diff --git a/2001/0xxx/CVE-2001-0101.json b/2001/0xxx/CVE-2001-0101.json index ec5dc229412..9d67151d9d4 100644 --- a/2001/0xxx/CVE-2001-0101.json +++ b/2001/0xxx/CVE-2001-0101.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE GSSAPI command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "TLSA2000024-1", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.com/pipermail/tl-security-announce/2000-December/000027.html" - }, - { - "name" : "RHBA-2000:106-04", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHBA-2000-106.html" - }, - { - "name" : "fetchmail-authenticate-gssapi(7455)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7455" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE GSSAPI command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TLSA2000024-1", + "refsource": "TURBO", + "url": "http://www.turbolinux.com/pipermail/tl-security-announce/2000-December/000027.html" + }, + { + "name": "RHBA-2000:106-04", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHBA-2000-106.html" + }, + { + "name": "fetchmail-authenticate-gssapi(7455)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7455" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0120.json b/2001/0xxx/CVE-2001-0120.json index 777451cb0c8..f5c3aa64a43 100644 --- a/2001/0xxx/CVE-2001-0120.json +++ b/2001/0xxx/CVE-2001-0120.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010110 Immunix OS Security update for lots of temp file problems", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97916374410647&w=2" - }, - { - "name" : "MDKSA-2001:007", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-007.php3" - }, - { - "name" : "2196", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2196" - }, - { - "name" : "shadow-utils-useradd-symlink(5927)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5927" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010110 Immunix OS Security update for lots of temp file problems", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97916374410647&w=2" + }, + { + "name": "shadow-utils-useradd-symlink(5927)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5927" + }, + { + "name": "MDKSA-2001:007", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-007.php3" + }, + { + "name": "2196", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2196" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0170.json b/2001/0xxx/CVE-2001-0170.json index db9063995d0..8e344c18159 100644 --- a/2001/0xxx/CVE-2001-0170.json +++ b/2001/0xxx/CVE-2001-0170.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010110 Glibc Local Root Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-01/0131.html" - }, - { - "name" : "20010110 [slackware-security] glibc 2.2 local vulnerability on setuid binaries", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-01/0186.html" - }, - { - "name" : "RHSA-2001:001", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-001.html" - }, - { - "name" : "2181", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2181" - }, - { - "name" : "linux-glibc-read-files(5907)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5907" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "linux-glibc-read-files(5907)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5907" + }, + { + "name": "RHSA-2001:001", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-001.html" + }, + { + "name": "20010110 [slackware-security] glibc 2.2 local vulnerability on setuid binaries", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-01/0186.html" + }, + { + "name": "20010110 Glibc Local Root Exploit", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-01/0131.html" + }, + { + "name": "2181", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2181" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0121.json b/2008/0xxx/CVE-2008-0121.json index 8147cc3c7ba..6add17e918a 100644 --- a/2008/0xxx/CVE-2008-0121.json +++ b/2008/0xxx/CVE-2008-0121.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A \"memory calculation error\" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka \"Memory Calculation Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-0121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080812 Microsoft PowerPoint Viewer 2003 Out of Bounds Array Index Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=738" - }, - { - "name" : "HPSBST02360", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2" - }, - { - "name" : "SSRT080117", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2" - }, - { - "name" : "MS08-051", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-051" - }, - { - "name" : "TA08-225A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-225A.html" - }, - { - "name" : "30554", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30554" - }, - { - "name" : "oval:org.mitre.oval:def:5724", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5724" - }, - { - "name" : "ADV-2008-2355", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2355" - }, - { - "name" : "1020676", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020676" - }, - { - "name" : "31453", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31453" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A \"memory calculation error\" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka \"Memory Calculation Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30554", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30554" + }, + { + "name": "TA08-225A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html" + }, + { + "name": "HPSBST02360", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2" + }, + { + "name": "SSRT080117", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2" + }, + { + "name": "1020676", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020676" + }, + { + "name": "ADV-2008-2355", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2355" + }, + { + "name": "31453", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31453" + }, + { + "name": "oval:org.mitre.oval:def:5724", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5724" + }, + { + "name": "MS08-051", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-051" + }, + { + "name": "20080812 Microsoft PowerPoint Viewer 2003 Out of Bounds Array Index Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=738" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0252.json b/2008/0xxx/CVE-2008-0252.json index 9a523ceabd1..f2bfc6e781a 100644 --- a/2008/0xxx/CVE-2008-0252.json +++ b/2008/0xxx/CVE-2008-0252.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080124 rPSA-2008-0030-1 CherryPy", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487001/100/0/threaded" - }, - { - "name" : "http://www.cherrypy.org/changeset/1774", - "refsource" : "CONFIRM", - "url" : "http://www.cherrypy.org/changeset/1774" - }, - { - "name" : "http://www.cherrypy.org/changeset/1775", - "refsource" : "CONFIRM", - "url" : "http://www.cherrypy.org/changeset/1775" - }, - { - "name" : "http://www.cherrypy.org/changeset/1776", - "refsource" : "CONFIRM", - "url" : "http://www.cherrypy.org/changeset/1776" - }, - { - "name" : "http://www.cherrypy.org/ticket/744", - "refsource" : "CONFIRM", - "url" : "http://www.cherrypy.org/ticket/744" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=204829", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=204829" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2127", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2127" - }, - { - "name" : "DSA-1481", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1481" - }, - { - "name" : "FEDORA-2008-0299", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00240.html" - }, - { - "name" : "FEDORA-2008-0333", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00297.html" - }, - { - "name" : "GLSA-200801-11", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200801-11.xml" - }, - { - "name" : "27181", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27181" - }, - { - "name" : "ADV-2008-0039", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0039" - }, - { - "name" : "28354", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28354" - }, - { - "name" : "28611", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28611" - }, - { - "name" : "28620", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28620" - }, - { - "name" : "28769", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28769" - }, - { - "name" : "28353", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cherrypy.org/changeset/1775", + "refsource": "CONFIRM", + "url": "http://www.cherrypy.org/changeset/1775" + }, + { + "name": "ADV-2008-0039", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0039" + }, + { + "name": "GLSA-200801-11", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200801-11.xml" + }, + { + "name": "27181", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27181" + }, + { + "name": "DSA-1481", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1481" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=204829", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=204829" + }, + { + "name": "http://www.cherrypy.org/changeset/1776", + "refsource": "CONFIRM", + "url": "http://www.cherrypy.org/changeset/1776" + }, + { + "name": "http://www.cherrypy.org/changeset/1774", + "refsource": "CONFIRM", + "url": "http://www.cherrypy.org/changeset/1774" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2127", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2127" + }, + { + "name": "20080124 rPSA-2008-0030-1 CherryPy", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487001/100/0/threaded" + }, + { + "name": "FEDORA-2008-0333", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00297.html" + }, + { + "name": "28769", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28769" + }, + { + "name": "http://www.cherrypy.org/ticket/744", + "refsource": "CONFIRM", + "url": "http://www.cherrypy.org/ticket/744" + }, + { + "name": "28353", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28353" + }, + { + "name": "28611", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28611" + }, + { + "name": "28354", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28354" + }, + { + "name": "28620", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28620" + }, + { + "name": "FEDORA-2008-0299", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00240.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0327.json b/2008/0xxx/CVE-2008-0327.json index 762851072ed..599037818c4 100644 --- a/2008/0xxx/CVE-2008-0327.json +++ b/2008/0xxx/CVE-2008-0327.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0327", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4914", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4914" - }, - { - "name" : "27302", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27302" - }, - { - "name" : "40330", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40330" - }, - { - "name" : "28566", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28566" - }, - { - "name" : "fascriptfamp3-show-sql-injection(39714)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39714" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4914", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4914" + }, + { + "name": "27302", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27302" + }, + { + "name": "fascriptfamp3-show-sql-injection(39714)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39714" + }, + { + "name": "40330", + "refsource": "OSVDB", + "url": "http://osvdb.org/40330" + }, + { + "name": "28566", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28566" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0979.json b/2008/0xxx/CVE-2008-0979.json index 7c324deed45..8972a5c6b0b 100644 --- a/2008/0xxx/CVE-2008-0979.json +++ b/2008/0xxx/CVE-2008-0979.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack consumption vulnerability in Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon crash) via a certain packet that triggers the recursive calling of a function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080222 Multiple vulnerabilities in Double-Take 5.0.0.2865", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488632/100/0/threaded" - }, - { - "name" : "http://aluigi.org/poc/doubletakedown.zip", - "refsource" : "MISC", - "url" : "http://aluigi.org/poc/doubletakedown.zip" - }, - { - "name" : "http://aluigi.altervista.org/adv/doubletakedown-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/doubletakedown-adv.txt" - }, - { - "name" : "27951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27951" - }, - { - "name" : "ADV-2008-0666", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0666" - }, - { - "name" : "29075", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29075" - }, - { - "name" : "3698", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack consumption vulnerability in Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon crash) via a certain packet that triggers the recursive calling of a function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0666", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0666" + }, + { + "name": "http://aluigi.altervista.org/adv/doubletakedown-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/doubletakedown-adv.txt" + }, + { + "name": "3698", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3698" + }, + { + "name": "27951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27951" + }, + { + "name": "http://aluigi.org/poc/doubletakedown.zip", + "refsource": "MISC", + "url": "http://aluigi.org/poc/doubletakedown.zip" + }, + { + "name": "29075", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29075" + }, + { + "name": "20080222 Multiple vulnerabilities in Double-Take 5.0.0.2865", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488632/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1142.json b/2008/1xxx/CVE-2008-1142.json index d5b3a0b6422..296d8a15370 100644 --- a/2008/1xxx/CVE-2008-1142.json +++ b/2008/1xxx/CVE-2008-1142.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://article.gmane.org/gmane.comp.security.oss.general/122", - "refsource" : "MISC", - "url" : "http://article.gmane.org/gmane.comp.security.oss.general/122" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296" - }, - { - "name" : "GLSA-200805-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200805-03.xml" - }, - { - "name" : "MDVSA-2008:161", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:161" - }, - { - "name" : "MDVSA-2008:221", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:221" - }, - { - "name" : "SUSE-SR:2008:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" - }, - { - "name" : "28512", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28512" - }, - { - "name" : "29576", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29576" - }, - { - "name" : "30224", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30224" - }, - { - "name" : "30225", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30225" - }, - { - "name" : "30226", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30226" - }, - { - "name" : "30227", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30227" - }, - { - "name" : "30229", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30229" - }, - { - "name" : "31687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31687" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2008:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" + }, + { + "name": "http://article.gmane.org/gmane.comp.security.oss.general/122", + "refsource": "MISC", + "url": "http://article.gmane.org/gmane.comp.security.oss.general/122" + }, + { + "name": "30226", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30226" + }, + { + "name": "28512", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28512" + }, + { + "name": "30229", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30229" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296" + }, + { + "name": "31687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31687" + }, + { + "name": "30225", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30225" + }, + { + "name": "30227", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30227" + }, + { + "name": "GLSA-200805-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200805-03.xml" + }, + { + "name": "30224", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30224" + }, + { + "name": "MDVSA-2008:161", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:161" + }, + { + "name": "MDVSA-2008:221", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:221" + }, + { + "name": "29576", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29576" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1770.json b/2008/1xxx/CVE-2008-1770.json index e9319f1b4b6..e9aa2c50319 100644 --- a/2008/1xxx/CVE-2008-1770.json +++ b/2008/1xxx/CVE-2008-1770.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080604 Akamai Technologies Security Advisory 2008-0001 (Download Manager)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493077/100/0/threaded" - }, - { - "name" : "20080605 Akamai Download Manager File Downloaded To Arbitrary Location Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493142/100/0/threaded" - }, - { - "name" : "20080604 Akamai Technologies Security Advisory 2008-0001 (Download Manager)", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062672.html" - }, - { - "name" : "5741", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5741" - }, - { - "name" : "ADV-2008-1746", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1746/references" - }, - { - "name" : "1020194", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020194" - }, - { - "name" : "30537", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30537" - }, - { - "name" : "downloadmanager-url-code-execution(42879)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42879" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5741", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5741" + }, + { + "name": "1020194", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020194" + }, + { + "name": "20080604 Akamai Technologies Security Advisory 2008-0001 (Download Manager)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493077/100/0/threaded" + }, + { + "name": "30537", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30537" + }, + { + "name": "downloadmanager-url-code-execution(42879)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42879" + }, + { + "name": "20080604 Akamai Technologies Security Advisory 2008-0001 (Download Manager)", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062672.html" + }, + { + "name": "ADV-2008-1746", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1746/references" + }, + { + "name": "20080605 Akamai Download Manager File Downloaded To Arbitrary Location Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493142/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1885.json b/2008/1xxx/CVE-2008-1885.json index 407dee6eb81..4655a8a2a87 100644 --- a/2008/1xxx/CVE-2008-1885.json +++ b/2008/1xxx/CVE-2008-1885.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download allows remote attackers to download arbitrary code onto a client system via a .. (dot dot) in the SkinPath parameter and a .zip URL in the HttpSkin parameter. NOTE: this can be leveraged for code execution by writing to a Startup folder." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080407 CDNetworks Nefficient Download(NeffyLauncher.dll) Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2008/Apr/0065.html" - }, - { - "name" : "5397", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5397" - }, - { - "name" : "28666", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28666" - }, - { - "name" : "ADV-2008-1186", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1186" - }, - { - "name" : "29692", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29692" - }, - { - "name" : "nefficientdload-neffylauncher-dir-traversal(41743)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41743" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download allows remote attackers to download arbitrary code onto a client system via a .. (dot dot) in the SkinPath parameter and a .zip URL in the HttpSkin parameter. NOTE: this can be leveraged for code execution by writing to a Startup folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1186", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1186" + }, + { + "name": "29692", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29692" + }, + { + "name": "20080407 CDNetworks Nefficient Download(NeffyLauncher.dll) Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2008/Apr/0065.html" + }, + { + "name": "28666", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28666" + }, + { + "name": "5397", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5397" + }, + { + "name": "nefficientdload-neffylauncher-dir-traversal(41743)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41743" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5318.json b/2008/5xxx/CVE-2008-5318.json index 3c9d3d38a78..4093db739ae 100644 --- a/2008/5xxx/CVE-2008-5318.json +++ b/2008/5xxx/CVE-2008-5318.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to \"size of user-provided input,\" a different issue than CVE-2008-3653." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://info.tikiwiki.org/tiki-read_article.php?articleId=41", - "refsource" : "CONFIRM", - "url" : "http://info.tikiwiki.org/tiki-read_article.php?articleId=41" - }, - { - "name" : "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup", - "refsource" : "CONFIRM", - "url" : "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup" - }, - { - "name" : "31857", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31857" - }, - { - "name" : "50058", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/50058" - }, - { - "name" : "32341", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32341" - }, - { - "name" : "ADV-2008-2889", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2889" - }, - { - "name" : "tikiwikicms-multiple-unspecified-variant2(46029)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to \"size of user-provided input,\" a different issue than CVE-2008-3653." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50058", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/50058" + }, + { + "name": "31857", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31857" + }, + { + "name": "http://info.tikiwiki.org/tiki-read_article.php?articleId=41", + "refsource": "CONFIRM", + "url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=41" + }, + { + "name": "ADV-2008-2889", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2889" + }, + { + "name": "32341", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32341" + }, + { + "name": "tikiwikicms-multiple-unspecified-variant2(46029)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46029" + }, + { + "name": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup", + "refsource": "CONFIRM", + "url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5459.json b/2008/5xxx/CVE-2008-5459.json index 7191aee0e4f..22e24405667 100644 --- a/2008/5xxx/CVE-2008-5459.json +++ b/2008/5xxx/CVE-2008-5459.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2008-5459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" - }, - { - "name" : "33177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33177" - }, - { - "name" : "ADV-2009-0115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0115" - }, - { - "name" : "1021571", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021571" - }, - { - "name" : "33526", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33526", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33526" + }, + { + "name": "ADV-2009-0115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0115" + }, + { + "name": "1021571", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021571" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" + }, + { + "name": "33177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33177" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5597.json b/2008/5xxx/CVE-2008-5597.json index f8a2b8cf79f..030ccae9c27 100644 --- a/2008/5xxx/CVE-2008-5597.json +++ b/2008/5xxx/CVE-2008-5597.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cold BBS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for db/cforum.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7353", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7353" - }, - { - "name" : "4756", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4756" - }, - { - "name" : "coldbbs-cforum-information-disclosure(47128)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cold BBS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for db/cforum.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "coldbbs-cforum-information-disclosure(47128)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47128" + }, + { + "name": "4756", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4756" + }, + { + "name": "7353", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7353" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5602.json b/2008/5xxx/CVE-2008-5602.json index e806f4ac95a..0e1f6e0e515 100644 --- a/2008/5xxx/CVE-2008-5602.json +++ b/2008/5xxx/CVE-2008-5602.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Natterchat 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for natterchat112.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7370", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7370" - }, - { - "name" : "4761", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4761" - }, - { - "name" : "natterchat-natterchat112-info-disclosure(47147)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Natterchat 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for natterchat112.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "natterchat-natterchat112-info-disclosure(47147)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47147" + }, + { + "name": "7370", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7370" + }, + { + "name": "4761", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4761" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0055.json b/2013/0xxx/CVE-2013-0055.json index 9547f13feef..0cb2d8b59cf 100644 --- a/2013/0xxx/CVE-2013-0055.json +++ b/2013/0xxx/CVE-2013-0055.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0055", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-0055", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0308.json b/2013/0xxx/CVE-2013-0308.json index 548415ea7b7..6cf6b72f227 100644 --- a/2013/0xxx/CVE-2013-0308.json +++ b/2013/0xxx/CVE-2013-0308.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0308", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0308", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[ANNOUNCE] 20130220 Git v1.8.1.4", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=git&m=136134619013145&w=2" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701586", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701586" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=804730", - "refsource" : "MISC", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=804730" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=909977", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=909977" - }, - { - "name" : "https://raw.github.com/git/git/master/Documentation/RelNotes/1.8.1.4.txt", - "refsource" : "CONFIRM", - "url" : "https://raw.github.com/git/git/master/Documentation/RelNotes/1.8.1.4.txt" - }, - { - "name" : "http://support.apple.com/kb/HT5937", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5937" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "APPLE-SA-2013-09-18-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00007.html" - }, - { - "name" : "RHSA-2013:0589", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0589.html" - }, - { - "name" : "openSUSE-SU-2013:0380", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00005.html" - }, - { - "name" : "openSUSE-SU-2013:0382", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00007.html" - }, - { - "name" : "58148", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58148" - }, - { - "name" : "1028205", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028205" - }, - { - "name" : "52361", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52361" - }, - { - "name" : "52443", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52443" - }, - { - "name" : "52467", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52467" - }, - { - "name" : "git-gitimapsend-spoofing(82329)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82329" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1028205", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028205" + }, + { + "name": "RHSA-2013:0589", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0589.html" + }, + { + "name": "https://raw.github.com/git/git/master/Documentation/RelNotes/1.8.1.4.txt", + "refsource": "CONFIRM", + "url": "https://raw.github.com/git/git/master/Documentation/RelNotes/1.8.1.4.txt" + }, + { + "name": "http://support.apple.com/kb/HT5937", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5937" + }, + { + "name": "git-gitimapsend-spoofing(82329)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82329" + }, + { + "name": "APPLE-SA-2013-09-18-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00007.html" + }, + { + "name": "52361", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52361" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701586", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701586" + }, + { + "name": "[ANNOUNCE] 20130220 Git v1.8.1.4", + "refsource": "MLIST", + "url": "http://marc.info/?l=git&m=136134619013145&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "openSUSE-SU-2013:0380", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00005.html" + }, + { + "name": "58148", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58148" + }, + { + "name": "52443", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52443" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=909977", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909977" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=804730", + "refsource": "MISC", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=804730" + }, + { + "name": "openSUSE-SU-2013:0382", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00007.html" + }, + { + "name": "52467", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52467" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0387.json b/2013/0xxx/CVE-2013-0387.json index 167878d390a..08ab3b8f225 100644 --- a/2013/0xxx/CVE-2013-0387.json +++ b/2013/0xxx/CVE-2013-0387.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0387", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to PeopleCode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-0387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to PeopleCode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3045.json b/2013/3xxx/CVE-2013-3045.json index 5f69138c4ff..7e52d5d0352 100644 --- a/2013/3xxx/CVE-2013-3045.json +++ b/2013/3xxx/CVE-2013-3045.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to share crafted links via the Library function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-3045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21654355", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21654355" - }, - { - "name" : "sametime-ems-cve20133045-library(84816)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84816" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to share crafted links via the Library function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21654355", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21654355" + }, + { + "name": "sametime-ems-cve20133045-library(84816)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84816" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3072.json b/2013/3xxx/CVE-2013-3072.json index 8d934e2c879..849429a3a35 100644 --- a/2013/3xxx/CVE-2013-3072.json +++ b/2013/3xxx/CVE-2013-3072.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3072", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3072", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3352.json b/2013/3xxx/CVE-2013-3352.json index 43f47346fa7..e7ae448b871 100644 --- a/2013/3xxx/CVE-2013-3352.json +++ b/2013/3xxx/CVE-2013-3352.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3352", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3354 and CVE-2013-3355." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-3352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-22.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-22.html" - }, - { - "name" : "oval:org.mitre.oval:def:18590", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18590" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3354 and CVE-2013-3355." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-22.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-22.html" + }, + { + "name": "oval:org.mitre.oval:def:18590", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18590" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3416.json b/2013/3xxx/CVE-2013-3416.json index 4375ef41df7..110d42d5228 100644 --- a/2013/3xxx/CVE-2013-3416.json +++ b/2013/3xxx/CVE-2013-3416.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-3416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130709 Cisco Unified Communications Management Products Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3416" - }, - { - "name" : "1028765", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028765" - }, - { - "name" : "1028766", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028766" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1028765", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028765" + }, + { + "name": "1028766", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028766" + }, + { + "name": "20130709 Cisco Unified Communications Management Products Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3416" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3666.json b/2013/3xxx/CVE-2013-3666.json index a419da95c3e..3f8f1e8ad8e 100644 --- a/2013/3xxx/CVE-2013-3666.json +++ b/2013/3xxx/CVE-2013-3666.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3666", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LG Hidden Menu component for Android on the LG Optimus G E973 allows physically proximate attackers to execute arbitrary commands by entering USB Debugging mode, using Android Debug Bridge (adb) to establish a USB connection, dialing 3845#*973#, modifying the WLAN Test Wi-Fi Ping Test/User Command tcpdump command string, and pressing the CANCEL button." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130525 CVE-2013-3666 - LG Optimus G command injection (as system user) vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/May/166" - }, - { - "name" : "http://www.youtube.com/watch?v=ZfbDIpTY-t4", - "refsource" : "MISC", - "url" : "http://www.youtube.com/watch?v=ZfbDIpTY-t4" - }, - { - "name" : "https://plus.google.com/110348415484169880343/posts/9KxBtkyuYcj", - "refsource" : "MISC", - "url" : "https://plus.google.com/110348415484169880343/posts/9KxBtkyuYcj" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LG Hidden Menu component for Android on the LG Optimus G E973 allows physically proximate attackers to execute arbitrary commands by entering USB Debugging mode, using Android Debug Bridge (adb) to establish a USB connection, dialing 3845#*973#, modifying the WLAN Test Wi-Fi Ping Test/User Command tcpdump command string, and pressing the CANCEL button." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130525 CVE-2013-3666 - LG Optimus G command injection (as system user) vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/May/166" + }, + { + "name": "https://plus.google.com/110348415484169880343/posts/9KxBtkyuYcj", + "refsource": "MISC", + "url": "https://plus.google.com/110348415484169880343/posts/9KxBtkyuYcj" + }, + { + "name": "http://www.youtube.com/watch?v=ZfbDIpTY-t4", + "refsource": "MISC", + "url": "http://www.youtube.com/watch?v=ZfbDIpTY-t4" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3829.json b/2013/3xxx/CVE-2013-3829.json index 8fa00654536..ba18d6d32fc 100644 --- a/2013/3xxx/CVE-2013-3829.json +++ b/2013/3xxx/CVE-2013-3829.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-3829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" - }, - { - "name" : "http://support.apple.com/kb/HT5982", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5982" - }, - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1019133", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1019133" - }, - { - "name" : "APPLE-SA-2013-10-15-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02943", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=138674031212883&w=2" - }, - { - "name" : "HPSBUX02944", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=138674073720143&w=2" - }, - { - "name" : "RHSA-2013:1440", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1440.html" - }, - { - "name" : "RHSA-2013:1447", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1447.html" - }, - { - "name" : "RHSA-2013:1451", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1451.html" - }, - { - "name" : "RHSA-2013:1505", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1505.html" - }, - { - "name" : "RHSA-2013:1507", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1507.html" - }, - { - "name" : "RHSA-2013:1508", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1508.html" - }, - { - "name" : "RHSA-2013:1509", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1509.html" - }, - { - "name" : "RHSA-2013:1793", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1793.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "SUSE-SU-2013:1666", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html" - }, - { - "name" : "SUSE-SU-2013:1677", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html" - }, - { - "name" : "openSUSE-SU-2013:1663", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html" - }, - { - "name" : "USN-2033-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2033-1" - }, - { - "name" : "USN-2089-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2089-1" - }, - { - "name" : "63120", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63120" - }, - { - "name" : "oval:org.mitre.oval:def:19002", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19002" - }, - { - "name" : "56338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "RHSA-2013:1447", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html" + }, + { + "name": "RHSA-2013:1440", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html" + }, + { + "name": "USN-2033-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2033-1" + }, + { + "name": "USN-2089-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2089-1" + }, + { + "name": "RHSA-2013:1508", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1508.html" + }, + { + "name": "SUSE-SU-2013:1677", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html" + }, + { + "name": "HPSBUX02944", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=138674073720143&w=2" + }, + { + "name": "RHSA-2013:1505", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1505.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201" + }, + { + "name": "HPSBUX02943", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=138674031212883&w=2" + }, + { + "name": "oval:org.mitre.oval:def:19002", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19002" + }, + { + "name": "openSUSE-SU-2013:1663", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html" + }, + { + "name": "SUSE-SU-2013:1666", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html" + }, + { + "name": "RHSA-2013:1793", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1793.html" + }, + { + "name": "RHSA-2013:1509", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1509.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" + }, + { + "name": "APPLE-SA-2013-10-15-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html" + }, + { + "name": "RHSA-2013:1507", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1507.html" + }, + { + "name": "63120", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63120" + }, + { + "name": "http://support.apple.com/kb/HT5982", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5982" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1019133", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019133" + }, + { + "name": "56338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56338" + }, + { + "name": "RHSA-2013:1451", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html" + }, + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4062.json b/2013/4xxx/CVE-2013-4062.json index 1bf5a8f0b57..fe917fa88b5 100644 --- a/2013/4xxx/CVE-2013-4062.json +++ b/2013/4xxx/CVE-2013-4062.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Policy Tester 8.5 before 8.5.0.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof Jazz Team servers, obtain sensitive information, and modify the client-server data stream via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-4062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21648481", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21648481" - }, - { - "name" : "policytester-cve20134062-jazz-ssl(86586)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86586" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Policy Tester 8.5 before 8.5.0.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof Jazz Team servers, obtain sensitive information, and modify the client-server data stream via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21648481", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648481" + }, + { + "name": "policytester-cve20134062-jazz-ssl(86586)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86586" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4250.json b/2013/4xxx/CVE-2013-4250.json index ecb32a875a5..1c248f5114c 100644 --- a/2013/4xxx/CVE-2013-4250.json +++ b/2013/4xxx/CVE-2013-4250.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-002/", - "refsource" : "CONFIRM", - "url" : "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-002/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-002/", + "refsource": "CONFIRM", + "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-002/" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4478.json b/2013/4xxx/CVE-2013-4478.json index 567a54569db..574b49bc1b7 100644 --- a/2013/4xxx/CVE-2013-4478.json +++ b/2013/4xxx/CVE-2013-4478.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131029 Re: CVE Request: sup MUA Command Injection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/10/30/2" - }, - { - "name" : "[sup-talk] 20130818 Fwd: Security issue with suggested configuration of sup", - "refsource" : "MLIST", - "url" : "http://rubyforge.org/pipermail/sup-talk/2013-August/004993.html" - }, - { - "name" : "[sup-talk] 20131029 Security advisory, releases 0.13.2.1 and 0.14.1.1", - "refsource" : "MLIST", - "url" : "http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html" - }, - { - "name" : "https://github.com/sup-heliotrope/sup/commit/8b46cdbfc14e07ca07d403aa28b0e7bc1c544785", - "refsource" : "CONFIRM", - "url" : "https://github.com/sup-heliotrope/sup/commit/8b46cdbfc14e07ca07d403aa28b0e7bc1c544785" - }, - { - "name" : "DSA-2805", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2805" - }, - { - "name" : "55294", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55294" - }, - { - "name" : "55400", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[sup-talk] 20130818 Fwd: Security issue with suggested configuration of sup", + "refsource": "MLIST", + "url": "http://rubyforge.org/pipermail/sup-talk/2013-August/004993.html" + }, + { + "name": "55294", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55294" + }, + { + "name": "55400", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55400" + }, + { + "name": "[sup-talk] 20131029 Security advisory, releases 0.13.2.1 and 0.14.1.1", + "refsource": "MLIST", + "url": "http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html" + }, + { + "name": "DSA-2805", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2805" + }, + { + "name": "https://github.com/sup-heliotrope/sup/commit/8b46cdbfc14e07ca07d403aa28b0e7bc1c544785", + "refsource": "CONFIRM", + "url": "https://github.com/sup-heliotrope/sup/commit/8b46cdbfc14e07ca07d403aa28b0e7bc1c544785" + }, + { + "name": "[oss-security] 20131029 Re: CVE Request: sup MUA Command Injection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/10/30/2" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4503.json b/2013/4xxx/CVE-2013-4503.json index 1b2b1e833ec..505fde805be 100644 --- a/2013/4xxx/CVE-2013-4503.json +++ b/2013/4xxx/CVE-2013-4503.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Feed Element Mapper module for Drupal allows remote authenticated users with the \"administer taxonomy\" permission to inject arbitrary web script or HTML via vectors related to options." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131103 Re: CVE request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q4/210" - }, - { - "name" : "https://drupal.org/node/2124279", - "refsource" : "MISC", - "url" : "https://drupal.org/node/2124279" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Feed Element Mapper module for Drupal allows remote authenticated users with the \"administer taxonomy\" permission to inject arbitrary web script or HTML via vectors related to options." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20131103 Re: CVE request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q4/210" + }, + { + "name": "https://drupal.org/node/2124279", + "refsource": "MISC", + "url": "https://drupal.org/node/2124279" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4517.json b/2013/4xxx/CVE-2013-4517.json index 74174f14702..384d56e61e6 100644 --- a/2013/4xxx/CVE-2013-4517.json +++ b/2013/4xxx/CVE-2013-4517.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131218 Apache Santuario security advisory CVE-2013-4517 released", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Dec/169" - }, - { - "name" : "http://packetstormsecurity.com/files/124554/Java-XML-Signature-Denial-Of-Service-Attack.html", - "refsource" : "CONFIRM", - "url" : "http://packetstormsecurity.com/files/124554/Java-XML-Signature-Denial-Of-Service-Attack.html" - }, - { - "name" : "http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc", - "refsource" : "CONFIRM", - "url" : "http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc" - }, - { - "name" : "https://www.tenable.com/security/tns-2018-15", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2018-15" - }, - { - "name" : "RHSA-2014:0170", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0170.html" - }, - { - "name" : "RHSA-2014:0171", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0171.html" - }, - { - "name" : "RHSA-2014:0172", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0172.html" - }, - { - "name" : "RHSA-2014:0195", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0195.html" - }, - { - "name" : "RHSA-2014:1725", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1725.html" - }, - { - "name" : "RHSA-2014:1726", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1726.html" - }, - { - "name" : "RHSA-2014:1727", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1727.html" - }, - { - "name" : "RHSA-2014:1728", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1728.html" - }, - { - "name" : "RHSA-2015:0675", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0675.html" - }, - { - "name" : "RHSA-2015:0850", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0850.html" - }, - { - "name" : "RHSA-2015:0851", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0851.html" - }, - { - "name" : "64437", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64437" - }, - { - "name" : "101169", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101169" - }, - { - "name" : "1029524", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029524" - }, - { - "name" : "55639", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55639" - }, - { - "name" : "santuario-xmlsecurity-cve20134517-dos(89891)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89891" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:1728", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1728.html" + }, + { + "name": "RHSA-2014:1726", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1726.html" + }, + { + "name": "RHSA-2014:0170", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0170.html" + }, + { + "name": "RHSA-2015:0675", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html" + }, + { + "name": "101169", + "refsource": "OSVDB", + "url": "http://osvdb.org/101169" + }, + { + "name": "RHSA-2015:0850", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html" + }, + { + "name": "RHSA-2014:0195", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0195.html" + }, + { + "name": "https://www.tenable.com/security/tns-2018-15", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2018-15" + }, + { + "name": "santuario-xmlsecurity-cve20134517-dos(89891)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89891" + }, + { + "name": "RHSA-2014:1727", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1727.html" + }, + { + "name": "RHSA-2015:0851", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html" + }, + { + "name": "20131218 Apache Santuario security advisory CVE-2013-4517 released", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Dec/169" + }, + { + "name": "1029524", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029524" + }, + { + "name": "RHSA-2014:0172", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0172.html" + }, + { + "name": "http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc", + "refsource": "CONFIRM", + "url": "http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc" + }, + { + "name": "RHSA-2014:0171", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0171.html" + }, + { + "name": "http://packetstormsecurity.com/files/124554/Java-XML-Signature-Denial-Of-Service-Attack.html", + "refsource": "CONFIRM", + "url": "http://packetstormsecurity.com/files/124554/Java-XML-Signature-Denial-Of-Service-Attack.html" + }, + { + "name": "64437", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64437" + }, + { + "name": "RHSA-2014:1725", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1725.html" + }, + { + "name": "55639", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55639" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6376.json b/2013/6xxx/CVE-2013-6376.json index 3cc909f2835..e41e2cc987b 100644 --- a/2013/6xxx/CVE-2013-6376.json +++ b/2013/6xxx/CVE-2013-6376.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131212 Re: [vs-plain] kvm issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/12/12/12" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=17d68b763f09a9ce824ae23eb62c9efc57b69271", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=17d68b763f09a9ce824ae23eb62c9efc57b69271" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1033106", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1033106" - }, - { - "name" : "https://github.com/torvalds/linux/commit/17d68b763f09a9ce824ae23eb62c9efc57b69271", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/17d68b763f09a9ce824ae23eb62c9efc57b69271" - }, - { - "name" : "openSUSE-SU-2014:0205", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html" - }, - { - "name" : "openSUSE-SU-2014:0204", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html" - }, - { - "name" : "USN-2113-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2113-1" - }, - { - "name" : "USN-2117-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2117-1" - }, - { - "name" : "USN-2136-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2136-1" - }, - { - "name" : "64319", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64319" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2113-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2113-1" + }, + { + "name": "[oss-security] 20131212 Re: [vs-plain] kvm issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/12/12/12" + }, + { + "name": "USN-2136-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2136-1" + }, + { + "name": "https://github.com/torvalds/linux/commit/17d68b763f09a9ce824ae23eb62c9efc57b69271", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/17d68b763f09a9ce824ae23eb62c9efc57b69271" + }, + { + "name": "USN-2117-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2117-1" + }, + { + "name": "64319", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64319" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=17d68b763f09a9ce824ae23eb62c9efc57b69271", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=17d68b763f09a9ce824ae23eb62c9efc57b69271" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1033106", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033106" + }, + { + "name": "openSUSE-SU-2014:0204", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html" + }, + { + "name": "openSUSE-SU-2014:0205", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6804.json b/2013/6xxx/CVE-2013-6804.json index 560ff99ee14..c95659cfdff 100644 --- a/2013/6xxx/CVE-2013-6804.json +++ b/2013/6xxx/CVE-2013-6804.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Search module before 1.1.1 for Jamroom allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to search/results/all/1/4." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB23184", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23184" - }, - { - "name" : "https://www.jamroom.net/the-jamroom-network/networkmarket/43/search/expanded_changelog=1", - "refsource" : "CONFIRM", - "url" : "https://www.jamroom.net/the-jamroom-network/networkmarket/43/search/expanded_changelog=1" - }, - { - "name" : "https://www.jamroom.net/the-jamroom-network/tracker/128/xss-vulnerability-in-search-module", - "refsource" : "CONFIRM", - "url" : "https://www.jamroom.net/the-jamroom-network/tracker/128/xss-vulnerability-in-search-module" - }, - { - "name" : "55886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Search module before 1.1.1 for Jamroom allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to search/results/all/1/4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.jamroom.net/the-jamroom-network/networkmarket/43/search/expanded_changelog=1", + "refsource": "CONFIRM", + "url": "https://www.jamroom.net/the-jamroom-network/networkmarket/43/search/expanded_changelog=1" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23184", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23184" + }, + { + "name": "55886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55886" + }, + { + "name": "https://www.jamroom.net/the-jamroom-network/tracker/128/xss-vulnerability-in-search-module", + "refsource": "CONFIRM", + "url": "https://www.jamroom.net/the-jamroom-network/tracker/128/xss-vulnerability-in-search-module" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10141.json b/2017/10xxx/CVE-2017-10141.json index 5e728bc2957..c4d2301ed18 100644 --- a/2017/10xxx/CVE-2017-10141.json +++ b/2017/10xxx/CVE-2017-10141.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Outside In Technology", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.5.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology as well as unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data. CVSS 3.0 Base Score 8.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology as well as unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.5.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99785", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99785" - }, - { - "name" : "1038940", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038940" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology as well as unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data. CVSS 3.0 Base Score 8.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology as well as unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99785", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99785" + }, + { + "name": "1038940", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038940" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10540.json b/2017/10xxx/CVE-2017-10540.json index ea7c69b48c2..3421a457564 100644 --- a/2017/10xxx/CVE-2017-10540.json +++ b/2017/10xxx/CVE-2017-10540.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10540", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10540", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10903.json b/2017/10xxx/CVE-2017-10903.json index 391d74c0a3d..b5798ca759e 100644 --- a/2017/10xxx/CVE-2017-10903.json +++ b/2017/10xxx/CVE-2017-10903.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-10903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PTW-WMS1", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 2.000.012" - } - ] - } - } - ] - }, - "vendor_name" : "Princeton Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper authentication" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-10903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PTW-WMS1", + "version": { + "version_data": [ + { + "version_value": "firmware version 2.000.012" + } + ] + } + } + ] + }, + "vendor_name": "Princeton Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#98295787", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN98295787/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#98295787", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN98295787/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12190.json b/2017/12xxx/CVE-2017-12190.json index f5f4eb00425..85fad1c0734 100644 --- a/2017/12xxx/CVE-2017-12190.json +++ b/2017/12xxx/CVE-2017-12190.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2017-12190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Linux kernel through v4.14-rc5", - "version" : { - "version_data" : [ - { - "version_value" : "Linux kernel through v4.14-rc5" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-400" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-12190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Linux kernel through v4.14-rc5", + "version": { + "version_data": [ + { + "version_value": "Linux kernel through v4.14-rc5" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95d78c28b5a85bacbc29b8dba7c04babb9b0d467", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95d78c28b5a85bacbc29b8dba7c04babb9b0d467" - }, - { - "name" : "http://seclists.org/oss-sec/2017/q4/52", - "refsource" : "CONFIRM", - "url" : "http://seclists.org/oss-sec/2017/q4/52" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1495089", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1495089" - }, - { - "name" : "https://github.com/torvalds/linux/commit/2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058" - }, - { - "name" : "https://github.com/torvalds/linux/commit/95d78c28b5a85bacbc29b8dba7c04babb9b0d467", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/95d78c28b5a85bacbc29b8dba7c04babb9b0d467" - }, - { - "name" : "RHSA-2018:0654", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0654" - }, - { - "name" : "RHSA-2018:0676", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0676" - }, - { - "name" : "RHSA-2018:1062", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1062" - }, - { - "name" : "RHSA-2018:1854", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1854" - }, - { - "name" : "USN-3582-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3582-1/" - }, - { - "name" : "USN-3582-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3582-2/" - }, - { - "name" : "USN-3583-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3583-1/" - }, - { - "name" : "USN-3583-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3583-2/" - }, - { - "name" : "101911", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101911" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058" + }, + { + "name": "101911", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101911" + }, + { + "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html" + }, + { + "name": "USN-3583-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3583-2/" + }, + { + "name": "RHSA-2018:1854", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1854" + }, + { + "name": "USN-3582-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3582-1/" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95d78c28b5a85bacbc29b8dba7c04babb9b0d467", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95d78c28b5a85bacbc29b8dba7c04babb9b0d467" + }, + { + "name": "RHSA-2018:1062", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1062" + }, + { + "name": "https://github.com/torvalds/linux/commit/95d78c28b5a85bacbc29b8dba7c04babb9b0d467", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/95d78c28b5a85bacbc29b8dba7c04babb9b0d467" + }, + { + "name": "RHSA-2018:0654", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0654" + }, + { + "name": "USN-3583-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3583-1/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1495089", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495089" + }, + { + "name": "https://github.com/torvalds/linux/commit/2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058" + }, + { + "name": "http://seclists.org/oss-sec/2017/q4/52", + "refsource": "CONFIRM", + "url": "http://seclists.org/oss-sec/2017/q4/52" + }, + { + "name": "RHSA-2018:0676", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0676" + }, + { + "name": "USN-3582-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3582-2/" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12285.json b/2017/12xxx/CVE-2017-12285.json index 9d95371a798..4cee1250094 100644 --- a/2017/12xxx/CVE-2017-12285.json +++ b/2017/12xxx/CVE-2017-12285.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Network Analysis Module", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Network Analysis Module" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system. Cisco Bug IDs: CSCvf41365." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Network Analysis Module", + "version": { + "version_data": [ + { + "version_value": "Cisco Network Analysis Module" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-nam", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-nam" - }, - { - "name" : "101527", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101527" - }, - { - "name" : "1039623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system. Cisco Bug IDs: CSCvf41365." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101527", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101527" + }, + { + "name": "1039623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039623" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-nam", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-nam" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12520.json b/2017/12xxx/CVE-2017-12520.json index 3003b393736..7c10a85a4f1 100644 --- a/2017/12xxx/CVE-2017-12520.json +++ b/2017/12xxx/CVE-2017-12520.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-08-11T00:00:00", - "ID" : "CVE-2017-12520", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center (iMC) PLAT", - "version" : { - "version_data" : [ - { - "version_value" : "PLAT 7.3 (E0504)" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-08-11T00:00:00", + "ID": "CVE-2017-12520", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center (iMC) PLAT", + "version": { + "version_data": [ + { + "version_value": "PLAT 7.3 (E0504)" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" - }, - { - "name" : "100367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100367" - }, - { - "name" : "1039152", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039152", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039152" + }, + { + "name": "100367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100367" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12549.json b/2017/12xxx/CVE-2017-12549.json index a8d3d3862dc..9864982d2fe 100644 --- a/2017/12xxx/CVE-2017-12549.json +++ b/2017/12xxx/CVE-2017-12549.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-09-26T00:00:00", - "ID" : "CVE-2017-12549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "System Management Homepage for Windows and Linux", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 7.6.1" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "local authentication bypass" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-09-26T00:00:00", + "ID": "CVE-2017-12549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "System Management Homepage for Windows and Linux", + "version": { + "version_data": [ + { + "version_value": "prior to 7.6.1" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us" - }, - { - "name" : "101029", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101029" - }, - { - "name" : "1039437", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039437" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "local authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039437", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039437" + }, + { + "name": "101029", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101029" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12645.json b/2017/12xxx/CVE-2017-12645.json index 8a73d3e4d5b..8c0236aadad 100644 --- a/2017/12xxx/CVE-2017-12645.json +++ b/2017/12xxx/CVE-2017-12645.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities", - "refsource" : "CONFIRM", - "url" : "https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities" - }, - { - "name" : "https://issues.liferay.com/browse/LPS-72307", - "refsource" : "CONFIRM", - "url" : "https://issues.liferay.com/browse/LPS-72307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://issues.liferay.com/browse/LPS-72307", + "refsource": "CONFIRM", + "url": "https://issues.liferay.com/browse/LPS-72307" + }, + { + "name": "https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities", + "refsource": "CONFIRM", + "url": "https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12910.json b/2017/12xxx/CVE-2017-12910.json index 66fe75dd9d2..3eabc48b842 100644 --- a/2017/12xxx/CVE-2017-12910.json +++ b/2017/12xxx/CVE-2017-12910.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12910", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lu4n.com/cve/10.txt", - "refsource" : "MISC", - "url" : "http://lu4n.com/cve/10.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lu4n.com/cve/10.txt", + "refsource": "MISC", + "url": "http://lu4n.com/cve/10.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12938.json b/2017/12xxx/CVE-2017-12938.json index 5e42b11407d..acef7ad26f3 100644 --- a/2017/12xxx/CVE-2017-12938.json +++ b/2017/12xxx/CVE-2017-12938.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/oss-sec/2017/q3/290", - "refsource" : "MISC", - "url" : "http://seclists.org/oss-sec/2017/q3/290" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/oss-sec/2017/q3/290", + "refsource": "MISC", + "url": "http://seclists.org/oss-sec/2017/q3/290" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13075.json b/2017/13xxx/CVE-2017-13075.json index 9aff4c5bbfd..fc7eaf2a3f2 100644 --- a/2017/13xxx/CVE-2017-13075.json +++ b/2017/13xxx/CVE-2017-13075.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13075", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13075", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13382.json b/2017/13xxx/CVE-2017-13382.json index 3d0de7715bb..67caf593f9b 100644 --- a/2017/13xxx/CVE-2017-13382.json +++ b/2017/13xxx/CVE-2017-13382.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13382", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13382", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13391.json b/2017/13xxx/CVE-2017-13391.json index 2500f80edea..0ad417730eb 100644 --- a/2017/13xxx/CVE-2017-13391.json +++ b/2017/13xxx/CVE-2017-13391.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13391", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13391", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13399.json b/2017/13xxx/CVE-2017-13399.json index 0ce04ca8e27..662b608f4f3 100644 --- a/2017/13xxx/CVE-2017-13399.json +++ b/2017/13xxx/CVE-2017-13399.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13399", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13399", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13778.json b/2017/13xxx/CVE-2017-13778.json index aff777413fb..e88c31c415f 100644 --- a/2017/13xxx/CVE-2017-13778.json +++ b/2017/13xxx/CVE-2017-13778.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13778", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Fiyo CMS 2.0.7 has XSS in dapur\\apps\\app_config\\sys_config.php via the site_name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13778", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/FiyoCMS/FiyoCMS/issues/8", - "refsource" : "MISC", - "url" : "https://github.com/FiyoCMS/FiyoCMS/issues/8" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Fiyo CMS 2.0.7 has XSS in dapur\\apps\\app_config\\sys_config.php via the site_name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/FiyoCMS/FiyoCMS/issues/8", + "refsource": "MISC", + "url": "https://github.com/FiyoCMS/FiyoCMS/issues/8" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17059.json b/2017/17xxx/CVE-2017-17059.json index 39ca64fb09b..127e6ef0113 100644 --- a/2017/17xxx/CVE-2017-17059.json +++ b/2017/17xxx/CVE-2017-17059.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/NaturalIntelligence/wp-thumb-post/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/NaturalIntelligence/wp-thumb-post/issues/1" - }, - { - "name" : "https://packetstormsecurity.com/files/145044/WordPress-amtyThumb-8.1.3-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/145044/WordPress-amtyThumb-8.1.3-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/145044/WordPress-amtyThumb-8.1.3-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/145044/WordPress-amtyThumb-8.1.3-Cross-Site-Scripting.html" + }, + { + "name": "https://github.com/NaturalIntelligence/wp-thumb-post/issues/1", + "refsource": "MISC", + "url": "https://github.com/NaturalIntelligence/wp-thumb-post/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17244.json b/2017/17xxx/CVE-2017-17244.json index 79b150d3238..b0cc7f07a35 100644 --- a/2017/17xxx/CVE-2017-17244.json +++ b/2017/17xxx/CVE-2017-17244.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17244", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17244", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17338.json b/2017/17xxx/CVE-2017-17338.json index c612fd857af..0440c81463c 100644 --- a/2017/17xxx/CVE-2017-17338.json +++ b/2017/17xxx/CVE-2017-17338.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17338", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17338", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17732.json b/2017/17xxx/CVE-2017-17732.json index 5561ac6708d..df2dbd9828a 100644 --- a/2017/17xxx/CVE-2017-17732.json +++ b/2017/17xxx/CVE-2017-17732.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17732", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17732", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17759.json b/2017/17xxx/CVE-2017-17759.json index 1a817e52271..7ca68c08a61 100644 --- a/2017/17xxx/CVE-2017-17759.json +++ b/2017/17xxx/CVE-2017-17759.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration, or cause a denial of service (by deleting the configuration) via a wc.dll?wwMaint~EditConfig request (which reaches an older version of a West Wind Web Connection HTTP service)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43377", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43377/" - }, - { - "name" : "http://www.information-paradox.net/2017/12/conarc-ichannel-unauthenticated.html", - "refsource" : "MISC", - "url" : "http://www.information-paradox.net/2017/12/conarc-ichannel-unauthenticated.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration, or cause a denial of service (by deleting the configuration) via a wc.dll?wwMaint~EditConfig request (which reaches an older version of a West Wind Web Connection HTTP service)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.information-paradox.net/2017/12/conarc-ichannel-unauthenticated.html", + "refsource": "MISC", + "url": "http://www.information-paradox.net/2017/12/conarc-ichannel-unauthenticated.html" + }, + { + "name": "43377", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43377/" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18070.json b/2018/18xxx/CVE-2018-18070.json index 8f983c68223..d825843efc1 100644 --- a/2018/18xxx/CVE-2018-18070.json +++ b/2018/18xxx/CVE-2018-18070.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Daimler Mercedes-Benz COMAND 17/13.0 50.12 on Mercedes-Benz C-Class 2018 vehicles. Defining or receiving a specific navigation route might cause the system to freeze and reboot after a few transmissions. When the system next starts, it tries to re-calculate the route, which will cause a boot loop. (Under certain circumstances, it is possible to quickly overwrite the malicious route to regain the stability of the system.)" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://vuldb.com/?id.125080", - "refsource" : "MISC", - "url" : "https://vuldb.com/?id.125080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Daimler Mercedes-Benz COMAND 17/13.0 50.12 on Mercedes-Benz C-Class 2018 vehicles. Defining or receiving a specific navigation route might cause the system to freeze and reboot after a few transmissions. When the system next starts, it tries to re-calculate the route, which will cause a boot loop. (Under certain circumstances, it is possible to quickly overwrite the malicious route to regain the stability of the system.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://vuldb.com/?id.125080", + "refsource": "MISC", + "url": "https://vuldb.com/?id.125080" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18243.json b/2018/18xxx/CVE-2018-18243.json index 35504107bfd..7d83b1c142f 100644 --- a/2018/18xxx/CVE-2018-18243.json +++ b/2018/18xxx/CVE-2018-18243.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18243", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18243", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18360.json b/2018/18xxx/CVE-2018-18360.json index 93f3c2e7181..b2b22399b93 100644 --- a/2018/18xxx/CVE-2018-18360.json +++ b/2018/18xxx/CVE-2018-18360.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18360", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18360", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18506.json b/2018/18xxx/CVE-2018-18506.json index 59d23789928..7a22aed6de9 100644 --- a/2018/18xxx/CVE-2018-18506.json +++ b/2018/18xxx/CVE-2018-18506.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-18506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "65" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Proxy Auto-Configuration file can define localhost access to be proxied" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-18506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "65" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2019-01/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2019-01/" - }, - { - "name" : "USN-3874-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3874-1/" - }, - { - "name" : "106773", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106773" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Proxy Auto-Configuration file can define localhost access to be proxied" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2019-01/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-01/" + }, + { + "name": "106773", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106773" + }, + { + "name": "USN-3874-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3874-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18600.json b/2018/18xxx/CVE-2018-18600.json index 0eeec112fed..3e94c42eec7 100644 --- a/2018/18xxx/CVE-2018-18600.json +++ b/2018/18xxx/CVE-2018-18600.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://labs.bitdefender.com/2018/12/iot-report-major-flaws-in-guardzilla-cameras-allow-remote-hijack-of-the-security-device/", - "refsource" : "MISC", - "url" : "https://labs.bitdefender.com/2018/12/iot-report-major-flaws-in-guardzilla-cameras-allow-remote-hijack-of-the-security-device/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://labs.bitdefender.com/2018/12/iot-report-major-flaws-in-guardzilla-cameras-allow-remote-hijack-of-the-security-device/", + "refsource": "MISC", + "url": "https://labs.bitdefender.com/2018/12/iot-report-major-flaws-in-guardzilla-cameras-allow-remote-hijack-of-the-security-device/" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19228.json b/2018/19xxx/CVE-2018-19228.json index 1c8aa32abb0..f20e1213c09 100644 --- a/2018/19xxx/CVE-2018-19228.json +++ b/2018/19xxx/CVE-2018-19228.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#del-file", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#del-file" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#del-file", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#del-file" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19268.json b/2018/19xxx/CVE-2018-19268.json index 701d016cf05..16927857c9a 100644 --- a/2018/19xxx/CVE-2018-19268.json +++ b/2018/19xxx/CVE-2018-19268.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19268", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-19268", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19749.json b/2018/19xxx/CVE-2018-19749.json index ff82d8c78b9..2f0e5730cb4 100644 --- a/2018/19xxx/CVE-2018-19749.json +++ b/2018/19xxx/CVE-2018-19749.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45941", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45941/" - }, - { - "name" : "https://github.com/domainmod/domainmod/issues/81", - "refsource" : "MISC", - "url" : "https://github.com/domainmod/domainmod/issues/81" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/domainmod/domainmod/issues/81", + "refsource": "MISC", + "url": "https://github.com/domainmod/domainmod/issues/81" + }, + { + "name": "45941", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45941/" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19851.json b/2018/19xxx/CVE-2018-19851.json index ae5dd5089da..c8308bae4b9 100644 --- a/2018/19xxx/CVE-2018-19851.json +++ b/2018/19xxx/CVE-2018-19851.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19851", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19851", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19917.json b/2018/19xxx/CVE-2018-19917.json index d780e317be2..45908988aad 100644 --- a/2018/19xxx/CVE-2018-19917.json +++ b/2018/19xxx/CVE-2018-19917.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19917", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19917", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1204.json b/2018/1xxx/CVE-2018-1204.json index ef8cd868078..46d47dbdfd6 100644 --- a/2018/1xxx/CVE-2018-1204.json +++ b/2018/1xxx/CVE-2018-1204.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "DATE_PUBLIC" : "2018-03-19T00:00:00", - "ID" : "CVE-2018-1204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Isilon OneFS", - "version" : { - "version_data" : [ - { - "version_value" : "versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x and version 7.1.1.11" - } - ] - } - } - ] - }, - "vendor_name" : "Dell EMC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-03-19T00:00:00", + "ID": "CVE-2018-1204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Isilon OneFS", + "version": { + "version_data": [ + { + "version_value": "versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x and version 7.1.1.11" + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44039", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44039/" - }, - { - "name" : "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Mar/50" - }, - { - "name" : "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities" - }, - { - "name" : "103033", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103033" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103033", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103033" + }, + { + "name": "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Mar/50" + }, + { + "name": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities" + }, + { + "name": "44039", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44039/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1457.json b/2018/1xxx/CVE-2018-1457.json index 302c60610cb..269db1bfdba 100644 --- a/2018/1xxx/CVE-2018-1457.json +++ b/2018/1xxx/CVE-2018-1457.json @@ -1,204 +1,204 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-06-21T00:00:00", - "ID" : "CVE-2018-1457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational DOORS", - "version" : { - "version_data" : [ - { - "version_value" : "9.5.1" - }, - { - "version_value" : "9.5.1.1" - }, - { - "version_value" : "9.5.1.2" - }, - { - "version_value" : "9.5.2" - }, - { - "version_value" : "9.5.2.1" - }, - { - "version_value" : "9.6" - }, - { - "version_value" : "9.5.1.3" - }, - { - "version_value" : "9.5.1.4" - }, - { - "version_value" : "9.5.2.2" - }, - { - "version_value" : "9.5.2.3" - }, - { - "version_value" : "9.6.0.1" - }, - { - "version_value" : "9.6.0.2" - }, - { - "version_value" : "9.6.1" - }, - { - "version_value" : "9.6.1.1" - }, - { - "version_value" : "9.5.1.5" - }, - { - "version_value" : "9.5.2.4" - }, - { - "version_value" : "9.6.0.3" - }, - { - "version_value" : "9.6.1.2" - }, - { - "version_value" : "9.6.1.3" - }, - { - "version_value" : "9.6.1.4" - }, - { - "version_value" : "9.5.1.6" - }, - { - "version_value" : "9.5.2.5" - }, - { - "version_value" : "9.6.0.4" - }, - { - "version_value" : "9.5.1.7" - }, - { - "version_value" : "9.5.2.6" - }, - { - "version_value" : "9.6.0.5" - }, - { - "version_value" : "9.6.1.5" - }, - { - "version_value" : "9.6.1.6" - }, - { - "version_value" : "9.6.1.7" - }, - { - "version_value" : "9.5.1.8" - }, - { - "version_value" : "9.5.2.7" - }, - { - "version_value" : "9.6.0.6" - }, - { - "version_value" : "9.6.1.8" - }, - { - "version_value" : "9.6.1.9" - }, - { - "version_value" : "9.5.1.9" - }, - { - "version_value" : "9.5.2.8" - }, - { - "version_value" : "9.6.0.7" - }, - { - "version_value" : "9.6.1.10" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "H", - "AC" : "H", - "AV" : "N", - "C" : "H", - "I" : "H", - "PR" : "N", - "S" : "U", - "SCORE" : "8.100", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Bypass Security" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-06-21T00:00:00", + "ID": "CVE-2018-1457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational DOORS", + "version": { + "version_data": [ + { + "version_value": "9.5.1" + }, + { + "version_value": "9.5.1.1" + }, + { + "version_value": "9.5.1.2" + }, + { + "version_value": "9.5.2" + }, + { + "version_value": "9.5.2.1" + }, + { + "version_value": "9.6" + }, + { + "version_value": "9.5.1.3" + }, + { + "version_value": "9.5.1.4" + }, + { + "version_value": "9.5.2.2" + }, + { + "version_value": "9.5.2.3" + }, + { + "version_value": "9.6.0.1" + }, + { + "version_value": "9.6.0.2" + }, + { + "version_value": "9.6.1" + }, + { + "version_value": "9.6.1.1" + }, + { + "version_value": "9.5.1.5" + }, + { + "version_value": "9.5.2.4" + }, + { + "version_value": "9.6.0.3" + }, + { + "version_value": "9.6.1.2" + }, + { + "version_value": "9.6.1.3" + }, + { + "version_value": "9.6.1.4" + }, + { + "version_value": "9.5.1.6" + }, + { + "version_value": "9.5.2.5" + }, + { + "version_value": "9.6.0.4" + }, + { + "version_value": "9.5.1.7" + }, + { + "version_value": "9.5.2.6" + }, + { + "version_value": "9.6.0.5" + }, + { + "version_value": "9.6.1.5" + }, + { + "version_value": "9.6.1.6" + }, + { + "version_value": "9.6.1.7" + }, + { + "version_value": "9.5.1.8" + }, + { + "version_value": "9.5.2.7" + }, + { + "version_value": "9.6.0.6" + }, + { + "version_value": "9.6.1.8" + }, + { + "version_value": "9.6.1.9" + }, + { + "version_value": "9.5.1.9" + }, + { + "version_value": "9.5.2.8" + }, + { + "version_value": "9.6.0.7" + }, + { + "version_value": "9.6.1.10" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22017436", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22017436" - }, - { - "name" : "104573", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104573" - }, - { - "name" : "ibm-doors-cve20181457-sec-bypass(140208)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140208" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "H", + "AC": "H", + "AV": "N", + "C": "H", + "I": "H", + "PR": "N", + "S": "U", + "SCORE": "8.100", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Bypass Security" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-doors-cve20181457-sec-bypass(140208)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140208" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22017436", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22017436" + }, + { + "name": "104573", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104573" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1464.json b/2018/1xxx/CVE-2018-1464.json index 06dd9a78fd9..c46a15ee486 100644 --- a/2018/1xxx/CVE-2018-1464.json +++ b/2018/1xxx/CVE-2018-1464.json @@ -1,528 +1,528 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-05-14T00:00:00", - "ID" : "CVE-2018-1464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Storwize V5000", - "version" : { - "version_data" : [ - { - "version_value" : "7.1" - }, - { - "version_value" : "7.5" - }, - { - "version_value" : "7.6" - }, - { - "version_value" : "7.6.1" - }, - { - "version_value" : "7.7" - }, - { - "version_value" : "7.7.1" - }, - { - "version_value" : "7.8" - }, - { - "version_value" : "7.8.1" - }, - { - "version_value" : "8.1" - }, - { - "version_value" : "6.1" - }, - { - "version_value" : "6.2" - }, - { - "version_value" : "6.3" - }, - { - "version_value" : "6.4" - }, - { - "version_value" : "7.2" - }, - { - "version_value" : "7.3" - }, - { - "version_value" : "7.4" - }, - { - "version_value" : "8.1.1" - } - ] - } - }, - { - "product_name" : "Spectrum Virtualize Software", - "version" : { - "version_data" : [ - { - "version_value" : "7.5" - }, - { - "version_value" : "7.6" - }, - { - "version_value" : "7.6.1" - }, - { - "version_value" : "7.7" - }, - { - "version_value" : "7.7.1" - }, - { - "version_value" : "7.8" - }, - { - "version_value" : "7.8.1" - }, - { - "version_value" : "8.1" - }, - { - "version_value" : "6.1" - }, - { - "version_value" : "6.2" - }, - { - "version_value" : "6.3" - }, - { - "version_value" : "6.4" - }, - { - "version_value" : "7.1" - }, - { - "version_value" : "7.2" - }, - { - "version_value" : "7.3" - }, - { - "version_value" : "7.4" - }, - { - "version_value" : "8.1.1" - } - ] - } - }, - { - "product_name" : "Storwize V3500", - "version" : { - "version_data" : [ - { - "version_value" : "6.4" - }, - { - "version_value" : "7.1" - }, - { - "version_value" : "7.5" - }, - { - "version_value" : "7.6" - }, - { - "version_value" : "7.6.1" - }, - { - "version_value" : "7.7" - }, - { - "version_value" : "7.7.1" - }, - { - "version_value" : "7.8" - }, - { - "version_value" : "7.8.1" - }, - { - "version_value" : "8.1" - }, - { - "version_value" : "6.1" - }, - { - "version_value" : "6.2" - }, - { - "version_value" : "6.3" - }, - { - "version_value" : "7.2" - }, - { - "version_value" : "7.3" - }, - { - "version_value" : "7.4" - }, - { - "version_value" : "8.1.1" - } - ] - } - }, - { - "product_name" : "Storwize V7000 (2076)", - "version" : { - "version_data" : [ - { - "version_value" : "6.1" - }, - { - "version_value" : "6.2" - }, - { - "version_value" : "6.3" - }, - { - "version_value" : "6.4" - }, - { - "version_value" : "7.1" - }, - { - "version_value" : "7.2" - }, - { - "version_value" : "7.3" - }, - { - "version_value" : "7.4" - }, - { - "version_value" : "1.1" - }, - { - "version_value" : "7.5" - }, - { - "version_value" : "7.6" - }, - { - "version_value" : "7.6.1" - }, - { - "version_value" : "7.7" - }, - { - "version_value" : "7.7.1" - }, - { - "version_value" : "7.8" - }, - { - "version_value" : "7.8.1" - }, - { - "version_value" : "8.1" - }, - { - "version_value" : "8.1.1" - } - ] - } - }, - { - "product_name" : "Storwize V3700", - "version" : { - "version_data" : [ - { - "version_value" : "7.1" - }, - { - "version_value" : "6.4" - }, - { - "version_value" : "7.5" - }, - { - "version_value" : "7.6" - }, - { - "version_value" : "7.6.1" - }, - { - "version_value" : "7.7" - }, - { - "version_value" : "7.7.1" - }, - { - "version_value" : "7.8" - }, - { - "version_value" : "7.8.1" - }, - { - "version_value" : "8.1" - }, - { - "version_value" : "6.1" - }, - { - "version_value" : "6.2" - }, - { - "version_value" : "6.3" - }, - { - "version_value" : "7.2" - }, - { - "version_value" : "7.3" - }, - { - "version_value" : "7.4" - }, - { - "version_value" : "8.1.1" - } - ] - } - }, - { - "product_name" : "Spectrum Virtualize for Public Cloud", - "version" : { - "version_data" : [ - { - "version_value" : "7.5" - }, - { - "version_value" : "7.6" - }, - { - "version_value" : "7.6.1" - }, - { - "version_value" : "7.7" - }, - { - "version_value" : "7.7.1" - }, - { - "version_value" : "7.8" - }, - { - "version_value" : "7.8.1" - }, - { - "version_value" : "8.1" - }, - { - "version_value" : "6.1" - }, - { - "version_value" : "6.2" - }, - { - "version_value" : "6.3" - }, - { - "version_value" : "6.4" - }, - { - "version_value" : "7.1" - }, - { - "version_value" : "7.2" - }, - { - "version_value" : "7.3" - }, - { - "version_value" : "7.4" - }, - { - "version_value" : "8.1.1" - } - ] - } - }, - { - "product_name" : "SAN Volume Controller", - "version" : { - "version_data" : [ - { - "version_value" : "6.1" - }, - { - "version_value" : "6.2" - }, - { - "version_value" : "6.3" - }, - { - "version_value" : "6.4" - }, - { - "version_value" : "7.1" - }, - { - "version_value" : "7.5" - }, - { - "version_value" : "7.6" - }, - { - "version_value" : "7.6.1" - }, - { - "version_value" : "7.7" - }, - { - "version_value" : "7.7.1" - }, - { - "version_value" : "7.8" - }, - { - "version_value" : "7.8.1" - }, - { - "version_value" : "8.1" - } - ] - } - }, - { - "product_name" : "FlashSystem V9000", - "version" : { - "version_data" : [ - { - "version_value" : "7.5" - }, - { - "version_value" : "7.6" - }, - { - "version_value" : "7.6.1" - }, - { - "version_value" : "7.7" - }, - { - "version_value" : "7.7.1" - }, - { - "version_value" : "7.8" - }, - { - "version_value" : "7.8.1" - }, - { - "version_value" : "8.1" - }, - { - "version_value" : "6.1" - }, - { - "version_value" : "6.2" - }, - { - "version_value" : "6.3" - }, - { - "version_value" : "6.4" - }, - { - "version_value" : "7.1" - }, - { - "version_value" : "7.2" - }, - { - "version_value" : "7.3" - }, - { - "version_value" : "7.4" - }, - { - "version_value" : "8.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-05-14T00:00:00", + "ID": "CVE-2018-1464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Storwize V5000", + "version": { + "version_data": [ + { + "version_value": "7.1" + }, + { + "version_value": "7.5" + }, + { + "version_value": "7.6" + }, + { + "version_value": "7.6.1" + }, + { + "version_value": "7.7" + }, + { + "version_value": "7.7.1" + }, + { + "version_value": "7.8" + }, + { + "version_value": "7.8.1" + }, + { + "version_value": "8.1" + }, + { + "version_value": "6.1" + }, + { + "version_value": "6.2" + }, + { + "version_value": "6.3" + }, + { + "version_value": "6.4" + }, + { + "version_value": "7.2" + }, + { + "version_value": "7.3" + }, + { + "version_value": "7.4" + }, + { + "version_value": "8.1.1" + } + ] + } + }, + { + "product_name": "Spectrum Virtualize Software", + "version": { + "version_data": [ + { + "version_value": "7.5" + }, + { + "version_value": "7.6" + }, + { + "version_value": "7.6.1" + }, + { + "version_value": "7.7" + }, + { + "version_value": "7.7.1" + }, + { + "version_value": "7.8" + }, + { + "version_value": "7.8.1" + }, + { + "version_value": "8.1" + }, + { + "version_value": "6.1" + }, + { + "version_value": "6.2" + }, + { + "version_value": "6.3" + }, + { + "version_value": "6.4" + }, + { + "version_value": "7.1" + }, + { + "version_value": "7.2" + }, + { + "version_value": "7.3" + }, + { + "version_value": "7.4" + }, + { + "version_value": "8.1.1" + } + ] + } + }, + { + "product_name": "Storwize V3500", + "version": { + "version_data": [ + { + "version_value": "6.4" + }, + { + "version_value": "7.1" + }, + { + "version_value": "7.5" + }, + { + "version_value": "7.6" + }, + { + "version_value": "7.6.1" + }, + { + "version_value": "7.7" + }, + { + "version_value": "7.7.1" + }, + { + "version_value": "7.8" + }, + { + "version_value": "7.8.1" + }, + { + "version_value": "8.1" + }, + { + "version_value": "6.1" + }, + { + "version_value": "6.2" + }, + { + "version_value": "6.3" + }, + { + "version_value": "7.2" + }, + { + "version_value": "7.3" + }, + { + "version_value": "7.4" + }, + { + "version_value": "8.1.1" + } + ] + } + }, + { + "product_name": "Storwize V7000 (2076)", + "version": { + "version_data": [ + { + "version_value": "6.1" + }, + { + "version_value": "6.2" + }, + { + "version_value": "6.3" + }, + { + "version_value": "6.4" + }, + { + "version_value": "7.1" + }, + { + "version_value": "7.2" + }, + { + "version_value": "7.3" + }, + { + "version_value": "7.4" + }, + { + "version_value": "1.1" + }, + { + "version_value": "7.5" + }, + { + "version_value": "7.6" + }, + { + "version_value": "7.6.1" + }, + { + "version_value": "7.7" + }, + { + "version_value": "7.7.1" + }, + { + "version_value": "7.8" + }, + { + "version_value": "7.8.1" + }, + { + "version_value": "8.1" + }, + { + "version_value": "8.1.1" + } + ] + } + }, + { + "product_name": "Storwize V3700", + "version": { + "version_data": [ + { + "version_value": "7.1" + }, + { + "version_value": "6.4" + }, + { + "version_value": "7.5" + }, + { + "version_value": "7.6" + }, + { + "version_value": "7.6.1" + }, + { + "version_value": "7.7" + }, + { + "version_value": "7.7.1" + }, + { + "version_value": "7.8" + }, + { + "version_value": "7.8.1" + }, + { + "version_value": "8.1" + }, + { + "version_value": "6.1" + }, + { + "version_value": "6.2" + }, + { + "version_value": "6.3" + }, + { + "version_value": "7.2" + }, + { + "version_value": "7.3" + }, + { + "version_value": "7.4" + }, + { + "version_value": "8.1.1" + } + ] + } + }, + { + "product_name": "Spectrum Virtualize for Public Cloud", + "version": { + "version_data": [ + { + "version_value": "7.5" + }, + { + "version_value": "7.6" + }, + { + "version_value": "7.6.1" + }, + { + "version_value": "7.7" + }, + { + "version_value": "7.7.1" + }, + { + "version_value": "7.8" + }, + { + "version_value": "7.8.1" + }, + { + "version_value": "8.1" + }, + { + "version_value": "6.1" + }, + { + "version_value": "6.2" + }, + { + "version_value": "6.3" + }, + { + "version_value": "6.4" + }, + { + "version_value": "7.1" + }, + { + "version_value": "7.2" + }, + { + "version_value": "7.3" + }, + { + "version_value": "7.4" + }, + { + "version_value": "8.1.1" + } + ] + } + }, + { + "product_name": "SAN Volume Controller", + "version": { + "version_data": [ + { + "version_value": "6.1" + }, + { + "version_value": "6.2" + }, + { + "version_value": "6.3" + }, + { + "version_value": "6.4" + }, + { + "version_value": "7.1" + }, + { + "version_value": "7.5" + }, + { + "version_value": "7.6" + }, + { + "version_value": "7.6.1" + }, + { + "version_value": "7.7" + }, + { + "version_value": "7.7.1" + }, + { + "version_value": "7.8" + }, + { + "version_value": "7.8.1" + }, + { + "version_value": "8.1" + } + ] + } + }, + { + "product_name": "FlashSystem V9000", + "version": { + "version_data": [ + { + "version_value": "7.5" + }, + { + "version_value": "7.6" + }, + { + "version_value": "7.6.1" + }, + { + "version_value": "7.7" + }, + { + "version_value": "7.7.1" + }, + { + "version_value": "7.8" + }, + { + "version_value": "7.8.1" + }, + { + "version_value": "8.1" + }, + { + "version_value": "6.1" + }, + { + "version_value": "6.2" + }, + { + "version_value": "6.3" + }, + { + "version_value": "6.4" + }, + { + "version_value": "7.1" + }, + { + "version_value": "7.2" + }, + { + "version_value": "7.3" + }, + { + "version_value": "7.4" + }, + { + "version_value": "8.1.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283" - }, - { - "name" : "104349", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104349" - }, - { - "name" : "ibm-storwize-cve20181464-info-disc(140395)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140395" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-storwize-cve20181464-info-disc(140395)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140395" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282" + }, + { + "name": "104349", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104349" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1489.json b/2018/1xxx/CVE-2018-1489.json index fab4c4bc21b..cb7c7e17f4d 100644 --- a/2018/1xxx/CVE-2018-1489.json +++ b/2018/1xxx/CVE-2018-1489.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1489", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1489", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1701.json b/2018/1xxx/CVE-2018-1701.json index 1519cec4b37..14046ae803a 100644 --- a/2018/1xxx/CVE-2018-1701.json +++ b/2018/1xxx/CVE-2018-1701.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-10-16T00:00:00", - "ID" : "CVE-2018-1701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "InfoSphere Information Server", - "version" : { - "version_data" : [ - { - "version_value" : "11.7" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. IBM X-Force ID: 145970." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "H", - "AC" : "H", - "AV" : "N", - "C" : "H", - "I" : "H", - "PR" : "L", - "S" : "C", - "SCORE" : "8.500", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-10-16T00:00:00", + "ID": "CVE-2018-1701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InfoSphere Information Server", + "version": { + "version_data": [ + { + "version_value": "11.7" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10730555", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10730555" - }, - { - "name" : "ibm-infosphere-cve20181701-command-exec(145970)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145970" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. IBM X-Force ID: 145970." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "H", + "AC": "H", + "AV": "N", + "C": "H", + "I": "H", + "PR": "L", + "S": "C", + "SCORE": "8.500", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-infosphere-cve20181701-command-exec(145970)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145970" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10730555", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10730555" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5794.json b/2018/5xxx/CVE-2018-5794.json index 31f7058ae7a..1b8198b4139 100644 --- a/2018/5xxx/CVE-2018-5794.json +++ b/2018/5xxx/CVE-2018-5794.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5794", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is No Authentication for the AeroScout Service via a crafted UDP packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5794", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003", - "refsource" : "CONFIRM", - "url" : "https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is No Authentication for the AeroScout Service via a crafted UDP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003", + "refsource": "CONFIRM", + "url": "https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5929.json b/2018/5xxx/CVE-2018-5929.json index 8964f38beb9..50fae64ffb4 100644 --- a/2018/5xxx/CVE-2018-5929.json +++ b/2018/5xxx/CVE-2018-5929.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5929", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5929", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file