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109810854031673&w=2" - }, - { - "name" : "11408", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11408" - }, - { - "name" : "3com-officeconnect-obtain-info(17723)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows remote attackers to gain sensitive information such as passwords and router settings via a direct HTTP request to app_sta.stm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3com-officeconnect-obtain-info(17723)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17723" + }, + { + "name": "20041015 Re: 3COM Wireless router (3CRADSL72) information disclosure", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109810854031673&w=2" + }, + { + "name": "11408", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11408" + }, + { + "name": "20041013 3COM Wireless router (3CRADSL72) information disclosure", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109778914829901&w=2" + }, + { + "name": "20041015 More details on BID 11408 (3com 3cradsl72 wireless router)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/378551" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1932.json b/2004/1xxx/CVE-2004-1932.json index 36d3a106536..59c7ea5b81d 100644 --- a/2004/1xxx/CVE-2004-1932.json +++ b/2004/1xxx/CVE-2004-1932.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040412 [waraxe-2004-SA#018 - Admin-level authentication bypass in phpnuke 6.x-7.2]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108180334918576&w=2" - }, - { - "name" : "http://www.waraxe.us/index.php?modname=sa&id=18", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/index.php?modname=sa&id=18" - }, - { - "name" : "phpnuke-admin-bypass-authentication(15835)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15835" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpnuke-admin-bypass-authentication(15835)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15835" + }, + { + "name": "20040412 [waraxe-2004-SA#018 - Admin-level authentication bypass in phpnuke 6.x-7.2]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108180334918576&w=2" + }, + { + "name": "http://www.waraxe.us/index.php?modname=sa&id=18", + "refsource": "MISC", + "url": "http://www.waraxe.us/index.php?modname=sa&id=18" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3117.json b/2008/3xxx/CVE-2008-3117.json index 0376e762f88..5c73156052f 100644 --- a/2008/3xxx/CVE-2008-3117.json +++ b/2008/3xxx/CVE-2008-3117.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in update_profile.php in PHPmotion 2.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a .php file with a content type of (1) image/gif, (2) image/jpeg, or (3) image/pjpeg, then accessing it via a direct request to the file under pictures/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5938", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5938" - }, - { - "name" : "29949", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29949" - }, - { - "name" : "phpmotion-updateprofile-file-upload(43375)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in update_profile.php in PHPmotion 2.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a .php file with a content type of (1) image/gif, (2) image/jpeg, or (3) image/pjpeg, then accessing it via a direct request to the file under pictures/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5938", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5938" + }, + { + "name": "29949", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29949" + }, + { + "name": "phpmotion-updateprofile-file-upload(43375)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43375" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3346.json b/2008/3xxx/CVE-2008-3346.json index 96ce0d39716..3af6caddc55 100644 --- a/2008/3xxx/CVE-2008-3346.json +++ b/2008/3xxx/CVE-2008-3346.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in product_detail.php in ShopCart DX allows remote attackers to execute arbitrary SQL commands via the pid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6114", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6114" - }, - { - "name" : "30337", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30337" - }, - { - "name" : "ADV-2008-2161", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2161/references" - }, - { - "name" : "31156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31156" - }, - { - "name" : "4045", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4045" - }, - { - "name" : "shopcartdx-productdetail-sql-injection(43945)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in product_detail.php in ShopCart DX allows remote attackers to execute arbitrary SQL commands via the pid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31156" + }, + { + "name": "6114", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6114" + }, + { + "name": "ADV-2008-2161", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2161/references" + }, + { + "name": "4045", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4045" + }, + { + "name": "30337", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30337" + }, + { + "name": "shopcartdx-productdetail-sql-injection(43945)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43945" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4050.json b/2008/4xxx/CVE-2008-4050.json index 0858ee1ed30..8772dcd4281 100644 --- a/2008/4xxx/CVE-2008-4050.json +++ b/2008/4xxx/CVE-2008-4050.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to (1) create and read arbitrary registry values via the RegistryValue method, and (2) read arbitrary files via the GetTextFile method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6334", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6334" - }, - { - "name" : "30939", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30939" - }, - { - "name" : "30940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30940" - }, - { - "name" : "31644", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31644" - }, - { - "name" : "4244", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4244" - }, - { - "name" : "friendly-registryvalue-info-disclosure(44787)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44787" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to (1) create and read arbitrary registry values via the RegistryValue method, and (2) read arbitrary files via the GetTextFile method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6334", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6334" + }, + { + "name": "30939", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30939" + }, + { + "name": "31644", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31644" + }, + { + "name": "friendly-registryvalue-info-disclosure(44787)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44787" + }, + { + "name": "4244", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4244" + }, + { + "name": "30940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30940" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4252.json b/2008/4xxx/CVE-2008-4252.json index 101330b3cae..96da69b87f2 100644 --- a/2008/4xxx/CVE-2008-4252.json +++ b/2008/4xxx/CVE-2008-4252.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the \"system state,\" aka \"DataGrid Control Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-4252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm" - }, - { - "name" : "MS08-070", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070" - }, - { - "name" : "TA08-344A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-344A.html" - }, - { - "name" : "32591", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32591" - }, - { - "name" : "oval:org.mitre.oval:def:5894", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5894" - }, - { - "name" : "ADV-2008-3382", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3382" - }, - { - "name" : "1021369", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021369" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the \"system state,\" aka \"DataGrid Control Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-3382", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3382" + }, + { + "name": "1021369", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021369" + }, + { + "name": "MS08-070", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070" + }, + { + "name": "32591", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32591" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm" + }, + { + "name": "TA08-344A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html" + }, + { + "name": "oval:org.mitre.oval:def:5894", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5894" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4921.json b/2008/4xxx/CVE-2008-4921.json index bd984f7ad7d..b9a4caad3af 100644 --- a/2008/4xxx/CVE-2008-4921.json +++ b/2008/4xxx/CVE-2008-4921.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "board/admin/reguser.php in Chipmunk CMS 1.3 allows remote attackers to bypass authentication and gain administrator privileges via a direct request. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6959", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6959" - }, - { - "name" : "49494", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49494" - }, - { - "name" : "32476", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32476" - }, - { - "name" : "4559", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4559" - }, - { - "name" : "chipmunkcms-reguser-security-bypass(46259)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46259" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "board/admin/reguser.php in Chipmunk CMS 1.3 allows remote attackers to bypass authentication and gain administrator privileges via a direct request. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "chipmunkcms-reguser-security-bypass(46259)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46259" + }, + { + "name": "4559", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4559" + }, + { + "name": "49494", + "refsource": "OSVDB", + "url": "http://osvdb.org/49494" + }, + { + "name": "32476", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32476" + }, + { + "name": "6959", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6959" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6310.json b/2008/6xxx/CVE-2008-6310.json index d085aa2c4f6..834d95b381a 100644 --- a/2008/6xxx/CVE-2008-6310.json +++ b/2008/6xxx/CVE-2008-6310.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7163", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7163" - }, - { - "name" : "32365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32365" - }, - { - "name" : "32783", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32783" - }, - { - "name" : "ADV-2008-3217", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3217" - }, - { - "name" : "revsense-index-sql-injection(46733)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46733" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32783", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32783" + }, + { + "name": "32365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32365" + }, + { + "name": "7163", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7163" + }, + { + "name": "ADV-2008-3217", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3217" + }, + { + "name": "revsense-index-sql-injection(46733)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46733" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6693.json b/2008/6xxx/CVE-2008-6693.json index 996aca041fa..d9e1e69eb9c 100644 --- a/2008/6xxx/CVE-2008-6693.json +++ b/2008/6xxx/CVE-2008-6693.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6693", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Download system (sb_downloader) extension 0.1.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/" - }, - { - "name" : "29825", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29825" - }, - { - "name" : "46390", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46390" - }, - { - "name" : "30737", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30737" - }, - { - "name" : "sbdownloader-unspecified-sql-injection(43208)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43208" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Download system (sb_downloader) extension 0.1.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46390", + "refsource": "OSVDB", + "url": "http://osvdb.org/46390" + }, + { + "name": "30737", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30737" + }, + { + "name": "29825", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29825" + }, + { + "name": "sbdownloader-unspecified-sql-injection(43208)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43208" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6988.json b/2008/6xxx/CVE-2008-6988.json index 0bf6f9a1495..c95130b88bb 100644 --- a/2008/6xxx/CVE-2008-6988.json +++ b/2008/6xxx/CVE-2008-6988.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Easy Photo Gallery (aka Ezphotogallery) 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) galleryid parameter to gallery.php, and the (2) size or (3) imageid parameters to show.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080910 Ezphotogallery 2.1 Multiple Vulnerabilities ( Xss/Login Bypass/Sql injection Exploit/File Disclosure)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496220/100/0/threaded" - }, - { - "name" : "6428", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6428" - }, - { - "name" : "48316", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/48316" - }, - { - "name" : "48313", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/48313" - }, - { - "name" : "48314", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/48314" - }, - { - "name" : "31774", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31774" - }, - { - "name" : "easyphotogallery-gallery-show-xss(45050)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45050" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Easy Photo Gallery (aka Ezphotogallery) 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) galleryid parameter to gallery.php, and the (2) size or (3) imageid parameters to show.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31774", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31774" + }, + { + "name": "48316", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/48316" + }, + { + "name": "6428", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6428" + }, + { + "name": "48313", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/48313" + }, + { + "name": "20080910 Ezphotogallery 2.1 Multiple Vulnerabilities ( Xss/Login Bypass/Sql injection Exploit/File Disclosure)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496220/100/0/threaded" + }, + { + "name": "48314", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/48314" + }, + { + "name": "easyphotogallery-gallery-show-xss(45050)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45050" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7041.json b/2008/7xxx/CVE-2008-7041.json index 0f6de6a5f9c..6ac485d6704 100644 --- a/2008/7xxx/CVE-2008-7041.json +++ b/2008/7xxx/CVE-2008-7041.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AJ Classifieds allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin/home.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7089", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7089" - }, - { - "name" : "32256", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32256" - }, - { - "name" : "ajclassifieds-admin-security-bypass(46547)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AJ Classifieds allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin/home.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ajclassifieds-admin-security-bypass(46547)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46547" + }, + { + "name": "32256", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32256" + }, + { + "name": "7089", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7089" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7066.json b/2008/7xxx/CVE-2008-7066.json index 5a3d7c217ff..80645601674 100644 --- a/2008/7xxx/CVE-2008-7066.json +++ b/2008/7xxx/CVE-2008-7066.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenForum 0.66 Beta allows remote attackers to bypass authentication and reset passwords of other users via a direct request with the update parameter set to 1 and modified user and password parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7291", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7291" - }, - { - "name" : "32536", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32536" - }, - { - "name" : "openforum-profile-security-bypass(46969)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46969" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenForum 0.66 Beta allows remote attackers to bypass authentication and reset passwords of other users via a direct request with the update parameter set to 1 and modified user and password parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32536", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32536" + }, + { + "name": "7291", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7291" + }, + { + "name": "openforum-profile-security-bypass(46969)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46969" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2753.json b/2013/2xxx/CVE-2013-2753.json index 0af003f82b7..620fe33d231 100644 --- a/2013/2xxx/CVE-2013-2753.json +++ b/2013/2xxx/CVE-2013-2753.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2753", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2753", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2879.json b/2013/2xxx/CVE-2013-2879.json index a058de777b6..fa1b93d2dcb 100644 --- a/2013/2xxx/CVE-2013-2879.json +++ b/2013/2xxx/CVE-2013-2879.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 28.0.1500.71 does not properly determine the circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=8a8eb83276778c9fbcf9ebcd4436077269b73074", - "refsource" : "CONFIRM", - "url" : "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=8a8eb83276778c9fbcf9ebcd4436077269b73074" - }, - { - "name" : "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=f0aa298677a1afb9a40b36e32bc9c4d9b4861eac", - "refsource" : "CONFIRM", - "url" : "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=f0aa298677a1afb9a40b36e32bc9c4d9b4861eac" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=252062", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=252062" - }, - { - "name" : "DSA-2724", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2724" - }, - { - "name" : "oval:org.mitre.oval:def:17177", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17177" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 28.0.1500.71 does not properly determine the circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=8a8eb83276778c9fbcf9ebcd4436077269b73074", + "refsource": "CONFIRM", + "url": "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=8a8eb83276778c9fbcf9ebcd4436077269b73074" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=252062", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=252062" + }, + { + "name": "DSA-2724", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2724" + }, + { + "name": "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=f0aa298677a1afb9a40b36e32bc9c4d9b4861eac", + "refsource": "CONFIRM", + "url": "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=f0aa298677a1afb9a40b36e32bc9c4d9b4861eac" + }, + { + "name": "oval:org.mitre.oval:def:17177", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17177" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2919.json b/2013/2xxx/CVE-2013-2919.json index ba25cbfd845..a5017f5803d 100644 --- a/2013/2xxx/CVE-2013-2919.json +++ b/2013/2xxx/CVE-2013-2919.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=282736", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=282736" - }, - { - "name" : "DSA-2785", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2785" - }, - { - "name" : "openSUSE-SU-2013:1556", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html" - }, - { - "name" : "openSUSE-SU-2013:1861", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html" - }, - { - "name" : "openSUSE-SU-2014:0065", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" - }, - { - "name" : "oval:org.mitre.oval:def:18840", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=282736", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=282736" + }, + { + "name": "openSUSE-SU-2014:0065", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" + }, + { + "name": "DSA-2785", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2785" + }, + { + "name": "openSUSE-SU-2013:1556", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html" + }, + { + "name": "oval:org.mitre.oval:def:18840", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18840" + }, + { + "name": "openSUSE-SU-2013:1861", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6368.json b/2013/6xxx/CVE-2013-6368.json index ea7033f1909..a8554e24036 100644 --- a/2013/6xxx/CVE-2013-6368.json +++ b/2013/6xxx/CVE-2013-6368.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131212 Re: [vs-plain] kvm issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/12/12/12" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fda4e2e85589191b123d31cdc21fd33ee70f50fd", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fda4e2e85589191b123d31cdc21fd33ee70f50fd" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1032210", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1032210" - }, - { - "name" : "https://github.com/torvalds/linux/commit/fda4e2e85589191b123d31cdc21fd33ee70f50fd", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/fda4e2e85589191b123d31cdc21fd33ee70f50fd" - }, - { - "name" : "RHSA-2014:0163", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0163.html" - }, - { - "name" : "RHSA-2014:0284", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0284.html" - }, - { - "name" : "RHSA-2013:1801", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1801.html" - }, - { - "name" : "openSUSE-SU-2014:0205", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html" - }, - { - "name" : "openSUSE-SU-2014:0247", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html" - }, - { - "name" : "openSUSE-SU-2014:0204", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html" - }, - { - "name" : "USN-2113-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2113-1" - }, - { - "name" : "USN-2117-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2117-1" - }, - { - "name" : "USN-2133-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2133-1" - }, - { - "name" : "USN-2134-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2134-1" - }, - { - "name" : "USN-2135-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2135-1" - }, - { - "name" : "USN-2136-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2136-1" - }, - { - "name" : "USN-2138-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2138-1" - }, - { - "name" : "USN-2139-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2139-1" - }, - { - "name" : "USN-2141-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2141-1" - }, - { - "name" : "64291", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2135-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2135-1" + }, + { + "name": "openSUSE-SU-2014:0247", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html" + }, + { + "name": "USN-2138-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2138-1" + }, + { + "name": "https://github.com/torvalds/linux/commit/fda4e2e85589191b123d31cdc21fd33ee70f50fd", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/fda4e2e85589191b123d31cdc21fd33ee70f50fd" + }, + { + "name": "USN-2113-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2113-1" + }, + { + "name": "USN-2141-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2141-1" + }, + { + "name": "[oss-security] 20131212 Re: [vs-plain] kvm issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/12/12/12" + }, + { + "name": "64291", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64291" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fda4e2e85589191b123d31cdc21fd33ee70f50fd", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fda4e2e85589191b123d31cdc21fd33ee70f50fd" + }, + { + "name": "USN-2136-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2136-1" + }, + { + "name": "USN-2139-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2139-1" + }, + { + "name": "USN-2134-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2134-1" + }, + { + "name": "USN-2117-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2117-1" + }, + { + "name": "RHSA-2013:1801", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1801.html" + }, + { + "name": "USN-2133-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2133-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1032210", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1032210" + }, + { + "name": "RHSA-2014:0284", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0284.html" + }, + { + "name": "RHSA-2014:0163", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0163.html" + }, + { + "name": "openSUSE-SU-2014:0204", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html" + }, + { + "name": "openSUSE-SU-2014:0205", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6400.json b/2013/6xxx/CVE-2013-6400.json index 538d76a6ff9..7a3ef5b5c00 100644 --- a/2013/6xxx/CVE-2013-6400.json +++ b/2013/6xxx/CVE-2013-6400.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Xen-announce] 20131210 Xen Security Advisory 80 (CVE-2013-6400) - IOMMU TLB flushing may be inadvertently suppressed", - "refsource" : "MLIST", - "url" : "http://lists.xen.org/archives/html/xen-announce/2013-12/msg00002.html" - }, - { - "name" : "[oss-security] 20131210 Xen Security Advisory 80 (CVE-2013-6400) - IOMMU TLB flushing may be inadvertently suppressed", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/12/10/7" - }, - { - "name" : "FEDORA-2013-23457", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125111.html" - }, - { - "name" : "FEDORA-2013-23466", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125081.html" - }, - { - "name" : "GLSA-201407-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201407-03.xml" - }, - { - "name" : "SUSE-SU-2014:0373", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html" - }, - { - "name" : "1029468", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029468" - }, - { - "name" : "55932", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55932", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55932" + }, + { + "name": "1029468", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029468" + }, + { + "name": "SUSE-SU-2014:0373", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html" + }, + { + "name": "FEDORA-2013-23466", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125081.html" + }, + { + "name": "GLSA-201407-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201407-03.xml" + }, + { + "name": "FEDORA-2013-23457", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125111.html" + }, + { + "name": "[Xen-announce] 20131210 Xen Security Advisory 80 (CVE-2013-6400) - IOMMU TLB flushing may be inadvertently suppressed", + "refsource": "MLIST", + "url": "http://lists.xen.org/archives/html/xen-announce/2013-12/msg00002.html" + }, + { + "name": "[oss-security] 20131210 Xen Security Advisory 80 (CVE-2013-6400) - IOMMU TLB flushing may be inadvertently suppressed", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/12/10/7" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6423.json b/2013/6xxx/CVE-2013-6423.json index bb7a64932ac..e43b8f28e6d 100644 --- a/2013/6xxx/CVE-2013-6423.json +++ b/2013/6xxx/CVE-2013-6423.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6423", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6423", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6745.json b/2013/6xxx/CVE-2013-6745.json index bb6c29b6f85..e8a010ca7ad 100644 --- a/2013/6xxx/CVE-2013-6745.json +++ b/2013/6xxx/CVE-2013-6745.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-6745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660569", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660569" - }, - { - "name" : "https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_security_access_manager_for_enterprise_single_sign_on_cross_site_scripting_vulnerability_cve_2013_6745?lang=en_us", - "refsource" : "CONFIRM", - "url" : "https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_security_access_manager_for_enterprise_single_sign_on_cross_site_scripting_vulnerability_cve_2013_6745?lang=en_us" - }, - { - "name" : "64475", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64475" - }, - { - "name" : "ibm-sam-cve20136745-xss(89861)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64475", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64475" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660569", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660569" + }, + { + "name": "https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_security_access_manager_for_enterprise_single_sign_on_cross_site_scripting_vulnerability_cve_2013_6745?lang=en_us", + "refsource": "CONFIRM", + "url": "https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_security_access_manager_for_enterprise_single_sign_on_cross_site_scripting_vulnerability_cve_2013_6745?lang=en_us" + }, + { + "name": "ibm-sam-cve20136745-xss(89861)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89861" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10142.json b/2017/10xxx/CVE-2017-10142.json index 415e61e3e34..fb14ba2081b 100644 --- a/2017/10xxx/CVE-2017-10142.json +++ b/2017/10xxx/CVE-2017-10142.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Reporting and Analytics", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.5.1" - }, - { - "version_affected" : "=", - "version_value" : "9.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Mobile Apps). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Reporting and Analytics", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.5.1" + }, + { + "version_affected": "=", + "version_value": "9.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99710", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99710" - }, - { - "name" : "1038941", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Mobile Apps). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038941", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038941" + }, + { + "name": "99710", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99710" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11055.json b/2017/11xxx/CVE-2017-11055.json index 769da0766ca..a4419587ba3 100644 --- a/2017/11xxx/CVE-2017-11055.json +++ b/2017/11xxx/CVE-2017-11055.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-10-02T00:00:00", - "ID" : "CVE-2017-11055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION cfg80211 vendor command, a buffer over-read can occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-10-02T00:00:00", + "ID": "CVE-2017-11055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-10-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-10-01" - }, - { - "name" : "101160", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION cfg80211 vendor command, a buffer over-read can occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-10-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" + }, + { + "name": "101160", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101160" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11090.json b/2017/11xxx/CVE-2017-11090.json index a14140e27ef..034be200909 100644 --- a/2017/11xxx/CVE-2017-11090.json +++ b/2017/11xxx/CVE-2017-11090.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-11-01T00:00:00", - "ID" : "CVE-2017-11090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in __wlan_hdd_cfg80211_set_pmksa when user space application sends PMKID of size less than WLAN_PMKID_LEN bytes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Over-read in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-11-01T00:00:00", + "ID": "CVE-2017-11090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-11-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in __wlan_hdd_cfg80211_set_pmksa when user space application sends PMKID of size less than WLAN_PMKID_LEN bytes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Over-read in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11859.json b/2017/11xxx/CVE-2017-11859.json index 4db8eca8932..156eea8b3aa 100644 --- a/2017/11xxx/CVE-2017-11859.json +++ b/2017/11xxx/CVE-2017-11859.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11859", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11859", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14148.json b/2017/14xxx/CVE-2017-14148.json index 2aad4539dae..7c863ac294c 100644 --- a/2017/14xxx/CVE-2017-14148.json +++ b/2017/14xxx/CVE-2017-14148.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14148", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14148", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14297.json b/2017/14xxx/CVE-2017-14297.json index eb0a8acb101..6098dc973a1 100644 --- a/2017/14xxx/CVE-2017-14297.json +++ b/2017/14xxx/CVE-2017-14297.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to \"Data from Faulting Address controls Code Flow starting at STDUJBIG2File!DllGetClassObject+0x0000000000002f35.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14297", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to \"Data from Faulting Address controls Code Flow starting at STDUJBIG2File!DllGetClassObject+0x0000000000002f35.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14297", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14297" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14617.json b/2017/14xxx/CVE-2017-14617.json index 1dcf9ef8fcf..fa71ce41387 100644 --- a/2017/14xxx/CVE-2017-14617.json +++ b/2017/14xxx/CVE-2017-14617.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=102854", - "refsource" : "CONFIRM", - "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=102854" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=102854", + "refsource": "CONFIRM", + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=102854" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14647.json b/2017/14xxx/CVE-2017-14647.json index 79f992fa6e3..6be75504e07 100644 --- a/2017/14xxx/CVE-2017-14647.json +++ b/2017/14xxx/CVE-2017-14647.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A heap-based buffer overflow was discovered in AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/09/14/bento4-stack-based-buffer-overflow-in-ap4_visualsampleentryreadfields-ap4sampleentry-cpp/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/09/14/bento4-stack-based-buffer-overflow-in-ap4_visualsampleentryreadfields-ap4sampleentry-cpp/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A heap-based buffer overflow was discovered in AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/09/14/bento4-stack-based-buffer-overflow-in-ap4_visualsampleentryreadfields-ap4sampleentry-cpp/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/09/14/bento4-stack-based-buffer-overflow-in-ap4_visualsampleentryreadfields-ap4sampleentry-cpp/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14712.json b/2017/14xxx/CVE-2017-14712.json index 42064eb6007..81d93c57566 100644 --- a/2017/14xxx/CVE-2017-14712.json +++ b/2017/14xxx/CVE-2017-14712.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42950", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42950/" - }, - { - "name" : "https://forum.epesibim.com/d/4956-security-issue-multiple-stored-xss-in-epesi-version-1-8-2-rev20170830", - "refsource" : "MISC", - "url" : "https://forum.epesibim.com/d/4956-security-issue-multiple-stored-xss-in-epesi-version-1-8-2-rev20170830" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://forum.epesibim.com/d/4956-security-issue-multiple-stored-xss-in-epesi-version-1-8-2-rev20170830", + "refsource": "MISC", + "url": "https://forum.epesibim.com/d/4956-security-issue-multiple-stored-xss-in-epesi-version-1-8-2-rev20170830" + }, + { + "name": "42950", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42950/" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15253.json b/2017/15xxx/CVE-2017-15253.json index ee05a79fdb6..3271cdc1878 100644 --- a/2017/15xxx/CVE-2017-15253.json +++ b/2017/15xxx/CVE-2017-15253.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a \"User Mode Write AV starting at PDF!xmlGetGlobalState+0x000000000007dff2.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15253", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15253" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a \"User Mode Write AV starting at PDF!xmlGetGlobalState+0x000000000007dff2.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15253", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15253" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15275.json b/2017/15xxx/CVE-2017-15275.json index 601d154f712..4152656ab2f 100644 --- a/2017/15xxx/CVE-2017-15275.json +++ b/2017/15xxx/CVE-2017-15275.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171121 [SECURITY] [DLA 1183-1] samba security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00029.html" - }, - { - "name" : "https://www.samba.org/samba/security/CVE-2017-15275.html", - "refsource" : "CONFIRM", - "url" : "https://www.samba.org/samba/security/CVE-2017-15275.html" - }, - { - "name" : "https://www.synology.com/support/security/Synology_SA_17_72_Samba", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/support/security/Synology_SA_17_72_Samba" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us" - }, - { - "name" : "DSA-4043", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4043" - }, - { - "name" : "GLSA-201805-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201805-07" - }, - { - "name" : "RHSA-2017:3260", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3260" - }, - { - "name" : "RHSA-2017:3261", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3261" - }, - { - "name" : "RHSA-2017:3278", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3278" - }, - { - "name" : "USN-3486-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3486-1" - }, - { - "name" : "USN-3486-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3486-2" - }, - { - "name" : "101908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101908" - }, - { - "name" : "1039855", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039855" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:3278", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3278" + }, + { + "name": "USN-3486-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3486-2" + }, + { + "name": "DSA-4043", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4043" + }, + { + "name": "[debian-lts-announce] 20171121 [SECURITY] [DLA 1183-1] samba security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00029.html" + }, + { + "name": "RHSA-2017:3260", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3260" + }, + { + "name": "https://www.samba.org/samba/security/CVE-2017-15275.html", + "refsource": "CONFIRM", + "url": "https://www.samba.org/samba/security/CVE-2017-15275.html" + }, + { + "name": "RHSA-2017:3261", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3261" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us" + }, + { + "name": "GLSA-201805-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201805-07" + }, + { + "name": "USN-3486-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3486-1" + }, + { + "name": "1039855", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039855" + }, + { + "name": "101908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101908" + }, + { + "name": "https://www.synology.com/support/security/Synology_SA_17_72_Samba", + "refsource": "CONFIRM", + "url": "https://www.synology.com/support/security/Synology_SA_17_72_Samba" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15292.json b/2017/15xxx/CVE-2017-15292.json index 50795da0892..413e010a0e7 100644 --- a/2017/15xxx/CVE-2017-15292.json +++ b/2017/15xxx/CVE-2017-15292.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15292", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15292", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15307.json b/2017/15xxx/CVE-2017-15307.json index b077024f45a..4e8536e10bf 100644 --- a/2017/15xxx/CVE-2017-15307.json +++ b/2017/15xxx/CVE-2017-15307.json @@ -1,66 +1,66 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-10-30T00:00:00", - "ID" : "CVE-2017-15307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Honor 8", - "version" : { - "version_data" : [ - { - "version_value" : "earlier than FRD-L04C567B389" - }, - { - "version_value" : "earlier than FRD-L14C567B389" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on specific device information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Permission Control" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-10-30T00:00:00", + "ID": "CVE-2017-15307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Honor 8", + "version": { + "version_data": [ + { + "version_value": "earlier than FRD-L04C567B389" + }, + { + "version_value": "earlier than FRD-L14C567B389" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171030-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171030-01-smartphone-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on specific device information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Permission Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171030-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171030-01-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15502.json b/2017/15xxx/CVE-2017-15502.json index c8365097d25..b767cf94ddb 100644 --- a/2017/15xxx/CVE-2017-15502.json +++ b/2017/15xxx/CVE-2017-15502.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15502", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15502", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15614.json b/2017/15xxx/CVE-2017-15614.json index d401908281b..82d9aa07ac9 100644 --- a/2017/15xxx/CVE-2017-15614.json +++ b/2017/15xxx/CVE-2017-15614.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15614", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-outif variable in the pptp_client.lua file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/541655/100/0/threaded" - }, - { - "name" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt", - "refsource" : "MISC", - "url" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-outif variable in the pptp_client.lua file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt", + "refsource": "MISC", + "url": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt" + }, + { + "name": "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/541655/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9220.json b/2017/9xxx/CVE-2017-9220.json index c4731be381f..4caea7579d9 100644 --- a/2017/9xxx/CVE-2017-9220.json +++ b/2017/9xxx/CVE-2017-9220.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error) via a crafted mp4 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Jun/32", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jun/32" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error) via a crafted mp4 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Jun/32", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Jun/32" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9833.json b/2017/9xxx/CVE-2017-9833.json index 10bcea81896..f42ae8395d9 100644 --- a/2017/9xxx/CVE-2017-9833.json +++ b/2017/9xxx/CVE-2017-9833.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "/cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the injection of \"../..\" using the FILECAMERA variable (sent by GET) to read files with root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42290", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42290/" - }, - { - "name" : "https://pastebin.com/raw/rt7LJvyF", - "refsource" : "MISC", - "url" : "https://pastebin.com/raw/rt7LJvyF" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "/cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the injection of \"../..\" using the FILECAMERA variable (sent by GET) to read files with root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pastebin.com/raw/rt7LJvyF", + "refsource": "MISC", + "url": "https://pastebin.com/raw/rt7LJvyF" + }, + { + "name": "42290", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42290/" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0239.json b/2018/0xxx/CVE-2018-0239.json index 18a7a1466eb..51d94dd56de 100644 --- a/2018/0xxx/CVE-2018-0239.json +++ b/2018/0xxx/CVE-2018-0239.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0239", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco StarOS", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco StarOS" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the egress packet processing functionality of the Cisco StarOS operating system for Cisco Aggregation Services Router (ASR) 5700 Series devices and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to cause an interface on the device to cease forwarding packets. The device may need to be manually reloaded to clear this Interface Forwarding Denial of Service condition. The vulnerability is due to the failure to properly check that the length of a packet to transmit does not exceed the maximum supported length of the network interface card (NIC). An attacker could exploit this vulnerability by sending a crafted IP packet or a series of crafted IP fragments through an interface on the targeted device. A successful exploit could allow the attacker to cause the network interface to cease forwarding packets. This vulnerability could be triggered by either IPv4 or IPv6 network traffic. This vulnerability affects the following Cisco products when they are running the StarOS operating system and a virtual interface card is installed on the device: Aggregation Services Router (ASR) 5700 Series, Virtualized Packet Core-Distributed Instance (VPC-DI) System Software, Virtualized Packet Core-Single Instance (VPC-SI) System Software. Cisco Bug IDs: CSCvf32385." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco StarOS", + "version": { + "version_data": [ + { + "version_value": "Cisco StarOS" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-staros", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-staros" - }, - { - "name" : "103923", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103923" - }, - { - "name" : "1040720", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040720" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the egress packet processing functionality of the Cisco StarOS operating system for Cisco Aggregation Services Router (ASR) 5700 Series devices and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to cause an interface on the device to cease forwarding packets. The device may need to be manually reloaded to clear this Interface Forwarding Denial of Service condition. The vulnerability is due to the failure to properly check that the length of a packet to transmit does not exceed the maximum supported length of the network interface card (NIC). An attacker could exploit this vulnerability by sending a crafted IP packet or a series of crafted IP fragments through an interface on the targeted device. A successful exploit could allow the attacker to cause the network interface to cease forwarding packets. This vulnerability could be triggered by either IPv4 or IPv6 network traffic. This vulnerability affects the following Cisco products when they are running the StarOS operating system and a virtual interface card is installed on the device: Aggregation Services Router (ASR) 5700 Series, Virtualized Packet Core-Distributed Instance (VPC-DI) System Software, Virtualized Packet Core-Single Instance (VPC-SI) System Software. Cisco Bug IDs: CSCvf32385." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-staros", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-staros" + }, + { + "name": "103923", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103923" + }, + { + "name": "1040720", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040720" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0959.json b/2018/0xxx/CVE-2018-0959.json index 9d7bc230a43..52f4c51fe87 100644 --- a/2018/0xxx/CVE-2018-0959.json +++ b/2018/0xxx/CVE-2018-0959.json @@ -1,183 +1,183 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-0959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 7", - "version" : { - "version_data" : [ - { - "version_value" : "x64-based Systems Service Pack 1" - } - ] - } - }, - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows RT 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows RT 8.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2008", - "version" : { - "version_data" : [ - { - "version_value" : "x64-based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2012", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2008 R2", - "version" : { - "version_data" : [ - { - "version_value" : "x64-based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-0959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 7", + "version": { + "version_data": [ + { + "version_value": "x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server 2008", + "version": { + "version_data": [ + { + "version_value": "x64-based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2", + "version": { + "version_data": [ + { + "version_value": "x64-based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0959", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0959" - }, - { - "name" : "104031", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104031" - }, - { - "name" : "1040843", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040843" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040843", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040843" + }, + { + "name": "104031", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104031" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0959", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0959" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0981.json b/2018/0xxx/CVE-2018-0981.json index cdab2f07b98..12e29998b16 100644 --- a/2018/0xxx/CVE-2018-0981.json +++ b/2018/0xxx/CVE-2018-0981.json @@ -1,146 +1,146 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-0981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer 9", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value" : "Windows Server 2008 for x64-based Systems Service Pack 2" - } - ] - } - }, - { - "product_name" : "Internet Explorer 11", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1511 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1511 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "Windows 8.1 for x64-based systems" - }, - { - "version_value" : "Windows RT 8.1" - }, - { - "version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows Server 2012 R2" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "Internet Explorer 10", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2012" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \"Scripting Engine Information Disclosure Vulnerability.\" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0987, CVE-2018-0989, CVE-2018-1000." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-0981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 9", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1511 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1511 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "Internet Explorer 10", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2012" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0981", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0981" - }, - { - "name" : "103621", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103621" - }, - { - "name" : "1040653", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040653" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \"Scripting Engine Information Disclosure Vulnerability.\" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0987, CVE-2018-0989, CVE-2018-1000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040653", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040653" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0981", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0981" + }, + { + "name": "103621", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103621" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000057.json b/2018/1000xxx/CVE-2018-1000057.json index 9bb9202dbc9..91380050428 100644 --- a/2018/1000xxx/CVE-2018-1000057.json +++ b/2018/1000xxx/CVE-2018-1000057.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2/5/2018 0:00:00", - "ID" : "CVE-2018-1000057", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Credentials Binding Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "1.14 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values different from but similar to configured passwords being provided to the build. Those values are not subject to masking, and could allow unauthorized users to recover the original password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Plaintext Storage of a Password" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2/5/2018 0:00:00", + "ID": "CVE-2018-1000057", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-02-05/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-02-05/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values different from but similar to configured passwords being provided to the build. Those values are not subject to masking, and could allow unauthorized users to recover the original password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-02-05/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-02-05/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000541.json b/2018/1000xxx/CVE-2018-1000541.json index f17edfe64b0..81514c76b5e 100644 --- a/2018/1000xxx/CVE-2018-1000541.json +++ b/2018/1000xxx/CVE-2018-1000541.json @@ -1,19 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_ASSIGNED" : "2018-06-21", - "ID" : "CVE-2018-1000541", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-10362. Reason: This candidate is a reservation duplicate of CVE-2018-10362. Notes: All CVE users should reference CVE-2018-10362 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-1000541", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-10362. Reason: This candidate is a reservation duplicate of CVE-2018-10362. Notes: All CVE users should reference CVE-2018-10362 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000662.json b/2018/1000xxx/CVE-2018-1000662.json index a231864eec8..35d3bb2475a 100644 --- a/2018/1000xxx/CVE-2018-1000662.json +++ b/2018/1000xxx/CVE-2018-1000662.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1000662", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was inadvertently assigned by a different CNA at a time when the discoverer was communicating with the specific \"Vendors and Projects\" CNA for the product in question." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-1000662", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was inadvertently assigned by a different CNA at a time when the discoverer was communicating with the specific \"Vendors and Projects\" CNA for the product in question." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12900.json b/2018/12xxx/CVE-2018-12900.json index 943dd8e391e..7f6d66eb068 100644 --- a/2018/12xxx/CVE-2018-12900.json +++ b/2018/12xxx/CVE-2018-12900.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2798", - "refsource" : "MISC", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2798" - }, - { - "name" : "USN-3906-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3906-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2798", + "refsource": "MISC", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2798" + }, + { + "name": "USN-3906-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3906-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12985.json b/2018/12xxx/CVE-2018-12985.json index da002a7953c..3e13890bcc0 100644 --- a/2018/12xxx/CVE-2018-12985.json +++ b/2018/12xxx/CVE-2018-12985.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12985", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12985", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16143.json b/2018/16xxx/CVE-2018-16143.json index 97c8e3f2a40..a21f8504934 100644 --- a/2018/16xxx/CVE-2018-16143.json +++ b/2018/16xxx/CVE-2018-16143.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16143", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16143", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16234.json b/2018/16xxx/CVE-2018-16234.json index 97544f8b764..a392a15f80d 100644 --- a/2018/16xxx/CVE-2018-16234.json +++ b/2018/16xxx/CVE-2018-16234.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MorningStar WhatWeb 0.4.9 has XSS via JSON report files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/urbanadventurer/WhatWeb/issues/261", - "refsource" : "MISC", - "url" : "https://github.com/urbanadventurer/WhatWeb/issues/261" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MorningStar WhatWeb 0.4.9 has XSS via JSON report files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/urbanadventurer/WhatWeb/issues/261", + "refsource": "MISC", + "url": "https://github.com/urbanadventurer/WhatWeb/issues/261" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16327.json b/2018/16xxx/CVE-2018-16327.json index 7be07d5a84d..85d15bb3bab 100644 --- a/2018/16xxx/CVE-2018-16327.json +++ b/2018/16xxx/CVE-2018-16327.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16327", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/intelliants/subrion/issues/771", - "refsource" : "MISC", - "url" : "https://github.com/intelliants/subrion/issues/771" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/intelliants/subrion/issues/771", + "refsource": "MISC", + "url": "https://github.com/intelliants/subrion/issues/771" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16549.json b/2018/16xxx/CVE-2018-16549.json index fcb9a60457a..aa88219f7bf 100644 --- a/2018/16xxx/CVE-2018-16549.json +++ b/2018/16xxx/CVE-2018-16549.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://packetstormsecurity.com/files/149204", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/149204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/149204", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/149204" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16578.json b/2018/16xxx/CVE-2018-16578.json index 15a37eb4431..da8645dd8d3 100644 --- a/2018/16xxx/CVE-2018-16578.json +++ b/2018/16xxx/CVE-2018-16578.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16578", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16578", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20218.json b/2018/20xxx/CVE-2018-20218.json index 562457c6c8a..44cce390f51 100644 --- a/2018/20xxx/CVE-2018-20218.json +++ b/2018/20xxx/CVE-2018-20218.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20218", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the \"password\" parameter in the login form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://seclists.org/fulldisclosure/2019/Feb/48", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/Feb/48" + }, + { + "url": "https://zxsecurity.co.nz/research.html", + "refsource": "MISC", + "name": "https://zxsecurity.co.nz/research.html" } ] } diff --git a/2018/4xxx/CVE-2018-4290.json b/2018/4xxx/CVE-2018-4290.json index 76c032c5fa6..d9570fab9c4 100644 --- a/2018/4xxx/CVE-2018-4290.json +++ b/2018/4xxx/CVE-2018-4290.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4290", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4290", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4295.json b/2018/4xxx/CVE-2018-4295.json index a80cf25a5c1..b785f5f78bf 100644 --- a/2018/4xxx/CVE-2018-4295.json +++ b/2018/4xxx/CVE-2018-4295.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4295", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4295", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4484.json b/2018/4xxx/CVE-2018-4484.json index 42d80259828..9ed2587fa39 100644 --- a/2018/4xxx/CVE-2018-4484.json +++ b/2018/4xxx/CVE-2018-4484.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4484", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4484", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4649.json b/2018/4xxx/CVE-2018-4649.json index 2b6c65d4fbe..e0c96378e5f 100644 --- a/2018/4xxx/CVE-2018-4649.json +++ b/2018/4xxx/CVE-2018-4649.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4649", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4649", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file