diff --git a/2008/0xxx/CVE-2008-0415.json b/2008/0xxx/CVE-2008-0415.json
index fb87a78b110..e3cb4ae369b 100644
--- a/2008/0xxx/CVE-2008-0415.json
+++ b/2008/0xxx/CVE-2008-0415.json
@@ -1,382 +1,382 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-0415",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka \"JavaScript privilege escalation bugs.\""
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert@redhat.com",
+ "ID": "CVE-2008-0415",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20080209 rPSA-2008-0051-1 firefox",
- "refsource" : "BUGTRAQ",
- "url" : "http://www.securityfocus.com/archive/1/487826/100/0/threaded"
- },
- {
- "name" : "20080212 FLEA-2008-0001-1 firefox",
- "refsource" : "BUGTRAQ",
- "url" : "http://www.securityfocus.com/archive/1/488002/100/0/threaded"
- },
- {
- "name" : "20080229 rPSA-2008-0093-1 thunderbird",
- "refsource" : "BUGTRAQ",
- "url" : "http://www.securityfocus.com/archive/1/488971/100/0/threaded"
- },
- {
- "name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-03.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-03.html"
- },
- {
- "name" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=386695,393761,393762,399298,407289,372075,363597",
- "refsource" : "CONFIRM",
- "url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=386695,393761,393762,399298,407289,372075,363597"
- },
- {
- "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0051",
- "refsource" : "CONFIRM",
- "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0051"
- },
- {
- "name" : "http://browser.netscape.com/releasenotes/",
- "refsource" : "CONFIRM",
- "url" : "http://browser.netscape.com/releasenotes/"
- },
- {
- "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0093",
- "refsource" : "CONFIRM",
- "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0093"
- },
- {
- "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093",
- "refsource" : "CONFIRM",
- "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093"
- },
- {
- "name" : "https://issues.rpath.com/browse/RPL-1995",
- "refsource" : "CONFIRM",
- "url" : "https://issues.rpath.com/browse/RPL-1995"
- },
- {
- "name" : "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html",
- "refsource" : "CONFIRM",
- "url" : "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html"
- },
- {
- "name" : "DSA-1484",
- "refsource" : "DEBIAN",
- "url" : "http://www.debian.org/security/2008/dsa-1484"
- },
- {
- "name" : "DSA-1485",
- "refsource" : "DEBIAN",
- "url" : "http://www.debian.org/security/2008/dsa-1485"
- },
- {
- "name" : "DSA-1489",
- "refsource" : "DEBIAN",
- "url" : "http://www.debian.org/security/2008/dsa-1489"
- },
- {
- "name" : "DSA-1506",
- "refsource" : "DEBIAN",
- "url" : "http://www.debian.org/security/2008/dsa-1506"
- },
- {
- "name" : "FEDORA-2008-1435",
- "refsource" : "FEDORA",
- "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html"
- },
- {
- "name" : "FEDORA-2008-1459",
- "refsource" : "FEDORA",
- "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html"
- },
- {
- "name" : "FEDORA-2008-1535",
- "refsource" : "FEDORA",
- "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html"
- },
- {
- "name" : "FEDORA-2008-2060",
- "refsource" : "FEDORA",
- "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html"
- },
- {
- "name" : "FEDORA-2008-2118",
- "refsource" : "FEDORA",
- "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html"
- },
- {
- "name" : "GLSA-200805-18",
- "refsource" : "GENTOO",
- "url" : "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml"
- },
- {
- "name" : "MDVSA-2008:048",
- "refsource" : "MANDRIVA",
- "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:048"
- },
- {
- "name" : "MDVSA-2008:062",
- "refsource" : "MANDRIVA",
- "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:062"
- },
- {
- "name" : "RHSA-2008:0103",
- "refsource" : "REDHAT",
- "url" : "http://www.redhat.com/support/errata/RHSA-2008-0103.html"
- },
- {
- "name" : "RHSA-2008:0104",
- "refsource" : "REDHAT",
- "url" : "http://www.redhat.com/support/errata/RHSA-2008-0104.html"
- },
- {
- "name" : "RHSA-2008:0105",
- "refsource" : "REDHAT",
- "url" : "http://www.redhat.com/support/errata/RHSA-2008-0105.html"
- },
- {
- "name" : "SSA:2008-061-01",
- "refsource" : "SLACKWARE",
- "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.445399"
- },
- {
- "name" : "239546",
- "refsource" : "SUNALERT",
- "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1"
- },
- {
- "name" : "238492",
- "refsource" : "SUNALERT",
- "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1"
- },
- {
- "name" : "SUSE-SA:2008:008",
- "refsource" : "SUSE",
- "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html"
- },
- {
- "name" : "USN-576-1",
- "refsource" : "UBUNTU",
- "url" : "http://www.ubuntu.com/usn/usn-576-1"
- },
- {
- "name" : "USN-582-1",
- "refsource" : "UBUNTU",
- "url" : "http://www.ubuntu.com/usn/usn-582-1"
- },
- {
- "name" : "USN-582-2",
- "refsource" : "UBUNTU",
- "url" : "http://www.ubuntu.com/usn/usn-582-2"
- },
- {
- "name" : "27683",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/27683"
- },
- {
- "name" : "oval:org.mitre.oval:def:9897",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9897"
- },
- {
- "name" : "ADV-2008-0453",
- "refsource" : "VUPEN",
- "url" : "http://www.vupen.com/english/advisories/2008/0453/references"
- },
- {
- "name" : "ADV-2008-0454",
- "refsource" : "VUPEN",
- "url" : "http://www.vupen.com/english/advisories/2008/0454/references"
- },
- {
- "name" : "ADV-2008-0627",
- "refsource" : "VUPEN",
- "url" : "http://www.vupen.com/english/advisories/2008/0627/references"
- },
- {
- "name" : "ADV-2008-2091",
- "refsource" : "VUPEN",
- "url" : "http://www.vupen.com/english/advisories/2008/2091/references"
- },
- {
- "name" : "ADV-2008-1793",
- "refsource" : "VUPEN",
- "url" : "http://www.vupen.com/english/advisories/2008/1793/references"
- },
- {
- "name" : "1019327",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id?1019327"
- },
- {
- "name" : "28818",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/28818"
- },
- {
- "name" : "28754",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/28754"
- },
- {
- "name" : "28758",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/28758"
- },
- {
- "name" : "28766",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/28766"
- },
- {
- "name" : "28808",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/28808"
- },
- {
- "name" : "28815",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/28815"
- },
- {
- "name" : "28839",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/28839"
- },
- {
- "name" : "28864",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/28864"
- },
- {
- "name" : "28865",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/28865"
- },
- {
- "name" : "28877",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/28877"
- },
- {
- "name" : "28879",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/28879"
- },
- {
- "name" : "28924",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/28924"
- },
- {
- "name" : "28939",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/28939"
- },
- {
- "name" : "28958",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/28958"
- },
- {
- "name" : "29049",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/29049"
- },
- {
- "name" : "29086",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/29086"
- },
- {
- "name" : "29167",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/29167"
- },
- {
- "name" : "29098",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/29098"
- },
- {
- "name" : "29164",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/29164"
- },
- {
- "name" : "29211",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/29211"
- },
- {
- "name" : "29567",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/29567"
- },
- {
- "name" : "30327",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/30327"
- },
- {
- "name" : "31043",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/31043"
- },
- {
- "name" : "30620",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/30620"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka \"JavaScript privilege escalation bugs.\""
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "RHSA-2008:0104",
+ "refsource": "REDHAT",
+ "url": "http://www.redhat.com/support/errata/RHSA-2008-0104.html"
+ },
+ {
+ "name": "USN-582-2",
+ "refsource": "UBUNTU",
+ "url": "http://www.ubuntu.com/usn/usn-582-2"
+ },
+ {
+ "name": "USN-576-1",
+ "refsource": "UBUNTU",
+ "url": "http://www.ubuntu.com/usn/usn-576-1"
+ },
+ {
+ "name": "http://browser.netscape.com/releasenotes/",
+ "refsource": "CONFIRM",
+ "url": "http://browser.netscape.com/releasenotes/"
+ },
+ {
+ "name": "28939",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/28939"
+ },
+ {
+ "name": "DSA-1506",
+ "refsource": "DEBIAN",
+ "url": "http://www.debian.org/security/2008/dsa-1506"
+ },
+ {
+ "name": "SSA:2008-061-01",
+ "refsource": "SLACKWARE",
+ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.445399"
+ },
+ {
+ "name": "https://issues.rpath.com/browse/RPL-1995",
+ "refsource": "CONFIRM",
+ "url": "https://issues.rpath.com/browse/RPL-1995"
+ },
+ {
+ "name": "FEDORA-2008-2118",
+ "refsource": "FEDORA",
+ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html"
+ },
+ {
+ "name": "FEDORA-2008-2060",
+ "refsource": "FEDORA",
+ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html"
+ },
+ {
+ "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093",
+ "refsource": "CONFIRM",
+ "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093"
+ },
+ {
+ "name": "28766",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/28766"
+ },
+ {
+ "name": "28818",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/28818"
+ },
+ {
+ "name": "30620",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/30620"
+ },
+ {
+ "name": "28865",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/28865"
+ },
+ {
+ "name": "29049",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/29049"
+ },
+ {
+ "name": "ADV-2008-0453",
+ "refsource": "VUPEN",
+ "url": "http://www.vupen.com/english/advisories/2008/0453/references"
+ },
+ {
+ "name": "RHSA-2008:0103",
+ "refsource": "REDHAT",
+ "url": "http://www.redhat.com/support/errata/RHSA-2008-0103.html"
+ },
+ {
+ "name": "28877",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/28877"
+ },
+ {
+ "name": "28879",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/28879"
+ },
+ {
+ "name": "USN-582-1",
+ "refsource": "UBUNTU",
+ "url": "http://www.ubuntu.com/usn/usn-582-1"
+ },
+ {
+ "name": "29167",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/29167"
+ },
+ {
+ "name": "29567",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/29567"
+ },
+ {
+ "name": "RHSA-2008:0105",
+ "refsource": "REDHAT",
+ "url": "http://www.redhat.com/support/errata/RHSA-2008-0105.html"
+ },
+ {
+ "name": "28958",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/28958"
+ },
+ {
+ "name": "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html",
+ "refsource": "CONFIRM",
+ "url": "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html"
+ },
+ {
+ "name": "30327",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/30327"
+ },
+ {
+ "name": "238492",
+ "refsource": "SUNALERT",
+ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1"
+ },
+ {
+ "name": "20080229 rPSA-2008-0093-1 thunderbird",
+ "refsource": "BUGTRAQ",
+ "url": "http://www.securityfocus.com/archive/1/488971/100/0/threaded"
+ },
+ {
+ "name": "DSA-1489",
+ "refsource": "DEBIAN",
+ "url": "http://www.debian.org/security/2008/dsa-1489"
+ },
+ {
+ "name": "20080212 FLEA-2008-0001-1 firefox",
+ "refsource": "BUGTRAQ",
+ "url": "http://www.securityfocus.com/archive/1/488002/100/0/threaded"
+ },
+ {
+ "name": "20080209 rPSA-2008-0051-1 firefox",
+ "refsource": "BUGTRAQ",
+ "url": "http://www.securityfocus.com/archive/1/487826/100/0/threaded"
+ },
+ {
+ "name": "29086",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/29086"
+ },
+ {
+ "name": "28815",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/28815"
+ },
+ {
+ "name": "ADV-2008-0454",
+ "refsource": "VUPEN",
+ "url": "http://www.vupen.com/english/advisories/2008/0454/references"
+ },
+ {
+ "name": "239546",
+ "refsource": "SUNALERT",
+ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1"
+ },
+ {
+ "name": "28864",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/28864"
+ },
+ {
+ "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=386695,393761,393762,399298,407289,372075,363597",
+ "refsource": "CONFIRM",
+ "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=386695,393761,393762,399298,407289,372075,363597"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:9897",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9897"
+ },
+ {
+ "name": "DSA-1485",
+ "refsource": "DEBIAN",
+ "url": "http://www.debian.org/security/2008/dsa-1485"
+ },
+ {
+ "name": "28924",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/28924"
+ },
+ {
+ "name": "27683",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/27683"
+ },
+ {
+ "name": "ADV-2008-1793",
+ "refsource": "VUPEN",
+ "url": "http://www.vupen.com/english/advisories/2008/1793/references"
+ },
+ {
+ "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-03.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-03.html"
+ },
+ {
+ "name": "1019327",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id?1019327"
+ },
+ {
+ "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0093",
+ "refsource": "CONFIRM",
+ "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0093"
+ },
+ {
+ "name": "ADV-2008-2091",
+ "refsource": "VUPEN",
+ "url": "http://www.vupen.com/english/advisories/2008/2091/references"
+ },
+ {
+ "name": "SUSE-SA:2008:008",
+ "refsource": "SUSE",
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html"
+ },
+ {
+ "name": "FEDORA-2008-1459",
+ "refsource": "FEDORA",
+ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html"
+ },
+ {
+ "name": "29164",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/29164"
+ },
+ {
+ "name": "29211",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/29211"
+ },
+ {
+ "name": "FEDORA-2008-1535",
+ "refsource": "FEDORA",
+ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html"
+ },
+ {
+ "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0051",
+ "refsource": "CONFIRM",
+ "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0051"
+ },
+ {
+ "name": "MDVSA-2008:062",
+ "refsource": "MANDRIVA",
+ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:062"
+ },
+ {
+ "name": "DSA-1484",
+ "refsource": "DEBIAN",
+ "url": "http://www.debian.org/security/2008/dsa-1484"
+ },
+ {
+ "name": "28808",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/28808"
+ },
+ {
+ "name": "ADV-2008-0627",
+ "refsource": "VUPEN",
+ "url": "http://www.vupen.com/english/advisories/2008/0627/references"
+ },
+ {
+ "name": "GLSA-200805-18",
+ "refsource": "GENTOO",
+ "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml"
+ },
+ {
+ "name": "28754",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/28754"
+ },
+ {
+ "name": "28758",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/28758"
+ },
+ {
+ "name": "FEDORA-2008-1435",
+ "refsource": "FEDORA",
+ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html"
+ },
+ {
+ "name": "MDVSA-2008:048",
+ "refsource": "MANDRIVA",
+ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:048"
+ },
+ {
+ "name": "31043",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/31043"
+ },
+ {
+ "name": "29098",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/29098"
+ },
+ {
+ "name": "28839",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/28839"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/0xxx/CVE-2008-0440.json b/2008/0xxx/CVE-2008-0440.json
index 74e8ffbb79f..89b8d9c575a 100644
--- a/2008/0xxx/CVE-2008-0440.json
+++ b/2008/0xxx/CVE-2008-0440.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-0440",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-0440",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "4956",
- "refsource" : "EXPLOIT-DB",
- "url" : "https://www.exploit-db.com/exploits/4956"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "4956",
+ "refsource": "EXPLOIT-DB",
+ "url": "https://www.exploit-db.com/exploits/4956"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/0xxx/CVE-2008-0644.json b/2008/0xxx/CVE-2008-0644.json
index 4750bdb76b3..3da74465c2a 100644
--- a/2008/0xxx/CVE-2008-0644.json
+++ b/2008/0xxx/CVE-2008-0644.json
@@ -1,87 +1,87 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-0644",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-0644",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.adobe.com/support/security/bulletins/apsb08-07.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.adobe.com/support/security/bulletins/apsb08-07.html"
- },
- {
- "name" : "28205",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/28205"
- },
- {
- "name" : "ADV-2008-0862",
- "refsource" : "VUPEN",
- "url" : "http://www.vupen.com/english/advisories/2008/0862/references"
- },
- {
- "name" : "1019590",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id?1019590"
- },
- {
- "name" : "29332",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/29332"
- },
- {
- "name" : "coldfusion-setencoding-xss(41145)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41145"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "29332",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/29332"
+ },
+ {
+ "name": "http://www.adobe.com/support/security/bulletins/apsb08-07.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.adobe.com/support/security/bulletins/apsb08-07.html"
+ },
+ {
+ "name": "ADV-2008-0862",
+ "refsource": "VUPEN",
+ "url": "http://www.vupen.com/english/advisories/2008/0862/references"
+ },
+ {
+ "name": "1019590",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id?1019590"
+ },
+ {
+ "name": "coldfusion-setencoding-xss(41145)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41145"
+ },
+ {
+ "name": "28205",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/28205"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/0xxx/CVE-2008-0676.json b/2008/0xxx/CVE-2008-0676.json
index 41b55b049c1..8292ff5ae4f 100644
--- a/2008/0xxx/CVE-2008-0676.json
+++ b/2008/0xxx/CVE-2008-0676.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-0676",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 allows remote attackers to inject arbitrary web script or HTML via the words parameter."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-0676",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "5050",
- "refsource" : "EXPLOIT-DB",
- "url" : "https://www.exploit-db.com/exploits/5050"
- },
- {
- "name" : "27594",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/27594"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 allows remote attackers to inject arbitrary web script or HTML via the words parameter."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "5050",
+ "refsource": "EXPLOIT-DB",
+ "url": "https://www.exploit-db.com/exploits/5050"
+ },
+ {
+ "name": "27594",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/27594"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/0xxx/CVE-2008-0919.json b/2008/0xxx/CVE-2008-0919.json
index dff388b0b5f..52c6620bae0 100644
--- a/2008/0xxx/CVE-2008-0919.json
+++ b/2008/0xxx/CVE-2008-0919.json
@@ -1,97 +1,97 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-0919",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Cross-site scripting (XSS) vulnerability in session/login.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 and earlier allows remote attackers to inject arbitrary web script or HTML via the dest parameter."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-0919",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20080221 SQL-injection, XSS in OSSIM (Open Source Security Information Management)",
- "refsource" : "BUGTRAQ",
- "url" : "http://www.securityfocus.com/archive/1/488450/100/0/threaded"
- },
- {
- "name" : "20080222 Re: SQL-injection, XSS in OSSIM (Open Source Security Information Management)",
- "refsource" : "BUGTRAQ",
- "url" : "http://www.securityfocus.com/archive/1/488617/100/0/threaded"
- },
- {
- "name" : "20080225 Re: Re: SQL-injection, XSS in OSSIM (Open Source Security Information Management)",
- "refsource" : "BUGTRAQ",
- "url" : "http://www.securityfocus.com/archive/1/488697/100/0/threaded"
- },
- {
- "name" : "5171",
- "refsource" : "EXPLOIT-DB",
- "url" : "https://www.exploit-db.com/exploits/5171"
- },
- {
- "name" : "27929",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/27929"
- },
- {
- "name" : "42006",
- "refsource" : "OSVDB",
- "url" : "http://osvdb.org/42006"
- },
- {
- "name" : "29046",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/29046"
- },
- {
- "name" : "3689",
- "refsource" : "SREASON",
- "url" : "http://securityreason.com/securityalert/3689"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Cross-site scripting (XSS) vulnerability in session/login.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 and earlier allows remote attackers to inject arbitrary web script or HTML via the dest parameter."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "3689",
+ "refsource": "SREASON",
+ "url": "http://securityreason.com/securityalert/3689"
+ },
+ {
+ "name": "20080222 Re: SQL-injection, XSS in OSSIM (Open Source Security Information Management)",
+ "refsource": "BUGTRAQ",
+ "url": "http://www.securityfocus.com/archive/1/488617/100/0/threaded"
+ },
+ {
+ "name": "20080225 Re: Re: SQL-injection, XSS in OSSIM (Open Source Security Information Management)",
+ "refsource": "BUGTRAQ",
+ "url": "http://www.securityfocus.com/archive/1/488697/100/0/threaded"
+ },
+ {
+ "name": "27929",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/27929"
+ },
+ {
+ "name": "5171",
+ "refsource": "EXPLOIT-DB",
+ "url": "https://www.exploit-db.com/exploits/5171"
+ },
+ {
+ "name": "42006",
+ "refsource": "OSVDB",
+ "url": "http://osvdb.org/42006"
+ },
+ {
+ "name": "20080221 SQL-injection, XSS in OSSIM (Open Source Security Information Management)",
+ "refsource": "BUGTRAQ",
+ "url": "http://www.securityfocus.com/archive/1/488450/100/0/threaded"
+ },
+ {
+ "name": "29046",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/29046"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/1xxx/CVE-2008-1216.json b/2008/1xxx/CVE-2008-1216.json
index 7d63ea7fbc1..413cff006a6 100644
--- a/2008/1xxx/CVE-2008-1216.json
+++ b/2008/1xxx/CVE-2008-1216.json
@@ -1,82 +1,82 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-1216",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not properly identify URIs containing cross-site scripting (XSS) attack strings, which allows remote attackers to inject arbitrary web script or HTML via a Calendar OpenDocument action to main.nsf with a Count parameter containing a JavaScript event in a malformed element, as demonstrated by an onload event in an IFRAME element."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-1216",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20080222 IBM Quickr 8 Calendar Xss Injection (Bypass Quickr 8.0 Xss Filter)",
- "refsource" : "BUGTRAQ",
- "url" : "http://www.securityfocus.com/archive/1/488620/100/100/threaded"
- },
- {
- "name" : "27925",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/27925"
- },
- {
- "name" : "ADV-2008-0667",
- "refsource" : "VUPEN",
- "url" : "http://www.vupen.com/english/advisories/2008/0667"
- },
- {
- "name" : "29072",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/29072"
- },
- {
- "name" : "3721",
- "refsource" : "SREASON",
- "url" : "http://securityreason.com/securityalert/3721"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not properly identify URIs containing cross-site scripting (XSS) attack strings, which allows remote attackers to inject arbitrary web script or HTML via a Calendar OpenDocument action to main.nsf with a Count parameter containing a JavaScript event in a malformed element, as demonstrated by an onload event in an IFRAME element."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "3721",
+ "refsource": "SREASON",
+ "url": "http://securityreason.com/securityalert/3721"
+ },
+ {
+ "name": "27925",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/27925"
+ },
+ {
+ "name": "29072",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/29072"
+ },
+ {
+ "name": "20080222 IBM Quickr 8 Calendar Xss Injection (Bypass Quickr 8.0 Xss Filter)",
+ "refsource": "BUGTRAQ",
+ "url": "http://www.securityfocus.com/archive/1/488620/100/100/threaded"
+ },
+ {
+ "name": "ADV-2008-0667",
+ "refsource": "VUPEN",
+ "url": "http://www.vupen.com/english/advisories/2008/0667"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/1xxx/CVE-2008-1576.json b/2008/1xxx/CVE-2008-1576.json
index a4793c050b3..9e21f3e8dee 100644
--- a/2008/1xxx/CVE-2008-1576.json
+++ b/2008/1xxx/CVE-2008-1576.json
@@ -1,97 +1,97 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-1576",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in opportunistic circumstances, by sending an e-mail message."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-1576",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "APPLE-SA-2008-05-28",
- "refsource" : "APPLE",
- "url" : "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
- },
- {
- "name" : "TA08-150A",
- "refsource" : "CERT",
- "url" : "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
- },
- {
- "name" : "29412",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/29412"
- },
- {
- "name" : "29500",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/29500"
- },
- {
- "name" : "ADV-2008-1697",
- "refsource" : "VUPEN",
- "url" : "http://www.vupen.com/english/advisories/2008/1697"
- },
- {
- "name" : "1020140",
- "refsource" : "SECTRACK",
- "url" : "http://securitytracker.com/id?1020140"
- },
- {
- "name" : "30430",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/30430"
- },
- {
- "name" : "macosx-mail-code-execution(42723)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42723"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in opportunistic circumstances, by sending an e-mail message."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "macosx-mail-code-execution(42723)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42723"
+ },
+ {
+ "name": "29500",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/29500"
+ },
+ {
+ "name": "TA08-150A",
+ "refsource": "CERT",
+ "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
+ },
+ {
+ "name": "30430",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/30430"
+ },
+ {
+ "name": "APPLE-SA-2008-05-28",
+ "refsource": "APPLE",
+ "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
+ },
+ {
+ "name": "1020140",
+ "refsource": "SECTRACK",
+ "url": "http://securitytracker.com/id?1020140"
+ },
+ {
+ "name": "ADV-2008-1697",
+ "refsource": "VUPEN",
+ "url": "http://www.vupen.com/english/advisories/2008/1697"
+ },
+ {
+ "name": "29412",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/29412"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/1xxx/CVE-2008-1717.json b/2008/1xxx/CVE-2008-1717.json
index d87b872d637..b3b1096be60 100644
--- a/2008/1xxx/CVE-2008-1717.json
+++ b/2008/1xxx/CVE-2008-1717.json
@@ -1,92 +1,92 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-1717",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-1717",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20080407 WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability",
- "refsource" : "BUGTRAQ",
- "url" : "http://www.securityfocus.com/archive/1/490560/100/0/threaded"
- },
- {
- "name" : "20080412 Re: WoltLab(R) Community Framework WCF 1.0.6",
- "refsource" : "BUGTRAQ",
- "url" : "http://www.securityfocus.com/archive/1/490782/100/0/threaded"
- },
- {
- "name" : "20080408 WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability",
- "refsource" : "FULLDISC",
- "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061271.html"
- },
- {
- "name" : "20080407 WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability",
- "refsource" : "FULLDISC",
- "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0161.html"
- },
- {
- "name" : "28678",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/28678"
- },
- {
- "name" : "29719",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/29719"
- },
- {
- "name" : "wbb-wcf-exception-info-disclosure(41713)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41713"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "29719",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/29719"
+ },
+ {
+ "name": "20080412 Re: WoltLab(R) Community Framework WCF 1.0.6",
+ "refsource": "BUGTRAQ",
+ "url": "http://www.securityfocus.com/archive/1/490782/100/0/threaded"
+ },
+ {
+ "name": "28678",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/28678"
+ },
+ {
+ "name": "20080407 WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability",
+ "refsource": "FULLDISC",
+ "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0161.html"
+ },
+ {
+ "name": "wbb-wcf-exception-info-disclosure(41713)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41713"
+ },
+ {
+ "name": "20080407 WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability",
+ "refsource": "BUGTRAQ",
+ "url": "http://www.securityfocus.com/archive/1/490560/100/0/threaded"
+ },
+ {
+ "name": "20080408 WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability",
+ "refsource": "FULLDISC",
+ "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061271.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/1xxx/CVE-2008-1801.json b/2008/1xxx/CVE-2008-1801.json
index 71a37fff24e..0b00aa3ad7b 100644
--- a/2008/1xxx/CVE-2008-1801.json
+++ b/2008/1xxx/CVE-2008-1801.json
@@ -1,202 +1,202 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-1801",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-1801",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20080507 Multiple Vendor rdesktop iso_recv_msg() Integer Underflow Vulnerability",
- "refsource" : "IDEFENSE",
- "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=696"
- },
- {
- "name" : "5561",
- "refsource" : "EXPLOIT-DB",
- "url" : "https://www.exploit-db.com/exploits/5561"
- },
- {
- "name" : "http://rdesktop.cvs.sourceforge.net/rdesktop/rdesktop/iso.c?r1=1.19&r2=1.20&pathrev=HEAD",
- "refsource" : "CONFIRM",
- "url" : "http://rdesktop.cvs.sourceforge.net/rdesktop/rdesktop/iso.c?r1=1.19&r2=1.20&pathrev=HEAD"
- },
- {
- "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-360.htm",
- "refsource" : "CONFIRM",
- "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-360.htm"
- },
- {
- "name" : "DSA-1573",
- "refsource" : "DEBIAN",
- "url" : "http://www.debian.org/security/2008/dsa-1573"
- },
- {
- "name" : "FEDORA-2008-3886",
- "refsource" : "FEDORA",
- "url" : "http://www.redhat.com/archives/fedora-package-announce/2008-May/msg00244.html"
- },
- {
- "name" : "FEDORA-2008-3917",
- "refsource" : "FEDORA",
- "url" : "http://www.redhat.com/archives/fedora-package-announce/2008-May/msg00270.html"
- },
- {
- "name" : "FEDORA-2008-3985",
- "refsource" : "FEDORA",
- "url" : "http://www.redhat.com/archives/fedora-package-announce/2008-May/msg00296.html"
- },
- {
- "name" : "GLSA-200806-04",
- "refsource" : "GENTOO",
- "url" : "http://security.gentoo.org/glsa/glsa-200806-04.xml"
- },
- {
- "name" : "MDVSA-2008:101",
- "refsource" : "MANDRIVA",
- "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:101"
- },
- {
- "name" : "RHSA-2008:0575",
- "refsource" : "REDHAT",
- "url" : "http://www.redhat.com/support/errata/RHSA-2008-0575.html"
- },
- {
- "name" : "RHSA-2008:0576",
- "refsource" : "REDHAT",
- "url" : "http://www.redhat.com/support/errata/RHSA-2008-0576.html"
- },
- {
- "name" : "RHSA-2008:0725",
- "refsource" : "REDHAT",
- "url" : "http://www.redhat.com/support/errata/RHSA-2008-0725.html"
- },
- {
- "name" : "SSA:2008-148-01",
- "refsource" : "SLACKWARE",
- "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.395286"
- },
- {
- "name" : "240708",
- "refsource" : "SUNALERT",
- "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240708-1"
- },
- {
- "name" : "USN-646-1",
- "refsource" : "UBUNTU",
- "url" : "http://www.ubuntu.com/usn/usn-646-1"
- },
- {
- "name" : "29097",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/29097"
- },
- {
- "name" : "oval:org.mitre.oval:def:11570",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11570"
- },
- {
- "name" : "ADV-2008-1467",
- "refsource" : "VUPEN",
- "url" : "http://www.vupen.com/english/advisories/2008/1467/references"
- },
- {
- "name" : "ADV-2008-2403",
- "refsource" : "VUPEN",
- "url" : "http://www.vupen.com/english/advisories/2008/2403"
- },
- {
- "name" : "1019990",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id?1019990"
- },
- {
- "name" : "30118",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/30118"
- },
- {
- "name" : "30248",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/30248"
- },
- {
- "name" : "30380",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/30380"
- },
- {
- "name" : "30713",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/30713"
- },
- {
- "name" : "31222",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/31222"
- },
- {
- "name" : "31224",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/31224"
- },
- {
- "name" : "31928",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/31928"
- },
- {
- "name" : "rdesktop-isorecvmsg-code-execution(42272)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42272"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "31224",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/31224"
+ },
+ {
+ "name": "http://rdesktop.cvs.sourceforge.net/rdesktop/rdesktop/iso.c?r1=1.19&r2=1.20&pathrev=HEAD",
+ "refsource": "CONFIRM",
+ "url": "http://rdesktop.cvs.sourceforge.net/rdesktop/rdesktop/iso.c?r1=1.19&r2=1.20&pathrev=HEAD"
+ },
+ {
+ "name": "5561",
+ "refsource": "EXPLOIT-DB",
+ "url": "https://www.exploit-db.com/exploits/5561"
+ },
+ {
+ "name": "30118",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/30118"
+ },
+ {
+ "name": "USN-646-1",
+ "refsource": "UBUNTU",
+ "url": "http://www.ubuntu.com/usn/usn-646-1"
+ },
+ {
+ "name": "GLSA-200806-04",
+ "refsource": "GENTOO",
+ "url": "http://security.gentoo.org/glsa/glsa-200806-04.xml"
+ },
+ {
+ "name": "FEDORA-2008-3917",
+ "refsource": "FEDORA",
+ "url": "http://www.redhat.com/archives/fedora-package-announce/2008-May/msg00270.html"
+ },
+ {
+ "name": "30713",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/30713"
+ },
+ {
+ "name": "rdesktop-isorecvmsg-code-execution(42272)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42272"
+ },
+ {
+ "name": "1019990",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id?1019990"
+ },
+ {
+ "name": "SSA:2008-148-01",
+ "refsource": "SLACKWARE",
+ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.395286"
+ },
+ {
+ "name": "DSA-1573",
+ "refsource": "DEBIAN",
+ "url": "http://www.debian.org/security/2008/dsa-1573"
+ },
+ {
+ "name": "FEDORA-2008-3886",
+ "refsource": "FEDORA",
+ "url": "http://www.redhat.com/archives/fedora-package-announce/2008-May/msg00244.html"
+ },
+ {
+ "name": "RHSA-2008:0725",
+ "refsource": "REDHAT",
+ "url": "http://www.redhat.com/support/errata/RHSA-2008-0725.html"
+ },
+ {
+ "name": "ADV-2008-2403",
+ "refsource": "VUPEN",
+ "url": "http://www.vupen.com/english/advisories/2008/2403"
+ },
+ {
+ "name": "FEDORA-2008-3985",
+ "refsource": "FEDORA",
+ "url": "http://www.redhat.com/archives/fedora-package-announce/2008-May/msg00296.html"
+ },
+ {
+ "name": "29097",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/29097"
+ },
+ {
+ "name": "240708",
+ "refsource": "SUNALERT",
+ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240708-1"
+ },
+ {
+ "name": "30380",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/30380"
+ },
+ {
+ "name": "ADV-2008-1467",
+ "refsource": "VUPEN",
+ "url": "http://www.vupen.com/english/advisories/2008/1467/references"
+ },
+ {
+ "name": "MDVSA-2008:101",
+ "refsource": "MANDRIVA",
+ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:101"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:11570",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11570"
+ },
+ {
+ "name": "RHSA-2008:0576",
+ "refsource": "REDHAT",
+ "url": "http://www.redhat.com/support/errata/RHSA-2008-0576.html"
+ },
+ {
+ "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-360.htm",
+ "refsource": "CONFIRM",
+ "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-360.htm"
+ },
+ {
+ "name": "20080507 Multiple Vendor rdesktop iso_recv_msg() Integer Underflow Vulnerability",
+ "refsource": "IDEFENSE",
+ "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=696"
+ },
+ {
+ "name": "RHSA-2008:0575",
+ "refsource": "REDHAT",
+ "url": "http://www.redhat.com/support/errata/RHSA-2008-0575.html"
+ },
+ {
+ "name": "30248",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/30248"
+ },
+ {
+ "name": "31928",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/31928"
+ },
+ {
+ "name": "31222",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/31222"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/3xxx/CVE-2008-3316.json b/2008/3xxx/CVE-2008-3316.json
index e702a18c560..2df4f2441ac 100644
--- a/2008/3xxx/CVE-2008-3316.json
+++ b/2008/3xxx/CVE-2008-3316.json
@@ -1,87 +1,87 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-3316",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Cross-site scripting (XSS) vulnerability in the search feature in the Forum plugin before 2.7.1 for Geeklog allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to (1) public_html/index.php, (2) config.php, and (3) functions.inc."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-3316",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.geeklog.net/article.php/20080719093147449",
- "refsource" : "CONFIRM",
- "url" : "http://www.geeklog.net/article.php/20080719093147449"
- },
- {
- "name" : "JVN#60419863",
- "refsource" : "JVN",
- "url" : "http://jvn.jp/en/jp/JVN60419863/index.html"
- },
- {
- "name" : "JVNDB-2008-000045",
- "refsource" : "JVNDB",
- "url" : "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000045.html"
- },
- {
- "name" : "30355",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/30355"
- },
- {
- "name" : "31188",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/31188"
- },
- {
- "name" : "forum-search-xss(43971)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43971"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Cross-site scripting (XSS) vulnerability in the search feature in the Forum plugin before 2.7.1 for Geeklog allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to (1) public_html/index.php, (2) config.php, and (3) functions.inc."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "31188",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/31188"
+ },
+ {
+ "name": "JVN#60419863",
+ "refsource": "JVN",
+ "url": "http://jvn.jp/en/jp/JVN60419863/index.html"
+ },
+ {
+ "name": "http://www.geeklog.net/article.php/20080719093147449",
+ "refsource": "CONFIRM",
+ "url": "http://www.geeklog.net/article.php/20080719093147449"
+ },
+ {
+ "name": "30355",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/30355"
+ },
+ {
+ "name": "forum-search-xss(43971)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43971"
+ },
+ {
+ "name": "JVNDB-2008-000045",
+ "refsource": "JVNDB",
+ "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000045.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/4xxx/CVE-2008-4152.json b/2008/4xxx/CVE-2008-4152.json
index 35a186dc7f1..5c79e8908b8 100644
--- a/2008/4xxx/CVE-2008-4152.json
+++ b/2008/4xxx/CVE-2008-4152.json
@@ -1,82 +1,82 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-4152",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Cross-site scripting (XSS) vulnerability in the Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via a node title."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-4152",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://drupal.org/node/309758",
- "refsource" : "CONFIRM",
- "url" : "http://drupal.org/node/309758"
- },
- {
- "name" : "31236",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/31236"
- },
- {
- "name" : "ADV-2008-2615",
- "refsource" : "VUPEN",
- "url" : "http://www.vupen.com/english/advisories/2008/2615"
- },
- {
- "name" : "31908",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/31908"
- },
- {
- "name" : "talk-nodetitle-xss(45222)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45222"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Cross-site scripting (XSS) vulnerability in the Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via a node title."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "talk-nodetitle-xss(45222)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45222"
+ },
+ {
+ "name": "31908",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/31908"
+ },
+ {
+ "name": "ADV-2008-2615",
+ "refsource": "VUPEN",
+ "url": "http://www.vupen.com/english/advisories/2008/2615"
+ },
+ {
+ "name": "http://drupal.org/node/309758",
+ "refsource": "CONFIRM",
+ "url": "http://drupal.org/node/309758"
+ },
+ {
+ "name": "31236",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/31236"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/4xxx/CVE-2008-4166.json b/2008/4xxx/CVE-2008-4166.json
index 554ec7c9527..3da67822137 100644
--- a/2008/4xxx/CVE-2008-4166.json
+++ b/2008/4xxx/CVE-2008-4166.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-4166",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Integer overflow in the JavaScript engine in Avant Browser 11.7 Build 9 and earlier allows remote attackers to cause a denial of service (application crash) by attempting to URL encode a string containing many instances of an invalid character."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-4166",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20080912 Avant Browser <= 11.7 Build 9 Integer Denial Of Service Exploit",
- "refsource" : "BUGTRAQ",
- "url" : "http://www.securityfocus.com/archive/1/496301/100/0/threaded"
- },
- {
- "name" : "31155",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/31155"
- },
- {
- "name" : "4284",
- "refsource" : "SREASON",
- "url" : "http://securityreason.com/securityalert/4284"
- },
- {
- "name" : "avantbrowser-javascript-dos(45121)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45121"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Integer overflow in the JavaScript engine in Avant Browser 11.7 Build 9 and earlier allows remote attackers to cause a denial of service (application crash) by attempting to URL encode a string containing many instances of an invalid character."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "4284",
+ "refsource": "SREASON",
+ "url": "http://securityreason.com/securityalert/4284"
+ },
+ {
+ "name": "avantbrowser-javascript-dos(45121)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45121"
+ },
+ {
+ "name": "31155",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/31155"
+ },
+ {
+ "name": "20080912 Avant Browser <= 11.7 Build 9 Integer Denial Of Service Exploit",
+ "refsource": "BUGTRAQ",
+ "url": "http://www.securityfocus.com/archive/1/496301/100/0/threaded"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/4xxx/CVE-2008-4681.json b/2008/4xxx/CVE-2008-4681.json
index bd1f38f70a1..9a4c4ad3b11 100644
--- a/2008/4xxx/CVE-2008-4681.json
+++ b/2008/4xxx/CVE-2008-4681.json
@@ -1,127 +1,127 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-4681",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-4681",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20081211 rPSA-2008-0336-1 tshark wireshark",
- "refsource" : "BUGTRAQ",
- "url" : "http://www.securityfocus.com/archive/1/499154/100/0/threaded"
- },
- {
- "name" : "http://www.wireshark.org/security/wnpa-sec-2008-06.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.wireshark.org/security/wnpa-sec-2008-06.html"
- },
- {
- "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0336",
- "refsource" : "CONFIRM",
- "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0336"
- },
- {
- "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm",
- "refsource" : "CONFIRM",
- "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm"
- },
- {
- "name" : "MDVSA-2008:215",
- "refsource" : "MANDRIVA",
- "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:215"
- },
- {
- "name" : "RHSA-2009:0313",
- "refsource" : "REDHAT",
- "url" : "http://www.redhat.com/support/errata/RHSA-2009-0313.html"
- },
- {
- "name" : "31838",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/31838"
- },
- {
- "name" : "oval:org.mitre.oval:def:11194",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11194"
- },
- {
- "name" : "oval:org.mitre.oval:def:14853",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14853"
- },
- {
- "name" : "34144",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/34144"
- },
- {
- "name" : "ADV-2008-2872",
- "refsource" : "VUPEN",
- "url" : "http://www.vupen.com/english/advisories/2008/2872"
- },
- {
- "name" : "1021069",
- "refsource" : "SECTRACK",
- "url" : "http://securitytracker.com/id?1021069"
- },
- {
- "name" : "32355",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/32355"
- },
- {
- "name" : "wireshark-bluetoothrfcomm-dos(46014)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46014"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20081211 rPSA-2008-0336-1 tshark wireshark",
+ "refsource": "BUGTRAQ",
+ "url": "http://www.securityfocus.com/archive/1/499154/100/0/threaded"
+ },
+ {
+ "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm",
+ "refsource": "CONFIRM",
+ "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm"
+ },
+ {
+ "name": "32355",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/32355"
+ },
+ {
+ "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0336",
+ "refsource": "CONFIRM",
+ "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0336"
+ },
+ {
+ "name": "http://www.wireshark.org/security/wnpa-sec-2008-06.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.wireshark.org/security/wnpa-sec-2008-06.html"
+ },
+ {
+ "name": "34144",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/34144"
+ },
+ {
+ "name": "31838",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/31838"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:14853",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14853"
+ },
+ {
+ "name": "RHSA-2009:0313",
+ "refsource": "REDHAT",
+ "url": "http://www.redhat.com/support/errata/RHSA-2009-0313.html"
+ },
+ {
+ "name": "ADV-2008-2872",
+ "refsource": "VUPEN",
+ "url": "http://www.vupen.com/english/advisories/2008/2872"
+ },
+ {
+ "name": "wireshark-bluetoothrfcomm-dos(46014)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46014"
+ },
+ {
+ "name": "MDVSA-2008:215",
+ "refsource": "MANDRIVA",
+ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:215"
+ },
+ {
+ "name": "1021069",
+ "refsource": "SECTRACK",
+ "url": "http://securitytracker.com/id?1021069"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:11194",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11194"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2013/2xxx/CVE-2013-2240.json b/2013/2xxx/CVE-2013-2240.json
index cef98a1bfc9..389c1b13200 100644
--- a/2013/2xxx/CVE-2013-2240.json
+++ b/2013/2xxx/CVE-2013-2240.json
@@ -1,82 +1,82 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2013-2240",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert@redhat.com",
+ "ID": "CVE-2013-2240",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "[oss-security] 20130704 Re: CVE Request -- gallery3 (3.0.9): Fixing two security flaws",
- "refsource" : "MLIST",
- "url" : "http://www.openwall.com/lists/oss-security/2013/07/04/11"
- },
- {
- "name" : "http://galleryproject.org/gallery_3_0_9",
- "refsource" : "MISC",
- "url" : "http://galleryproject.org/gallery_3_0_9"
- },
- {
- "name" : "http://sourceforge.net/apps/trac/gallery/ticket/2073",
- "refsource" : "CONFIRM",
- "url" : "http://sourceforge.net/apps/trac/gallery/ticket/2073"
- },
- {
- "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=981197",
- "refsource" : "CONFIRM",
- "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=981197"
- },
- {
- "name" : "https://github.com/gallery/gallery3/commit/c5318bb1a2dd266b50317a2adb74d74338593733",
- "refsource" : "CONFIRM",
- "url" : "https://github.com/gallery/gallery3/commit/c5318bb1a2dd266b50317a2adb74d74338593733"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "[oss-security] 20130704 Re: CVE Request -- gallery3 (3.0.9): Fixing two security flaws",
+ "refsource": "MLIST",
+ "url": "http://www.openwall.com/lists/oss-security/2013/07/04/11"
+ },
+ {
+ "name": "http://galleryproject.org/gallery_3_0_9",
+ "refsource": "MISC",
+ "url": "http://galleryproject.org/gallery_3_0_9"
+ },
+ {
+ "name": "http://sourceforge.net/apps/trac/gallery/ticket/2073",
+ "refsource": "CONFIRM",
+ "url": "http://sourceforge.net/apps/trac/gallery/ticket/2073"
+ },
+ {
+ "name": "https://github.com/gallery/gallery3/commit/c5318bb1a2dd266b50317a2adb74d74338593733",
+ "refsource": "CONFIRM",
+ "url": "https://github.com/gallery/gallery3/commit/c5318bb1a2dd266b50317a2adb74d74338593733"
+ },
+ {
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=981197",
+ "refsource": "CONFIRM",
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=981197"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2013/2xxx/CVE-2013-2395.json b/2013/2xxx/CVE-2013-2395.json
index ca7af49e6e0..f6a507a1dc0 100644
--- a/2013/2xxx/CVE-2013-2395.json
+++ b/2013/2xxx/CVE-2013-2395.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2013-2395",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-1567."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert_us@oracle.com",
+ "ID": "CVE-2013-2395",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
- },
- {
- "name" : "GLSA-201308-06",
- "refsource" : "GENTOO",
- "url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml"
- },
- {
- "name" : "MDVSA-2013:150",
- "refsource" : "MANDRIVA",
- "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
- },
- {
- "name" : "53372",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/53372"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-1567."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "53372",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/53372"
+ },
+ {
+ "name": "GLSA-201308-06",
+ "refsource": "GENTOO",
+ "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
+ },
+ {
+ "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
+ },
+ {
+ "name": "MDVSA-2013:150",
+ "refsource": "MANDRIVA",
+ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2013/2xxx/CVE-2013-2565.json b/2013/2xxx/CVE-2013-2565.json
index 6bd428c3474..9b2994d189b 100644
--- a/2013/2xxx/CVE-2013-2565.json
+++ b/2013/2xxx/CVE-2013-2565.json
@@ -1,71 +1,71 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "larry0@me.com",
- "DATE_ASSIGNED" : "2012-01-02",
- "ID" : "CVE-2013-2565",
- "REQUESTER" : "cve-assign@mitre.org",
- "STATE" : "PUBLIC",
- "UPDATED" : "2019-02-11T10:41Z"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Mambo CMS",
- "version" : {
- "version_data" : [
- {
- "version_affected" : "<=",
- "version_value" : "4.6.5"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Mambo"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Mambo CMS vulnerabilities"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "larry0@me.com",
+ "DATE_ASSIGNED": "2012-01-02",
+ "ID": "CVE-2013-2565",
+ "REQUESTER": "cve-assign@mitre.org",
+ "STATE": "PUBLIC",
+ "UPDATED": "2019-02-11T10:41Z"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Mambo CMS",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_value": "4.6.5"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Mambo"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://sourceforge.net/projects/mambo/",
- "refsource" : "MISC",
- "url" : "http://sourceforge.net/projects/mambo/"
- },
- {
- "name" : "http://www.vapidlabs.com/advisory.php?v=75",
- "refsource" : "MISC",
- "url" : "http://www.vapidlabs.com/advisory.php?v=75"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Mambo CMS vulnerabilities"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://sourceforge.net/projects/mambo/",
+ "refsource": "MISC",
+ "url": "http://sourceforge.net/projects/mambo/"
+ },
+ {
+ "name": "http://www.vapidlabs.com/advisory.php?v=75",
+ "refsource": "MISC",
+ "url": "http://www.vapidlabs.com/advisory.php?v=75"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2013/2xxx/CVE-2013-2913.json b/2013/2xxx/CVE-2013-2913.json
index 71f966a07ac..18e8180f3f0 100644
--- a/2013/2xxx/CVE-2013-2913.json
+++ b/2013/2xxx/CVE-2013-2913.json
@@ -1,97 +1,97 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2013-2913",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Use-after-free vulnerability in the XMLDocumentParser::append function in core/xml/parser/XMLDocumentParser.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an XML document."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "security@google.com",
+ "ID": "CVE-2013-2913",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html",
- "refsource" : "CONFIRM",
- "url" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html"
- },
- {
- "name" : "https://code.google.com/p/chromium/issues/detail?id=278908",
- "refsource" : "CONFIRM",
- "url" : "https://code.google.com/p/chromium/issues/detail?id=278908"
- },
- {
- "name" : "https://src.chromium.org/viewvc/blink?revision=157914&view=revision",
- "refsource" : "CONFIRM",
- "url" : "https://src.chromium.org/viewvc/blink?revision=157914&view=revision"
- },
- {
- "name" : "DSA-2785",
- "refsource" : "DEBIAN",
- "url" : "http://www.debian.org/security/2013/dsa-2785"
- },
- {
- "name" : "openSUSE-SU-2013:1556",
- "refsource" : "SUSE",
- "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html"
- },
- {
- "name" : "openSUSE-SU-2013:1861",
- "refsource" : "SUSE",
- "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html"
- },
- {
- "name" : "openSUSE-SU-2014:0065",
- "refsource" : "SUSE",
- "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html"
- },
- {
- "name" : "oval:org.mitre.oval:def:18843",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18843"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Use-after-free vulnerability in the XMLDocumentParser::append function in core/xml/parser/XMLDocumentParser.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an XML document."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html",
+ "refsource": "CONFIRM",
+ "url": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html"
+ },
+ {
+ "name": "https://src.chromium.org/viewvc/blink?revision=157914&view=revision",
+ "refsource": "CONFIRM",
+ "url": "https://src.chromium.org/viewvc/blink?revision=157914&view=revision"
+ },
+ {
+ "name": "https://code.google.com/p/chromium/issues/detail?id=278908",
+ "refsource": "CONFIRM",
+ "url": "https://code.google.com/p/chromium/issues/detail?id=278908"
+ },
+ {
+ "name": "openSUSE-SU-2014:0065",
+ "refsource": "SUSE",
+ "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html"
+ },
+ {
+ "name": "DSA-2785",
+ "refsource": "DEBIAN",
+ "url": "http://www.debian.org/security/2013/dsa-2785"
+ },
+ {
+ "name": "openSUSE-SU-2013:1556",
+ "refsource": "SUSE",
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:18843",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18843"
+ },
+ {
+ "name": "openSUSE-SU-2013:1861",
+ "refsource": "SUSE",
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2013/3xxx/CVE-2013-3114.json b/2013/3xxx/CVE-2013-3114.json
index 9b5c33786b6..73723a379d9 100644
--- a/2013/3xxx/CVE-2013-3114.json
+++ b/2013/3xxx/CVE-2013-3114.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2013-3114",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3119."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secure@microsoft.com",
+ "ID": "CVE-2013-3114",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "MS13-047",
- "refsource" : "MS",
- "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047"
- },
- {
- "name" : "TA13-168A",
- "refsource" : "CERT",
- "url" : "http://www.us-cert.gov/ncas/alerts/TA13-168A"
- },
- {
- "name" : "oval:org.mitre.oval:def:16763",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16763"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3119."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "TA13-168A",
+ "refsource": "CERT",
+ "url": "http://www.us-cert.gov/ncas/alerts/TA13-168A"
+ },
+ {
+ "name": "MS13-047",
+ "refsource": "MS",
+ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:16763",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16763"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2013/3xxx/CVE-2013-3534.json b/2013/3xxx/CVE-2013-3534.json
index 06247fb4cd6..9afbd0b12bd 100644
--- a/2013/3xxx/CVE-2013-3534.json
+++ b/2013/3xxx/CVE-2013-3534.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2013-3534",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2013-3534",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.algisinfo.com/en/home-bottom/41-xss-in-aicontactsafe.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.algisinfo.com/en/home-bottom/41-xss-in-aicontactsafe.html"
- },
- {
- "name" : "59266",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/59266"
- },
- {
- "name" : "53050",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/53050"
- },
- {
- "name" : "joomla-aicontactsafe-unspecified-xss(83631)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83631"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "53050",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/53050"
+ },
+ {
+ "name": "59266",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/59266"
+ },
+ {
+ "name": "http://www.algisinfo.com/en/home-bottom/41-xss-in-aicontactsafe.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.algisinfo.com/en/home-bottom/41-xss-in-aicontactsafe.html"
+ },
+ {
+ "name": "joomla-aicontactsafe-unspecified-xss(83631)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83631"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2013/3xxx/CVE-2013-3755.json b/2013/3xxx/CVE-2013-3755.json
index 1fbe9d6d3e1..ce5e891575c 100644
--- a/2013/3xxx/CVE-2013-3755.json
+++ b/2013/3xxx/CVE-2013-3755.json
@@ -1,87 +1,87 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2013-3755",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5.0 allows remote attackers to affect integrity via vectors related to SSO Engine."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert_us@oracle.com",
+ "ID": "CVE-2013-3755",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
- },
- {
- "name" : "61212",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/61212"
- },
- {
- "name" : "95272",
- "refsource" : "OSVDB",
- "url" : "http://osvdb.org/95272"
- },
- {
- "name" : "1028801",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1028801"
- },
- {
- "name" : "54236",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/54236"
- },
- {
- "name" : "oracle-cpujuly2013-cve20133755(85659)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85659"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5.0 allows remote attackers to affect integrity via vectors related to SSO Engine."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "61212",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/61212"
+ },
+ {
+ "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
+ },
+ {
+ "name": "oracle-cpujuly2013-cve20133755(85659)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85659"
+ },
+ {
+ "name": "54236",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/54236"
+ },
+ {
+ "name": "1028801",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1028801"
+ },
+ {
+ "name": "95272",
+ "refsource": "OSVDB",
+ "url": "http://osvdb.org/95272"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2013/3xxx/CVE-2013-3854.json b/2013/3xxx/CVE-2013-3854.json
index 145b59b9c5b..4ebd3b9a4e0 100644
--- a/2013/3xxx/CVE-2013-3854.json
+++ b/2013/3xxx/CVE-2013-3854.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2013-3854",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3853."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secure@microsoft.com",
+ "ID": "CVE-2013-3854",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "MS13-072",
- "refsource" : "MS",
- "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
- },
- {
- "name" : "TA13-253A",
- "refsource" : "CERT",
- "url" : "http://www.us-cert.gov/ncas/alerts/TA13-253A"
- },
- {
- "name" : "oval:org.mitre.oval:def:19009",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19009"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3853."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "MS13-072",
+ "refsource": "MS",
+ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:19009",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19009"
+ },
+ {
+ "name": "TA13-253A",
+ "refsource": "CERT",
+ "url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2013/3xxx/CVE-2013-3891.json b/2013/3xxx/CVE-2013-3891.json
index 68542a62b67..a343d9cccf7 100644
--- a/2013/3xxx/CVE-2013-3891.json
+++ b/2013/3xxx/CVE-2013-3891.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2013-3891",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Memory Corruption Vulnerability.\""
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secure@microsoft.com",
+ "ID": "CVE-2013-3891",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "MS13-086",
- "refsource" : "MS",
- "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-086"
- },
- {
- "name" : "TA13-288A",
- "refsource" : "CERT",
- "url" : "http://www.us-cert.gov/ncas/alerts/TA13-288A"
- },
- {
- "name" : "oval:org.mitre.oval:def:18643",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18643"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Memory Corruption Vulnerability.\""
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "oval:org.mitre.oval:def:18643",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18643"
+ },
+ {
+ "name": "MS13-086",
+ "refsource": "MS",
+ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-086"
+ },
+ {
+ "name": "TA13-288A",
+ "refsource": "CERT",
+ "url": "http://www.us-cert.gov/ncas/alerts/TA13-288A"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2013/3xxx/CVE-2013-3926.json b/2013/3xxx/CVE-2013-3926.json
index e3b134de06f..71fac25558d 100644
--- a/2013/3xxx/CVE-2013-3926.json
+++ b/2013/3xxx/CVE-2013-3926.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2013-3926",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** DISPUTED ** Atlassian Crowd 2.6.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to a \"symmetric backdoor.\" NOTE: as of 20130704, the vendor could not reproduce the issue, stating \"We've been unable to substantiate the existence of [CVE-2013-3926]. The author of the article has not contacted Atlassian and has provided no detail, making it difficult to validate the claim... If we can confirm that there is a vulnerability, a patch will be issued.\""
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2013-3926",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://it.slashdot.org/story/13/07/01/0011217/backdoor-discovered-in-atlassian-crowd",
- "refsource" : "MISC",
- "url" : "http://it.slashdot.org/story/13/07/01/0011217/backdoor-discovered-in-atlassian-crowd"
- },
- {
- "name" : "http://www.commandfive.com/papers/C5_TA_2013_3925_AtlassianCrowd.pdf",
- "refsource" : "MISC",
- "url" : "http://www.commandfive.com/papers/C5_TA_2013_3925_AtlassianCrowd.pdf"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** DISPUTED ** Atlassian Crowd 2.6.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to a \"symmetric backdoor.\" NOTE: as of 20130704, the vendor could not reproduce the issue, stating \"We've been unable to substantiate the existence of [CVE-2013-3926]. The author of the article has not contacted Atlassian and has provided no detail, making it difficult to validate the claim... If we can confirm that there is a vulnerability, a patch will be issued.\""
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://www.commandfive.com/papers/C5_TA_2013_3925_AtlassianCrowd.pdf",
+ "refsource": "MISC",
+ "url": "http://www.commandfive.com/papers/C5_TA_2013_3925_AtlassianCrowd.pdf"
+ },
+ {
+ "name": "http://it.slashdot.org/story/13/07/01/0011217/backdoor-discovered-in-atlassian-crowd",
+ "refsource": "MISC",
+ "url": "http://it.slashdot.org/story/13/07/01/0011217/backdoor-discovered-in-atlassian-crowd"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2013/4xxx/CVE-2013-4387.json b/2013/4xxx/CVE-2013-4387.json
index 045b3f623ac..7adbc9695c2 100644
--- a/2013/4xxx/CVE-2013-4387.json
+++ b/2013/4xxx/CVE-2013-4387.json
@@ -1,142 +1,142 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2013-4387",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert@redhat.com",
+ "ID": "CVE-2013-4387",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "[oss-security] 20130928 Re: linux kernel memory corruption with ipv6 udp offloading",
- "refsource" : "MLIST",
- "url" : "http://www.openwall.com/lists/oss-security/2013/09/29/1"
- },
- {
- "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2811ebac2521ceac84f2bdae402455baa6a7fb47",
- "refsource" : "CONFIRM",
- "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2811ebac2521ceac84f2bdae402455baa6a7fb47"
- },
- {
- "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1011927",
- "refsource" : "CONFIRM",
- "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1011927"
- },
- {
- "name" : "https://github.com/torvalds/linux/commit/2811ebac2521ceac84f2bdae402455baa6a7fb47",
- "refsource" : "CONFIRM",
- "url" : "https://github.com/torvalds/linux/commit/2811ebac2521ceac84f2bdae402455baa6a7fb47"
- },
- {
- "name" : "RHSA-2013:1490",
- "refsource" : "REDHAT",
- "url" : "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
- },
- {
- "name" : "RHSA-2013:1645",
- "refsource" : "REDHAT",
- "url" : "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
- },
- {
- "name" : "RHSA-2014:0284",
- "refsource" : "REDHAT",
- "url" : "http://rhn.redhat.com/errata/RHSA-2014-0284.html"
- },
- {
- "name" : "USN-2041-1",
- "refsource" : "UBUNTU",
- "url" : "http://www.ubuntu.com/usn/USN-2041-1"
- },
- {
- "name" : "USN-2045-1",
- "refsource" : "UBUNTU",
- "url" : "http://www.ubuntu.com/usn/USN-2045-1"
- },
- {
- "name" : "USN-2049-1",
- "refsource" : "UBUNTU",
- "url" : "http://www.ubuntu.com/usn/USN-2049-1"
- },
- {
- "name" : "USN-2019-1",
- "refsource" : "UBUNTU",
- "url" : "http://www.ubuntu.com/usn/USN-2019-1"
- },
- {
- "name" : "USN-2021-1",
- "refsource" : "UBUNTU",
- "url" : "http://www.ubuntu.com/usn/USN-2021-1"
- },
- {
- "name" : "USN-2022-1",
- "refsource" : "UBUNTU",
- "url" : "http://www.ubuntu.com/usn/USN-2022-1"
- },
- {
- "name" : "USN-2024-1",
- "refsource" : "UBUNTU",
- "url" : "http://www.ubuntu.com/usn/USN-2024-1"
- },
- {
- "name" : "USN-2038-1",
- "refsource" : "UBUNTU",
- "url" : "http://www.ubuntu.com/usn/USN-2038-1"
- },
- {
- "name" : "USN-2039-1",
- "refsource" : "UBUNTU",
- "url" : "http://www.ubuntu.com/usn/USN-2039-1"
- },
- {
- "name" : "USN-2050-1",
- "refsource" : "UBUNTU",
- "url" : "http://www.ubuntu.com/usn/USN-2050-1"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "USN-2024-1",
+ "refsource": "UBUNTU",
+ "url": "http://www.ubuntu.com/usn/USN-2024-1"
+ },
+ {
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1011927",
+ "refsource": "CONFIRM",
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1011927"
+ },
+ {
+ "name": "https://github.com/torvalds/linux/commit/2811ebac2521ceac84f2bdae402455baa6a7fb47",
+ "refsource": "CONFIRM",
+ "url": "https://github.com/torvalds/linux/commit/2811ebac2521ceac84f2bdae402455baa6a7fb47"
+ },
+ {
+ "name": "RHSA-2013:1490",
+ "refsource": "REDHAT",
+ "url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
+ },
+ {
+ "name": "USN-2039-1",
+ "refsource": "UBUNTU",
+ "url": "http://www.ubuntu.com/usn/USN-2039-1"
+ },
+ {
+ "name": "USN-2022-1",
+ "refsource": "UBUNTU",
+ "url": "http://www.ubuntu.com/usn/USN-2022-1"
+ },
+ {
+ "name": "RHSA-2013:1645",
+ "refsource": "REDHAT",
+ "url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
+ },
+ {
+ "name": "USN-2038-1",
+ "refsource": "UBUNTU",
+ "url": "http://www.ubuntu.com/usn/USN-2038-1"
+ },
+ {
+ "name": "USN-2021-1",
+ "refsource": "UBUNTU",
+ "url": "http://www.ubuntu.com/usn/USN-2021-1"
+ },
+ {
+ "name": "USN-2019-1",
+ "refsource": "UBUNTU",
+ "url": "http://www.ubuntu.com/usn/USN-2019-1"
+ },
+ {
+ "name": "USN-2049-1",
+ "refsource": "UBUNTU",
+ "url": "http://www.ubuntu.com/usn/USN-2049-1"
+ },
+ {
+ "name": "RHSA-2014:0284",
+ "refsource": "REDHAT",
+ "url": "http://rhn.redhat.com/errata/RHSA-2014-0284.html"
+ },
+ {
+ "name": "USN-2045-1",
+ "refsource": "UBUNTU",
+ "url": "http://www.ubuntu.com/usn/USN-2045-1"
+ },
+ {
+ "name": "USN-2050-1",
+ "refsource": "UBUNTU",
+ "url": "http://www.ubuntu.com/usn/USN-2050-1"
+ },
+ {
+ "name": "USN-2041-1",
+ "refsource": "UBUNTU",
+ "url": "http://www.ubuntu.com/usn/USN-2041-1"
+ },
+ {
+ "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2811ebac2521ceac84f2bdae402455baa6a7fb47",
+ "refsource": "CONFIRM",
+ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2811ebac2521ceac84f2bdae402455baa6a7fb47"
+ },
+ {
+ "name": "[oss-security] 20130928 Re: linux kernel memory corruption with ipv6 udp offloading",
+ "refsource": "MLIST",
+ "url": "http://www.openwall.com/lists/oss-security/2013/09/29/1"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2013/4xxx/CVE-2013-4426.json b/2013/4xxx/CVE-2013-4426.json
index 6e7cfba3a8e..c8c7105e5a4 100644
--- a/2013/4xxx/CVE-2013-4426.json
+++ b/2013/4xxx/CVE-2013-4426.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2013-4426",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "pyxtrlock before 0.1 uses an incorrect variable name, which allows physically proximate attackers to bypass the lock screen via multiple failed authentication attempts, which trigger a crash."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert@redhat.com",
+ "ID": "CVE-2013-4426",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "[oss-security] 20131015 Re: Re: CVE request: pyxtrlock",
- "refsource" : "MLIST",
- "url" : "http://seclists.org/oss-sec/2013/q4/109"
- },
- {
- "name" : "https://github.com/leonnnn/pyxtrlock/blob/master/CHANGELOG",
- "refsource" : "CONFIRM",
- "url" : "https://github.com/leonnnn/pyxtrlock/blob/master/CHANGELOG"
- },
- {
- "name" : "https://github.com/leonnnn/pyxtrlock/issues/8",
- "refsource" : "CONFIRM",
- "url" : "https://github.com/leonnnn/pyxtrlock/issues/8"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "pyxtrlock before 0.1 uses an incorrect variable name, which allows physically proximate attackers to bypass the lock screen via multiple failed authentication attempts, which trigger a crash."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "[oss-security] 20131015 Re: Re: CVE request: pyxtrlock",
+ "refsource": "MLIST",
+ "url": "http://seclists.org/oss-sec/2013/q4/109"
+ },
+ {
+ "name": "https://github.com/leonnnn/pyxtrlock/blob/master/CHANGELOG",
+ "refsource": "CONFIRM",
+ "url": "https://github.com/leonnnn/pyxtrlock/blob/master/CHANGELOG"
+ },
+ {
+ "name": "https://github.com/leonnnn/pyxtrlock/issues/8",
+ "refsource": "CONFIRM",
+ "url": "https://github.com/leonnnn/pyxtrlock/issues/8"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2013/4xxx/CVE-2013-4483.json b/2013/4xxx/CVE-2013-4483.json
index fc5b053e177..89ad72b8d15 100644
--- a/2013/4xxx/CVE-2013-4483.json
+++ b/2013/4xxx/CVE-2013-4483.json
@@ -1,97 +1,97 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2013-4483",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert@redhat.com",
+ "ID": "CVE-2013-4483",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "[oss-security] 20131030 Re: CVE Request -- Linux kernel: ipc: ipc_rcu_putref refcount races",
- "refsource" : "MLIST",
- "url" : "http://www.openwall.com/lists/oss-security/2013/10/30/4"
- },
- {
- "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6062a8dc0517bce23e3c2f7d2fea5e22411269a3",
- "refsource" : "CONFIRM",
- "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6062a8dc0517bce23e3c2f7d2fea5e22411269a3"
- },
- {
- "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1024854",
- "refsource" : "CONFIRM",
- "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1024854"
- },
- {
- "name" : "https://github.com/torvalds/linux/commit/6062a8dc0517bce23e3c2f7d2fea5e22411269a3",
- "refsource" : "CONFIRM",
- "url" : "https://github.com/torvalds/linux/commit/6062a8dc0517bce23e3c2f7d2fea5e22411269a3"
- },
- {
- "name" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2",
- "refsource" : "CONFIRM",
- "url" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2"
- },
- {
- "name" : "RHSA-2014:0285",
- "refsource" : "REDHAT",
- "url" : "http://rhn.redhat.com/errata/RHSA-2014-0285.html"
- },
- {
- "name" : "RHSA-2015:0284",
- "refsource" : "REDHAT",
- "url" : "http://rhn.redhat.com/errata/RHSA-2015-0284.html"
- },
- {
- "name" : "openSUSE-SU-2014:0247",
- "refsource" : "SUSE",
- "url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "openSUSE-SU-2014:0247",
+ "refsource": "SUSE",
+ "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html"
+ },
+ {
+ "name": "RHSA-2014:0285",
+ "refsource": "REDHAT",
+ "url": "http://rhn.redhat.com/errata/RHSA-2014-0285.html"
+ },
+ {
+ "name": "[oss-security] 20131030 Re: CVE Request -- Linux kernel: ipc: ipc_rcu_putref refcount races",
+ "refsource": "MLIST",
+ "url": "http://www.openwall.com/lists/oss-security/2013/10/30/4"
+ },
+ {
+ "name": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2",
+ "refsource": "CONFIRM",
+ "url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2"
+ },
+ {
+ "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6062a8dc0517bce23e3c2f7d2fea5e22411269a3",
+ "refsource": "CONFIRM",
+ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6062a8dc0517bce23e3c2f7d2fea5e22411269a3"
+ },
+ {
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1024854",
+ "refsource": "CONFIRM",
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1024854"
+ },
+ {
+ "name": "RHSA-2015:0284",
+ "refsource": "REDHAT",
+ "url": "http://rhn.redhat.com/errata/RHSA-2015-0284.html"
+ },
+ {
+ "name": "https://github.com/torvalds/linux/commit/6062a8dc0517bce23e3c2f7d2fea5e22411269a3",
+ "refsource": "CONFIRM",
+ "url": "https://github.com/torvalds/linux/commit/6062a8dc0517bce23e3c2f7d2fea5e22411269a3"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2013/6xxx/CVE-2013-6267.json b/2013/6xxx/CVE-2013-6267.json
index a5a36c8245f..d99154e7dec 100644
--- a/2013/6xxx/CVE-2013-6267.json
+++ b/2013/6xxx/CVE-2013-6267.json
@@ -1,92 +1,92 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2013-6267",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the (1) box parameter to messaging/messagebox.php, cidToEdit parameter to (2) adminregisteruser.php or (3) admin_user_course_settings.php in admin/, (4) module_id parameter to admin/module/module.php, or (5) offset parameter to admin/right/profile_list.php."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2013-6267",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20131127 Multiple Cross-Site Scripting (XSS) in Claroline",
- "refsource" : "BUGTRAQ",
- "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-11/0139.html"
- },
- {
- "name" : "http://packetstormsecurity.com/files/124200",
- "refsource" : "MISC",
- "url" : "http://packetstormsecurity.com/files/124200"
- },
- {
- "name" : "https://www.htbridge.com/advisory/HTB23179",
- "refsource" : "MISC",
- "url" : "https://www.htbridge.com/advisory/HTB23179"
- },
- {
- "name" : "http://forum.claroline.net/viewtopic.php?f=88&t=26413",
- "refsource" : "CONFIRM",
- "url" : "http://forum.claroline.net/viewtopic.php?f=88&t=26413"
- },
- {
- "name" : "1029435",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1029435"
- },
- {
- "name" : "55753",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/55753"
- },
- {
- "name" : "claroline-cve20136267-xss(89264)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89264"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the (1) box parameter to messaging/messagebox.php, cidToEdit parameter to (2) adminregisteruser.php or (3) admin_user_course_settings.php in admin/, (4) module_id parameter to admin/module/module.php, or (5) offset parameter to admin/right/profile_list.php."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://www.htbridge.com/advisory/HTB23179",
+ "refsource": "MISC",
+ "url": "https://www.htbridge.com/advisory/HTB23179"
+ },
+ {
+ "name": "http://packetstormsecurity.com/files/124200",
+ "refsource": "MISC",
+ "url": "http://packetstormsecurity.com/files/124200"
+ },
+ {
+ "name": "55753",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/55753"
+ },
+ {
+ "name": "claroline-cve20136267-xss(89264)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89264"
+ },
+ {
+ "name": "1029435",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1029435"
+ },
+ {
+ "name": "http://forum.claroline.net/viewtopic.php?f=88&t=26413",
+ "refsource": "CONFIRM",
+ "url": "http://forum.claroline.net/viewtopic.php?f=88&t=26413"
+ },
+ {
+ "name": "20131127 Multiple Cross-Site Scripting (XSS) in Claroline",
+ "refsource": "BUGTRAQ",
+ "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0139.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2013/6xxx/CVE-2013-6333.json b/2013/6xxx/CVE-2013-6333.json
index 85c1364c2eb..504bb2dae4d 100644
--- a/2013/6xxx/CVE-2013-6333.json
+++ b/2013/6xxx/CVE-2013-6333.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2013-6333",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6300, CVE-2013-6301, and CVE-2013-6320."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "psirt@us.ibm.com",
+ "ID": "CVE-2013-6333",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21666110",
- "refsource" : "CONFIRM",
- "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21666110"
- },
- {
- "name" : "ibm-algo-one-cve20136333-xss(89024)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89024"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6300, CVE-2013-6301, and CVE-2013-6320."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "ibm-algo-one-cve20136333-xss(89024)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89024"
+ },
+ {
+ "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21666110",
+ "refsource": "CONFIRM",
+ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21666110"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2013/6xxx/CVE-2013-6665.json b/2013/6xxx/CVE-2013-6665.json
index ff760b6ffd4..129574ddcaf 100644
--- a/2013/6xxx/CVE-2013-6665.json
+++ b/2013/6xxx/CVE-2013-6665.json
@@ -1,82 +1,82 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2013-6665",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Heap-based buffer overflow in the ResourceProvider::InitializeSoftware function in cc/resources/resource_provider.cc in Google Chrome before 33.0.1750.146 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large texture size that triggers improper memory allocation in the software renderer."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2013-6665",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html",
- "refsource" : "CONFIRM",
- "url" : "http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html"
- },
- {
- "name" : "https://code.google.com/p/chromium/issues/detail?id=337882",
- "refsource" : "CONFIRM",
- "url" : "https://code.google.com/p/chromium/issues/detail?id=337882"
- },
- {
- "name" : "https://src.chromium.org/viewvc/chrome?revision=250870&view=revision",
- "refsource" : "CONFIRM",
- "url" : "https://src.chromium.org/viewvc/chrome?revision=250870&view=revision"
- },
- {
- "name" : "DSA-2883",
- "refsource" : "DEBIAN",
- "url" : "http://www.debian.org/security/2014/dsa-2883"
- },
- {
- "name" : "65930",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/65930"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Heap-based buffer overflow in the ResourceProvider::InitializeSoftware function in cc/resources/resource_provider.cc in Google Chrome before 33.0.1750.146 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large texture size that triggers improper memory allocation in the software renderer."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "65930",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/65930"
+ },
+ {
+ "name": "https://code.google.com/p/chromium/issues/detail?id=337882",
+ "refsource": "CONFIRM",
+ "url": "https://code.google.com/p/chromium/issues/detail?id=337882"
+ },
+ {
+ "name": "DSA-2883",
+ "refsource": "DEBIAN",
+ "url": "http://www.debian.org/security/2014/dsa-2883"
+ },
+ {
+ "name": "http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html",
+ "refsource": "CONFIRM",
+ "url": "http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html"
+ },
+ {
+ "name": "https://src.chromium.org/viewvc/chrome?revision=250870&view=revision",
+ "refsource": "CONFIRM",
+ "url": "https://src.chromium.org/viewvc/chrome?revision=250870&view=revision"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2013/6xxx/CVE-2013-6751.json b/2013/6xxx/CVE-2013-6751.json
index 99bdda96789..3d044563b23 100644
--- a/2013/6xxx/CVE-2013-6751.json
+++ b/2013/6xxx/CVE-2013-6751.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2013-6751",
- "STATE" : "REJECT"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
- }
- ]
- }
-}
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2013-6751",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "REJECT"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2013/7xxx/CVE-2013-7326.json b/2013/7xxx/CVE-2013-7326.json
index a9d2cc0ade4..711de45ae28 100644
--- a/2013/7xxx/CVE-2013-7326.json
+++ b/2013/7xxx/CVE-2013-7326.json
@@ -1,87 +1,87 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2013-7326",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) return_url parameter to modules\\com_vtiger_workflow\\savetemplate.php, or unspecified vectors to (2) deletetask.php, (3) edittask.php, (4) savetask.php, or (5) saveworkflow.php."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2013-7326",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20131211 [SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting",
- "refsource" : "BUGTRAQ",
- "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-12/0052.html"
- },
- {
- "name" : "http://packetstormsecurity.com/files/124402",
- "refsource" : "MISC",
- "url" : "http://packetstormsecurity.com/files/124402"
- },
- {
- "name" : "http://www.enkomio.com/Advisory/SOJOBO-ADV-13-05",
- "refsource" : "MISC",
- "url" : "http://www.enkomio.com/Advisory/SOJOBO-ADV-13-05"
- },
- {
- "name" : "64236",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/64236"
- },
- {
- "name" : "100897",
- "refsource" : "OSVDB",
- "url" : "http://osvdb.org/100897"
- },
- {
- "name" : "vtiger-multiple-xss(89662)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89662"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) return_url parameter to modules\\com_vtiger_workflow\\savetemplate.php, or unspecified vectors to (2) deletetask.php, (3) edittask.php, (4) savetask.php, or (5) saveworkflow.php."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "vtiger-multiple-xss(89662)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89662"
+ },
+ {
+ "name": "http://packetstormsecurity.com/files/124402",
+ "refsource": "MISC",
+ "url": "http://packetstormsecurity.com/files/124402"
+ },
+ {
+ "name": "100897",
+ "refsource": "OSVDB",
+ "url": "http://osvdb.org/100897"
+ },
+ {
+ "name": "20131211 [SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting",
+ "refsource": "BUGTRAQ",
+ "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0052.html"
+ },
+ {
+ "name": "http://www.enkomio.com/Advisory/SOJOBO-ADV-13-05",
+ "refsource": "MISC",
+ "url": "http://www.enkomio.com/Advisory/SOJOBO-ADV-13-05"
+ },
+ {
+ "name": "64236",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/64236"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2013/7xxx/CVE-2013-7418.json b/2013/7xxx/CVE-2013-7418.json
index a269eb24c8e..16d80929565 100644
--- a/2013/7xxx/CVE-2013-7418.json
+++ b/2013/7xxx/CVE-2013-7418.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2013-7418",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting (XSS) vulnerability."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2013-7418",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://packetstormsecurity.com/files/129697/IPCop-2.1.4-Cross-Site-Request-Forgery-Cross-Site-Scripting.html",
- "refsource" : "MISC",
- "url" : "http://packetstormsecurity.com/files/129697/IPCop-2.1.4-Cross-Site-Request-Forgery-Cross-Site-Scripting.html"
- },
- {
- "name" : "http://sourceforge.net/p/ipcop/bugs/807/",
- "refsource" : "MISC",
- "url" : "http://sourceforge.net/p/ipcop/bugs/807/"
- },
- {
- "name" : "http://www.asafety.fr/vuln-exploit-poc/xss-rce-ipcop-2-1-4-remote-command-execution/",
- "refsource" : "MISC",
- "url" : "http://www.asafety.fr/vuln-exploit-poc/xss-rce-ipcop-2-1-4-remote-command-execution/"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting (XSS) vulnerability."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://www.asafety.fr/vuln-exploit-poc/xss-rce-ipcop-2-1-4-remote-command-execution/",
+ "refsource": "MISC",
+ "url": "http://www.asafety.fr/vuln-exploit-poc/xss-rce-ipcop-2-1-4-remote-command-execution/"
+ },
+ {
+ "name": "http://packetstormsecurity.com/files/129697/IPCop-2.1.4-Cross-Site-Request-Forgery-Cross-Site-Scripting.html",
+ "refsource": "MISC",
+ "url": "http://packetstormsecurity.com/files/129697/IPCop-2.1.4-Cross-Site-Request-Forgery-Cross-Site-Scripting.html"
+ },
+ {
+ "name": "http://sourceforge.net/p/ipcop/bugs/807/",
+ "refsource": "MISC",
+ "url": "http://sourceforge.net/p/ipcop/bugs/807/"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/10xxx/CVE-2017-10166.json b/2017/10xxx/CVE-2017-10166.json
index ef406849bba..f7eaf2afa1c 100644
--- a/2017/10xxx/CVE-2017-10166.json
+++ b/2017/10xxx/CVE-2017-10166.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "secalert_us@oracle.com",
- "ID" : "CVE-2017-10166",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Security Service",
- "version" : {
- "version_data" : [
- {
- "version_affected" : "=",
- "version_value" : "FMW: 11.1.1.9.0"
- },
- {
- "version_affected" : "=",
- "version_value" : "12.1.3.0.0"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Oracle Corporation"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: C Oracle SSL API). Supported versions that are affected are FMW: 11.1.1.9.0 and 12.1.3.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Security Service accessible data. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Security Service accessible data."
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert_us@oracle.com",
+ "ID": "CVE-2017-10166",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Security Service",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "FMW: 11.1.1.9.0"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "12.1.3.0.0"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Oracle Corporation"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
- },
- {
- "name" : "101412",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/101412"
- },
- {
- "name" : "1039602",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1039602"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: C Oracle SSL API). Supported versions that are affected are FMW: 11.1.1.9.0 and 12.1.3.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Security Service accessible data. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Security Service accessible data."
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "1039602",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1039602"
+ },
+ {
+ "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
+ },
+ {
+ "name": "101412",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/101412"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/10xxx/CVE-2017-10524.json b/2017/10xxx/CVE-2017-10524.json
index 3d741f06a16..933c6cbd19b 100644
--- a/2017/10xxx/CVE-2017-10524.json
+++ b/2017/10xxx/CVE-2017-10524.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-10524",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-10524",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/10xxx/CVE-2017-10731.json b/2017/10xxx/CVE-2017-10731.json
index 03816dff562..dd7a92183b1 100644
--- a/2017/10xxx/CVE-2017-10731.json
+++ b/2017/10xxx/CVE-2017-10731.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-10731",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "IrfanView version 4.44 (32bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d80.\""
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-10731",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10731",
- "refsource" : "MISC",
- "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10731"
- },
- {
- "name" : "http://www.irfanview.com/plugins.htm",
- "refsource" : "CONFIRM",
- "url" : "http://www.irfanview.com/plugins.htm"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "IrfanView version 4.44 (32bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d80.\""
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10731",
+ "refsource": "MISC",
+ "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10731"
+ },
+ {
+ "name": "http://www.irfanview.com/plugins.htm",
+ "refsource": "CONFIRM",
+ "url": "http://www.irfanview.com/plugins.htm"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/10xxx/CVE-2017-10864.json b/2017/10xxx/CVE-2017-10864.json
index 78ae8791d76..2c11f414e25 100644
--- a/2017/10xxx/CVE-2017-10864.json
+++ b/2017/10xxx/CVE-2017-10864.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "vultures@jpcert.or.jp",
- "ID" : "CVE-2017-10864",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Installer of HIBUN Confidential File Viewer",
- "version" : {
- "version_data" : [
- {
- "version_value" : "prior to 11.20.0001"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Hitachi Solutions, Ltd."
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Untrusted search path vulnerability in Installer of HIBUN Confidential File Viewer prior to 11.20.0001 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Untrusted search path vulnerability"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "vultures@jpcert.or.jp",
+ "ID": "CVE-2017-10864",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Installer of HIBUN Confidential File Viewer",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "prior to 11.20.0001"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Hitachi Solutions, Ltd."
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.hitachi-solutions.co.jp/hibun/sp/support/importance/20170929.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.hitachi-solutions.co.jp/hibun/sp/support/importance/20170929.html"
- },
- {
- "name" : "JVN#94056834",
- "refsource" : "JVN",
- "url" : "https://jvn.jp/en/jp/JVN94056834/index.html"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Untrusted search path vulnerability in Installer of HIBUN Confidential File Viewer prior to 11.20.0001 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Untrusted search path vulnerability"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://www.hitachi-solutions.co.jp/hibun/sp/support/importance/20170929.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.hitachi-solutions.co.jp/hibun/sp/support/importance/20170929.html"
+ },
+ {
+ "name": "JVN#94056834",
+ "refsource": "JVN",
+ "url": "https://jvn.jp/en/jp/JVN94056834/index.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/13xxx/CVE-2017-13001.json b/2017/13xxx/CVE-2017-13001.json
index 3ec01dd44f7..e468a2b0713 100644
--- a/2017/13xxx/CVE-2017-13001.json
+++ b/2017/13xxx/CVE-2017-13001.json
@@ -1,92 +1,92 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-13001",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh()."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-13001",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.tcpdump.org/tcpdump-changes.txt",
- "refsource" : "CONFIRM",
- "url" : "http://www.tcpdump.org/tcpdump-changes.txt"
- },
- {
- "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/7a923447fd49a069a0fd3b6c3547438ab5ee2123",
- "refsource" : "CONFIRM",
- "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/7a923447fd49a069a0fd3b6c3547438ab5ee2123"
- },
- {
- "name" : "https://support.apple.com/HT208221",
- "refsource" : "CONFIRM",
- "url" : "https://support.apple.com/HT208221"
- },
- {
- "name" : "DSA-3971",
- "refsource" : "DEBIAN",
- "url" : "http://www.debian.org/security/2017/dsa-3971"
- },
- {
- "name" : "GLSA-201709-23",
- "refsource" : "GENTOO",
- "url" : "https://security.gentoo.org/glsa/201709-23"
- },
- {
- "name" : "RHEA-2018:0705",
- "refsource" : "REDHAT",
- "url" : "https://access.redhat.com/errata/RHEA-2018:0705"
- },
- {
- "name" : "1039307",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1039307"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh()."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "GLSA-201709-23",
+ "refsource": "GENTOO",
+ "url": "https://security.gentoo.org/glsa/201709-23"
+ },
+ {
+ "name": "https://support.apple.com/HT208221",
+ "refsource": "CONFIRM",
+ "url": "https://support.apple.com/HT208221"
+ },
+ {
+ "name": "DSA-3971",
+ "refsource": "DEBIAN",
+ "url": "http://www.debian.org/security/2017/dsa-3971"
+ },
+ {
+ "name": "1039307",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1039307"
+ },
+ {
+ "name": "https://github.com/the-tcpdump-group/tcpdump/commit/7a923447fd49a069a0fd3b6c3547438ab5ee2123",
+ "refsource": "CONFIRM",
+ "url": "https://github.com/the-tcpdump-group/tcpdump/commit/7a923447fd49a069a0fd3b6c3547438ab5ee2123"
+ },
+ {
+ "name": "http://www.tcpdump.org/tcpdump-changes.txt",
+ "refsource": "CONFIRM",
+ "url": "http://www.tcpdump.org/tcpdump-changes.txt"
+ },
+ {
+ "name": "RHEA-2018:0705",
+ "refsource": "REDHAT",
+ "url": "https://access.redhat.com/errata/RHEA-2018:0705"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/13xxx/CVE-2017-13285.json b/2017/13xxx/CVE-2017-13285.json
index 6b47823b17d..10eb52000fe 100644
--- a/2017/13xxx/CVE-2017-13285.json
+++ b/2017/13xxx/CVE-2017-13285.json
@@ -1,81 +1,81 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "security@google.com",
- "DATE_PUBLIC" : "2018-04-02T00:00:00",
- "ID" : "CVE-2017-13285",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Android",
- "version" : {
- "version_data" : [
- {
- "version_value" : "6.0"
- },
- {
- "version_value" : "6.0.1"
- },
- {
- "version_value" : "7.0"
- },
- {
- "version_value" : "7.1.1"
- },
- {
- "version_value" : "7.1.2"
- },
- {
- "version_value" : "8.0"
- },
- {
- "version_value" : "8.1"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Google Inc."
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a possible out of bounds write due to an uninitialized buffer. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177126."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Remote code execution"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "security@android.com",
+ "DATE_PUBLIC": "2018-04-02T00:00:00",
+ "ID": "CVE-2017-13285",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Android",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "6.0"
+ },
+ {
+ "version_value": "6.0.1"
+ },
+ {
+ "version_value": "7.0"
+ },
+ {
+ "version_value": "7.1.1"
+ },
+ {
+ "version_value": "7.1.2"
+ },
+ {
+ "version_value": "8.0"
+ },
+ {
+ "version_value": "8.1"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Google Inc."
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://source.android.com/security/bulletin/2018-04-01",
- "refsource" : "CONFIRM",
- "url" : "https://source.android.com/security/bulletin/2018-04-01"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a possible out of bounds write due to an uninitialized buffer. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177126."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Remote code execution"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://source.android.com/security/bulletin/2018-04-01",
+ "refsource": "CONFIRM",
+ "url": "https://source.android.com/security/bulletin/2018-04-01"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/13xxx/CVE-2017-13858.json b/2017/13xxx/CVE-2017-13858.json
index 769ee460396..a50d84cad42 100644
--- a/2017/13xxx/CVE-2017-13858.json
+++ b/2017/13xxx/CVE-2017-13858.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "product-security@apple.com",
- "ID" : "CVE-2017-13858",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the \"IOKit\" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "product-security@apple.com",
+ "ID": "CVE-2017-13858",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://support.apple.com/HT208331",
- "refsource" : "CONFIRM",
- "url" : "https://support.apple.com/HT208331"
- },
- {
- "name" : "102099",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/102099"
- },
- {
- "name" : "1039966",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1039966"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the \"IOKit\" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://support.apple.com/HT208331",
+ "refsource": "CONFIRM",
+ "url": "https://support.apple.com/HT208331"
+ },
+ {
+ "name": "1039966",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1039966"
+ },
+ {
+ "name": "102099",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/102099"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/17xxx/CVE-2017-17036.json b/2017/17xxx/CVE-2017-17036.json
index 29306e7e669..4f3bdf697e3 100644
--- a/2017/17xxx/CVE-2017-17036.json
+++ b/2017/17xxx/CVE-2017-17036.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-17036",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-17036",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/17xxx/CVE-2017-17323.json b/2017/17xxx/CVE-2017-17323.json
index 4394e2dcfcf..851ad9c341f 100644
--- a/2017/17xxx/CVE-2017-17323.json
+++ b/2017/17xxx/CVE-2017-17323.json
@@ -1,68 +1,68 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "psirt@huawei.com",
- "ID" : "CVE-2017-17323",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "iBMC",
- "version" : {
- "version_data" : [
- {
- "version_value" : "V200R002C10"
- },
- {
- "version_value" : "V200R002C20"
- },
- {
- "version_value" : "V200R002C30"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Huawei Technologies Co., Ltd."
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause information disclosure."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "improper authorization"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "psirt@huawei.com",
+ "ID": "CVE-2017-17323",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "iBMC",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "V200R002C10"
+ },
+ {
+ "version_value": "V200R002C20"
+ },
+ {
+ "version_value": "V200R002C30"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Huawei Technologies Co., Ltd."
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-ibmc-en",
- "refsource" : "CONFIRM",
- "url" : "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-ibmc-en"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause information disclosure."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "improper authorization"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-ibmc-en",
+ "refsource": "CONFIRM",
+ "url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-ibmc-en"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/17xxx/CVE-2017-17713.json b/2017/17xxx/CVE-2017-17713.json
index d82cfdc9264..4422a1eaff9 100644
--- a/2017/17xxx/CVE-2017-17713.json
+++ b/2017/17xxx/CVE-2017-17713.json
@@ -1,82 +1,82 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-17713",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-17713",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://github.com/boxug/trape/commit/628149159ba25adbfc29a3ae1d4b10c7eb936dd3",
- "refsource" : "MISC",
- "url" : "https://github.com/boxug/trape/commit/628149159ba25adbfc29a3ae1d4b10c7eb936dd3"
- },
- {
- "name" : "https://www.seekurity.com/blog/general/cve-2017-17713-and-cve-2017-17714-multiple-sql-injections-and-xss-vulnerabilities-found-in-the-hackers-tracking-tool-trape-boxug/",
- "refsource" : "MISC",
- "url" : "https://www.seekurity.com/blog/general/cve-2017-17713-and-cve-2017-17714-multiple-sql-injections-and-xss-vulnerabilities-found-in-the-hackers-tracking-tool-trape-boxug/"
- },
- {
- "name" : "https://www.youtube.com/watch?v=RWw1UTeZee8",
- "refsource" : "MISC",
- "url" : "https://www.youtube.com/watch?v=RWw1UTeZee8"
- },
- {
- "name" : "https://www.youtube.com/watch?v=Txp6IwR24jY",
- "refsource" : "MISC",
- "url" : "https://www.youtube.com/watch?v=Txp6IwR24jY"
- },
- {
- "name" : "https://www.youtube.com/watch?v=efmvL235S-8",
- "refsource" : "MISC",
- "url" : "https://www.youtube.com/watch?v=efmvL235S-8"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://www.youtube.com/watch?v=Txp6IwR24jY",
+ "refsource": "MISC",
+ "url": "https://www.youtube.com/watch?v=Txp6IwR24jY"
+ },
+ {
+ "name": "https://github.com/boxug/trape/commit/628149159ba25adbfc29a3ae1d4b10c7eb936dd3",
+ "refsource": "MISC",
+ "url": "https://github.com/boxug/trape/commit/628149159ba25adbfc29a3ae1d4b10c7eb936dd3"
+ },
+ {
+ "name": "https://www.youtube.com/watch?v=RWw1UTeZee8",
+ "refsource": "MISC",
+ "url": "https://www.youtube.com/watch?v=RWw1UTeZee8"
+ },
+ {
+ "name": "https://www.seekurity.com/blog/general/cve-2017-17713-and-cve-2017-17714-multiple-sql-injections-and-xss-vulnerabilities-found-in-the-hackers-tracking-tool-trape-boxug/",
+ "refsource": "MISC",
+ "url": "https://www.seekurity.com/blog/general/cve-2017-17713-and-cve-2017-17714-multiple-sql-injections-and-xss-vulnerabilities-found-in-the-hackers-tracking-tool-trape-boxug/"
+ },
+ {
+ "name": "https://www.youtube.com/watch?v=efmvL235S-8",
+ "refsource": "MISC",
+ "url": "https://www.youtube.com/watch?v=efmvL235S-8"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/17xxx/CVE-2017-17731.json b/2017/17xxx/CVE-2017-17731.json
index 378e894efb8..0d002b6d055 100644
--- a/2017/17xxx/CVE-2017-17731.json
+++ b/2017/17xxx/CVE-2017-17731.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-17731",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-17731",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://0day5.com/archives/1346/",
- "refsource" : "MISC",
- "url" : "http://0day5.com/archives/1346/"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://0day5.com/archives/1346/",
+ "refsource": "MISC",
+ "url": "http://0day5.com/archives/1346/"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/17xxx/CVE-2017-17761.json b/2017/17xxx/CVE-2017-17761.json
index 57d9cdfd5c7..0930ebac60f 100644
--- a/2017/17xxx/CVE-2017-17761.json
+++ b/2017/17xxx/CVE-2017-17761.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-17761",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "An issue was discovered on Ichano AtHome IP Camera devices. The device runs the \"noodles\" binary - a service on port 1300 that allows a remote (LAN) unauthenticated user to run arbitrary commands. This binary requires the \"system\" XML element for specifying the command. For example, a id command results in a ok response."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-17761",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://blogs.securiteam.com/index.php/archives/3576",
- "refsource" : "MISC",
- "url" : "https://blogs.securiteam.com/index.php/archives/3576"
- },
- {
- "name" : "102974",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/102974"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "An issue was discovered on Ichano AtHome IP Camera devices. The device runs the \"noodles\" binary - a service on port 1300 that allows a remote (LAN) unauthenticated user to run arbitrary commands. This binary requires the \"system\" XML element for specifying the command. For example, a id command results in a ok response."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "102974",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/102974"
+ },
+ {
+ "name": "https://blogs.securiteam.com/index.php/archives/3576",
+ "refsource": "MISC",
+ "url": "https://blogs.securiteam.com/index.php/archives/3576"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/9xxx/CVE-2017-9213.json b/2017/9xxx/CVE-2017-9213.json
index 65d70726f45..d7fc4f46ed1 100644
--- a/2017/9xxx/CVE-2017-9213.json
+++ b/2017/9xxx/CVE-2017-9213.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-9213",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-9213",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/9xxx/CVE-2017-9377.json b/2017/9xxx/CVE-2017-9377.json
index a1d519ab900..ff4583941f2 100644
--- a/2017/9xxx/CVE-2017-9377.json
+++ b/2017/9xxx/CVE-2017-9377.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-9377",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-9377",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://www.contextis.com/resources/advisories/cve-2017-9377",
- "refsource" : "MISC",
- "url" : "https://www.contextis.com/resources/advisories/cve-2017-9377"
- },
- {
- "name" : "https://www.barco.com/en/Support/software/R33050037",
- "refsource" : "CONFIRM",
- "url" : "https://www.barco.com/en/Support/software/R33050037"
- },
- {
- "name" : "https://www.barco.com/en/support/software/R33050020",
- "refsource" : "CONFIRM",
- "url" : "https://www.barco.com/en/support/software/R33050020"
- },
- {
- "name" : "101617",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/101617"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://www.barco.com/en/support/software/R33050020",
+ "refsource": "CONFIRM",
+ "url": "https://www.barco.com/en/support/software/R33050020"
+ },
+ {
+ "name": "https://www.barco.com/en/Support/software/R33050037",
+ "refsource": "CONFIRM",
+ "url": "https://www.barco.com/en/Support/software/R33050037"
+ },
+ {
+ "name": "https://www.contextis.com/resources/advisories/cve-2017-9377",
+ "refsource": "MISC",
+ "url": "https://www.contextis.com/resources/advisories/cve-2017-9377"
+ },
+ {
+ "name": "101617",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/101617"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/9xxx/CVE-2017-9575.json b/2017/9xxx/CVE-2017-9575.json
index 8063e84869e..eadf128c53b 100644
--- a/2017/9xxx/CVE-2017-9575.json
+++ b/2017/9xxx/CVE-2017-9575.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-9575",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The \"FVB Mobile Banking\" by First Volunteer Bank of Tennessee app 3.1.1 -- aka fvb-mobile-banking/id551018004 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-9575",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5",
- "refsource" : "MISC",
- "url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The \"FVB Mobile Banking\" by First Volunteer Bank of Tennessee app 3.1.1 -- aka fvb-mobile-banking/id551018004 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5",
+ "refsource": "MISC",
+ "url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/9xxx/CVE-2017-9587.json b/2017/9xxx/CVE-2017-9587.json
index 9b3f3c9e443..9f02aa19161 100644
--- a/2017/9xxx/CVE-2017-9587.json
+++ b/2017/9xxx/CVE-2017-9587.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-9587",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The \"PCSB BANK Mobile\" by PCSB Bank app 3.0.4 -- aka pcsb-bank-mobile/id1067472090 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-9587",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5",
- "refsource" : "MISC",
- "url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The \"PCSB BANK Mobile\" by PCSB Bank app 3.0.4 -- aka pcsb-bank-mobile/id1067472090 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5",
+ "refsource": "MISC",
+ "url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/0xxx/CVE-2018-0303.json b/2018/0xxx/CVE-2018-0303.json
index a1056e22574..d9a8126fab8 100644
--- a/2018/0xxx/CVE-2018-0303.json
+++ b/2018/0xxx/CVE-2018-0303.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "psirt@cisco.com",
- "ID" : "CVE-2018-0303",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Cisco FXOS and NX-OS unknown",
- "version" : {
- "version_data" : [
- {
- "version_value" : "Cisco FXOS and NX-OS unknown"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on the affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2 adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. This vulnerability affects the following if configured to use Cisco Discovery Protocol: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvc22202, CSCvc22205, CSCvc22208, CSCvc88078, CSCvc88150, CSCvc88159, CSCvc88162, CSCvc88167."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "CWE-20"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "psirt@cisco.com",
+ "ID": "CVE-2018-0303",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Cisco FXOS and NX-OS unknown",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Cisco FXOS and NX-OS unknown"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-dos",
- "refsource" : "CONFIRM",
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-dos"
- },
- {
- "name" : "1041169",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1041169"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on the affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2 adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. This vulnerability affects the following if configured to use Cisco Discovery Protocol: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvc22202, CSCvc22205, CSCvc22208, CSCvc88078, CSCvc88150, CSCvc88159, CSCvc88162, CSCvc88167."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-20"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-dos",
+ "refsource": "CONFIRM",
+ "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-dos"
+ },
+ {
+ "name": "1041169",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1041169"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/0xxx/CVE-2018-0660.json b/2018/0xxx/CVE-2018-0660.json
index 9f45dcbdf09..2990e339c63 100644
--- a/2018/0xxx/CVE-2018-0660.json
+++ b/2018/0xxx/CVE-2018-0660.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "vultures@jpcert.or.jp",
- "ID" : "CVE-2018-0660",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "AttacheCase",
- "version" : {
- "version_data" : [
- {
- "version_value" : "ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "HiBARA Software"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create arbitrary files via specially crafted ATC file."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Directory traversal"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "vultures@jpcert.or.jp",
+ "ID": "CVE-2018-0660",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "AttacheCase",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "HiBARA Software"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://hibara.org/software/attachecase/?lang=en",
- "refsource" : "CONFIRM",
- "url" : "https://hibara.org/software/attachecase/?lang=en"
- },
- {
- "name" : "JVN#62121133",
- "refsource" : "JVN",
- "url" : "http://jvn.jp/en/jp/JVN62121133/index.html"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create arbitrary files via specially crafted ATC file."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Directory traversal"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://hibara.org/software/attachecase/?lang=en",
+ "refsource": "CONFIRM",
+ "url": "https://hibara.org/software/attachecase/?lang=en"
+ },
+ {
+ "name": "JVN#62121133",
+ "refsource": "JVN",
+ "url": "http://jvn.jp/en/jp/JVN62121133/index.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/18xxx/CVE-2018-18123.json b/2018/18xxx/CVE-2018-18123.json
index 9479ae7a11d..2f00f386fe8 100644
--- a/2018/18xxx/CVE-2018-18123.json
+++ b/2018/18xxx/CVE-2018-18123.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-18123",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-18123",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/18xxx/CVE-2018-18179.json b/2018/18xxx/CVE-2018-18179.json
index de5b5fd08ff..7b660cdcc39 100644
--- a/2018/18xxx/CVE-2018-18179.json
+++ b/2018/18xxx/CVE-2018-18179.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-18179",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-18179",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/18xxx/CVE-2018-18885.json b/2018/18xxx/CVE-2018-18885.json
index 376aafb12f6..705d5cfc997 100644
--- a/2018/18xxx/CVE-2018-18885.json
+++ b/2018/18xxx/CVE-2018-18885.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-18885",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-18885",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/19xxx/CVE-2018-19105.json b/2018/19xxx/CVE-2018-19105.json
index 92a24fb153e..7dd53c265ed 100644
--- a/2018/19xxx/CVE-2018-19105.json
+++ b/2018/19xxx/CVE-2018-19105.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-19105",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "LibreCAD 2.1.3 allows remote attackers to cause a denial of service (0x89C04589 write access violation and application crash) or possibly have unspecified other impact via a crafted file."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-19105",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://code610.blogspot.com/2018/11/crashing-librecad-213.html",
- "refsource" : "MISC",
- "url" : "https://code610.blogspot.com/2018/11/crashing-librecad-213.html"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "LibreCAD 2.1.3 allows remote attackers to cause a denial of service (0x89C04589 write access violation and application crash) or possibly have unspecified other impact via a crafted file."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://code610.blogspot.com/2018/11/crashing-librecad-213.html",
+ "refsource": "MISC",
+ "url": "https://code610.blogspot.com/2018/11/crashing-librecad-213.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/19xxx/CVE-2018-19290.json b/2018/19xxx/CVE-2018-19290.json
index 6fa0a8e6e11..d3a7371d101 100644
--- a/2018/19xxx/CVE-2018-19290.json
+++ b/2018/19xxx/CVE-2018-19290.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-19290",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in a denial of service or possibly unspecified other impact, as demonstrated by the \"!calc 5 x 5\" command. In versions before 3.0, modules/HELPBOT_MODULE/calc.php has the vulnerable code; in 3.0 and above, modules/HELPBOT_MODULE/HelpbotController.class.php has the vulnerable code."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-19290",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20181116 Budabot !calc Denial of Service",
- "refsource" : "FULLDISC",
- "url" : "http://seclists.org/fulldisclosure/2018/Nov/44"
- },
- {
- "name" : "http://packetstormsecurity.com/files/150391/Budabot-4.0-Denial-Of-Service.html",
- "refsource" : "MISC",
- "url" : "http://packetstormsecurity.com/files/150391/Budabot-4.0-Denial-Of-Service.html"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in a denial of service or possibly unspecified other impact, as demonstrated by the \"!calc 5 x 5\" command. In versions before 3.0, modules/HELPBOT_MODULE/calc.php has the vulnerable code; in 3.0 and above, modules/HELPBOT_MODULE/HelpbotController.class.php has the vulnerable code."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20181116 Budabot !calc Denial of Service",
+ "refsource": "FULLDISC",
+ "url": "http://seclists.org/fulldisclosure/2018/Nov/44"
+ },
+ {
+ "name": "http://packetstormsecurity.com/files/150391/Budabot-4.0-Denial-Of-Service.html",
+ "refsource": "MISC",
+ "url": "http://packetstormsecurity.com/files/150391/Budabot-4.0-Denial-Of-Service.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/19xxx/CVE-2018-19356.json b/2018/19xxx/CVE-2018-19356.json
index 6a6d171cb11..a125cd0c5a9 100644
--- a/2018/19xxx/CVE-2018-19356.json
+++ b/2018/19xxx/CVE-2018-19356.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-19356",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-19356",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/19xxx/CVE-2018-19667.json b/2018/19xxx/CVE-2018-19667.json
index f563e6b0aad..f124591bd6b 100644
--- a/2018/19xxx/CVE-2018-19667.json
+++ b/2018/19xxx/CVE-2018-19667.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-19667",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-19667",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/1xxx/CVE-2018-1163.json b/2018/1xxx/CVE-2018-1163.json
index a39f7fe8046..dec4daffd0e 100644
--- a/2018/1xxx/CVE-2018-1163.json
+++ b/2018/1xxx/CVE-2018-1163.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "zdi-disclosures@trendmicro.com",
- "ID" : "CVE-2018-1163",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Quest NetVault Backup",
- "version" : {
- "version_data" : [
- {
- "version_value" : "11.2.0.13"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Quest"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup 11.2.0.13. The specific flaw exists within JSON RPC Request handling. By setting the checksession parameter to a specific value, it is possible to bypass authentication to critical functions. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-4752."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "CWE-287-Improper Authentication"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "zdi-disclosures@trendmicro.com",
+ "ID": "CVE-2018-1163",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Quest NetVault Backup",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "11.2.0.13"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Quest"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://zerodayinitiative.com/advisories/ZDI-18-006",
- "refsource" : "MISC",
- "url" : "https://zerodayinitiative.com/advisories/ZDI-18-006"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup 11.2.0.13. The specific flaw exists within JSON RPC Request handling. By setting the checksession parameter to a specific value, it is possible to bypass authentication to critical functions. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-4752."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-287-Improper Authentication"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://zerodayinitiative.com/advisories/ZDI-18-006",
+ "refsource": "MISC",
+ "url": "https://zerodayinitiative.com/advisories/ZDI-18-006"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/1xxx/CVE-2018-1172.json b/2018/1xxx/CVE-2018-1172.json
index d9de6f31cb4..de8700ba921 100644
--- a/2018/1xxx/CVE-2018-1172.json
+++ b/2018/1xxx/CVE-2018-1172.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "zdi-disclosures@trendmicro.com",
- "ID" : "CVE-2018-1172",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "The Squid Software Foundation Squid",
- "version" : {
- "version_data" : [
- {
- "version_value" : "3.5.27-20180318"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "The Squid Software Foundation"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "CWE-476-NULL Pointer Dereference"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "zdi-disclosures@trendmicro.com",
+ "ID": "CVE-2018-1172",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "The Squid Software Foundation Squid",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "3.5.27-20180318"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "The Squid Software Foundation"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://zerodayinitiative.com/advisories/ZDI-18-309",
- "refsource" : "MISC",
- "url" : "https://zerodayinitiative.com/advisories/ZDI-18-309"
- },
- {
- "name" : "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt",
- "refsource" : "CONFIRM",
- "url" : "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-476-NULL Pointer Dereference"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://zerodayinitiative.com/advisories/ZDI-18-309",
+ "refsource": "MISC",
+ "url": "https://zerodayinitiative.com/advisories/ZDI-18-309"
+ },
+ {
+ "name": "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt",
+ "refsource": "CONFIRM",
+ "url": "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/1xxx/CVE-2018-1746.json b/2018/1xxx/CVE-2018-1746.json
index e62a9980971..08e55d845cb 100644
--- a/2018/1xxx/CVE-2018-1746.json
+++ b/2018/1xxx/CVE-2018-1746.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-1746",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-1746",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file