From 3d31e5ca36fc6fda5063c4d44be10c6c387f07df Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:16:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2008/0xxx/CVE-2008-0036.json | 220 ++++++++--------- 2008/0xxx/CVE-2008-0052.json | 200 +++++++-------- 2008/0xxx/CVE-2008-0058.json | 200 +++++++-------- 2008/0xxx/CVE-2008-0529.json | 170 ++++++------- 2008/0xxx/CVE-2008-0908.json | 140 +++++------ 2008/1xxx/CVE-2008-1064.json | 130 +++++----- 2008/1xxx/CVE-2008-1657.json | 430 ++++++++++++++++----------------- 2008/1xxx/CVE-2008-1665.json | 180 +++++++------- 2008/1xxx/CVE-2008-1679.json | 400 +++++++++++++++--------------- 2008/1xxx/CVE-2008-1748.json | 170 ++++++------- 2008/4xxx/CVE-2008-4032.json | 170 ++++++------- 2008/4xxx/CVE-2008-4870.json | 200 +++++++-------- 2008/4xxx/CVE-2008-4949.json | 180 +++++++------- 2008/5xxx/CVE-2008-5042.json | 170 ++++++------- 2008/5xxx/CVE-2008-5603.json | 150 ++++++------ 2013/2xxx/CVE-2013-2666.json | 34 +-- 2013/3xxx/CVE-2013-3779.json | 160 ++++++------ 2013/3xxx/CVE-2013-3815.json | 34 +-- 2013/4xxx/CVE-2013-4917.json | 34 +-- 2013/6xxx/CVE-2013-6216.json | 130 +++++----- 2013/6xxx/CVE-2013-6574.json | 34 +-- 2013/6xxx/CVE-2013-6984.json | 34 +-- 2013/7xxx/CVE-2013-7166.json | 34 +-- 2013/7xxx/CVE-2013-7358.json | 130 +++++----- 2017/10xxx/CVE-2017-10003.json | 142 +++++------ 2017/10xxx/CVE-2017-10349.json | 316 ++++++++++++------------ 2017/10xxx/CVE-2017-10422.json | 142 +++++------ 2017/10xxx/CVE-2017-10599.json | 34 +-- 2017/10xxx/CVE-2017-10893.json | 120 ++++----- 2017/13xxx/CVE-2017-13479.json | 34 +-- 2017/13xxx/CVE-2017-13568.json | 34 +-- 2017/13xxx/CVE-2017-13606.json | 34 +-- 2017/13xxx/CVE-2017-13871.json | 140 +++++------ 2017/17xxx/CVE-2017-17171.json | 306 +++++++++++------------ 2017/17xxx/CVE-2017-17543.json | 162 ++++++------- 2017/17xxx/CVE-2017-17756.json | 34 +-- 2017/17xxx/CVE-2017-17838.json | 34 +-- 2017/9xxx/CVE-2017-9598.json | 120 ++++----- 2018/0xxx/CVE-2018-0036.json | 34 +-- 2018/0xxx/CVE-2018-0508.json | 130 +++++----- 2018/0xxx/CVE-2018-0514.json | 130 +++++----- 2018/0xxx/CVE-2018-0541.json | 120 ++++----- 2018/0xxx/CVE-2018-0747.json | 142 +++++------ 2018/0xxx/CVE-2018-0833.json | 162 ++++++------- 2018/18xxx/CVE-2018-18503.json | 142 +++++------ 2018/18xxx/CVE-2018-18927.json | 120 ++++----- 2018/19xxx/CVE-2018-19282.json | 34 +-- 2018/19xxx/CVE-2018-19374.json | 34 +-- 2018/19xxx/CVE-2018-19901.json | 120 ++++----- 2018/19xxx/CVE-2018-19930.json | 34 +-- 2018/1xxx/CVE-2018-1009.json | 320 ++++++++++++------------ 2018/1xxx/CVE-2018-1031.json | 34 +-- 2018/1xxx/CVE-2018-1086.json | 176 +++++++------- 2018/1xxx/CVE-2018-1368.json | 154 ++++++------ 2018/1xxx/CVE-2018-1471.json | 35 ++- 2018/1xxx/CVE-2018-1899.json | 184 +++++++------- 56 files changed, 3745 insertions(+), 3746 deletions(-) diff --git a/2008/0xxx/CVE-2008-0036.json b/2008/0xxx/CVE-2008-0036.json index f08609482ad..1bff11b1a94 100644 --- a/2008/0xxx/CVE-2008-0036.json +++ b/2008/0xxx/CVE-2008-0036.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2008-01-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=307301", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307301" - }, - { - "name" : "APPLE-SA-2008-07-10", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html" - }, - { - "name" : "TA08-016A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-016A.html" - }, - { - "name" : "27300", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27300" - }, - { - "name" : "ADV-2008-0148", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0148" - }, - { - "name" : "ADV-2008-2064", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2064/references" - }, - { - "name" : "1019221", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019221" - }, - { - "name" : "28502", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28502" - }, - { - "name" : "31034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31034" - }, - { - "name" : "quicktime-pict-bo(39698)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28502", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28502" + }, + { + "name": "ADV-2008-2064", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2064/references" + }, + { + "name": "31034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31034" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307301", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307301" + }, + { + "name": "TA08-016A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-016A.html" + }, + { + "name": "APPLE-SA-2008-07-10", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html" + }, + { + "name": "APPLE-SA-2008-01-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html" + }, + { + "name": "27300", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27300" + }, + { + "name": "ADV-2008-0148", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0148" + }, + { + "name": "quicktime-pict-bo(39698)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39698" + }, + { + "name": "1019221", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019221" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0052.json b/2008/0xxx/CVE-2008-0052.json index 9fc978493f0..fd28459ca85 100644 --- a/2008/0xxx/CVE-2008-0052.json +++ b/2008/0xxx/CVE-2008-0052.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the \"Open 'Safe' files\" preference is set." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=307562", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307562" - }, - { - "name" : "APPLE-SA-2008-03-18", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" - }, - { - "name" : "TA08-079A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-079A.html" - }, - { - "name" : "28304", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28304" - }, - { - "name" : "28384", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28384" - }, - { - "name" : "ADV-2008-0924", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0924/references" - }, - { - "name" : "1019671", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019671" - }, - { - "name" : "29420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29420" - }, - { - "name" : "macos-coreservices-weak-security(41312)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41312" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the \"Open 'Safe' files\" preference is set." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28304", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28304" + }, + { + "name": "TA08-079A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html" + }, + { + "name": "ADV-2008-0924", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0924/references" + }, + { + "name": "29420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29420" + }, + { + "name": "APPLE-SA-2008-03-18", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" + }, + { + "name": "macos-coreservices-weak-security(41312)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41312" + }, + { + "name": "28384", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28384" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307562", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307562" + }, + { + "name": "1019671", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019671" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0058.json b/2008/0xxx/CVE-2008-0058.json index f99542eae76..9608739056d 100644 --- a/2008/0xxx/CVE-2008-0058.json +++ b/2008/0xxx/CVE-2008-0058.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=307562", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307562" - }, - { - "name" : "APPLE-SA-2008-03-18", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" - }, - { - "name" : "TA08-079A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-079A.html" - }, - { - "name" : "28304", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28304" - }, - { - "name" : "28359", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28359" - }, - { - "name" : "ADV-2008-0924", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0924/references" - }, - { - "name" : "1019650", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019650" - }, - { - "name" : "29420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29420" - }, - { - "name" : "macos-foundation-nsurl-code-execution(41297)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28359", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28359" + }, + { + "name": "28304", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28304" + }, + { + "name": "1019650", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019650" + }, + { + "name": "macos-foundation-nsurl-code-execution(41297)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41297" + }, + { + "name": "TA08-079A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html" + }, + { + "name": "ADV-2008-0924", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0924/references" + }, + { + "name": "29420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29420" + }, + { + "name": "APPLE-SA-2008-03-18", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307562", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307562" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0529.json b/2008/0xxx/CVE-2008-0529.json index 8e2b991fab5..eea13790e13 100644 --- a/2008/0xxx/CVE-2008-0529.json +++ b/2008/0xxx/CVE-2008-0529.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G running SCCP firmware might allow remote authenticated users to execute arbitrary code via a crafted command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2008-0529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080213 Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7a.shtml" - }, - { - "name" : "27774", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27774" - }, - { - "name" : "ADV-2008-0543", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0543" - }, - { - "name" : "1019410", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019410" - }, - { - "name" : "28935", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28935" - }, - { - "name" : "cisco-unifiedipphone-telnet-bo(40493)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40493" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G running SCCP firmware might allow remote authenticated users to execute arbitrary code via a crafted command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080213 Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7a.shtml" + }, + { + "name": "1019410", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019410" + }, + { + "name": "27774", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27774" + }, + { + "name": "ADV-2008-0543", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0543" + }, + { + "name": "cisco-unifiedipphone-telnet-bo(40493)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40493" + }, + { + "name": "28935", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28935" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0908.json b/2008/0xxx/CVE-2008-0908.json index 66ce5b32611..f473e343b19 100644 --- a/2008/0xxx/CVE-2008-0908.json +++ b/2008/0xxx/CVE-2008-0908.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0908", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in browse.asp in Schoolwires Academic Portal allows remote attackers to execute arbitrary SQL commands via the c parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0908", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "27903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27903" - }, - { - "name" : "29034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29034" - }, - { - "name" : "schoolwires-browse-sql-injection(40687)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40687" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in browse.asp in Schoolwires Academic Portal allows remote attackers to execute arbitrary SQL commands via the c parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "schoolwires-browse-sql-injection(40687)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40687" + }, + { + "name": "27903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27903" + }, + { + "name": "29034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29034" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1064.json b/2008/1xxx/CVE-2008-1064.json index 93c2c05c4d9..8b3b076ebb7 100644 --- a/2008/1xxx/CVE-2008-1064.json +++ b/2008/1xxx/CVE-2008-1064.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in images.php in the Red Mexico RMSOFT Gallery System (GS) 2.0 module (aka rmgs) for XOOPS allows remote attackers to inject arbitrary web script or HTML via the q parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.xssing.com/index.php?x=3&y=12", - "refsource" : "MISC", - "url" : "http://www.xssing.com/index.php?x=3&y=12" - }, - { - "name" : "rmsoftgallerysystem-images-xss(41013)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in images.php in the Red Mexico RMSOFT Gallery System (GS) 2.0 module (aka rmgs) for XOOPS allows remote attackers to inject arbitrary web script or HTML via the q parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "rmsoftgallerysystem-images-xss(41013)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41013" + }, + { + "name": "http://www.xssing.com/index.php?x=3&y=12", + "refsource": "MISC", + "url": "http://www.xssing.com/index.php?x=3&y=12" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1657.json b/2008/1xxx/CVE-2008-1657.json index 5f46e41d9c1..6b3be9e6dd6 100644 --- a/2008/1xxx/CVE-2008-1657.json +++ b/2008/1xxx/CVE-2008-1657.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080404 rPSA-2008-0139-1 gnome-ssh-askpass openssh openssh-client openssh-server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490488/100/0/threaded" - }, - { - "name" : "http://www.openssh.com/txt/release-4.9", - "refsource" : "CONFIRM", - "url" : "http://www.openssh.com/txt/release-4.9" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2419", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2419" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139" - }, - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc" - }, - { - "name" : "http://support.attachmate.com/techdocs/2374.html", - "refsource" : "CONFIRM", - "url" : "http://support.attachmate.com/techdocs/2374.html" - }, - { - "name" : "APPLE-SA-2008-09-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" - }, - { - "name" : "GLSA-200804-03", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml" - }, - { - "name" : "MDVSA-2008:098", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:098" - }, - { - "name" : "NetBSD-SA2008-005", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc" - }, - { - "name" : "[4.3] 001: SECURITY FIX: March 30, 2008", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata43.html#001_openssh" - }, - { - "name" : "SUSE-SR:2008:009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html" - }, - { - "name" : "USN-649-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-649-1" - }, - { - "name" : "TA08-260A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" - }, - { - "name" : "28531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28531" - }, - { - "name" : "ADV-2008-1035", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1035/references" - }, - { - "name" : "ADV-2008-1624", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1624/references" - }, - { - "name" : "ADV-2008-2584", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2584" - }, - { - "name" : "ADV-2008-2396", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2396" - }, - { - "name" : "1019733", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019733" - }, - { - "name" : "29602", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29602" - }, - { - "name" : "29609", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29609" - }, - { - "name" : "29683", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29683" - }, - { - "name" : "29693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29693" - }, - { - "name" : "29735", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29735" - }, - { - "name" : "29939", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29939" - }, - { - "name" : "30361", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30361" - }, - { - "name" : "31531", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31531" - }, - { - "name" : "31882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31882" - }, - { - "name" : "32080", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32080" - }, - { - "name" : "32110", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32110" - }, - { - "name" : "openssh-forcecommand-command-execution(41549)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41549" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28531" + }, + { + "name": "http://support.attachmate.com/techdocs/2374.html", + "refsource": "CONFIRM", + "url": "http://support.attachmate.com/techdocs/2374.html" + }, + { + "name": "USN-649-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-649-1" + }, + { + "name": "32110", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32110" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2419", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2419" + }, + { + "name": "APPLE-SA-2008-09-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" + }, + { + "name": "29609", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29609" + }, + { + "name": "31531", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31531" + }, + { + "name": "[4.3] 001: SECURITY FIX: March 30, 2008", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata43.html#001_openssh" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc" + }, + { + "name": "TA08-260A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" + }, + { + "name": "http://www.openssh.com/txt/release-4.9", + "refsource": "CONFIRM", + "url": "http://www.openssh.com/txt/release-4.9" + }, + { + "name": "1019733", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019733" + }, + { + "name": "ADV-2008-1624", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1624/references" + }, + { + "name": "ADV-2008-2584", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2584" + }, + { + "name": "29735", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29735" + }, + { + "name": "29683", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29683" + }, + { + "name": "30361", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30361" + }, + { + "name": "31882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31882" + }, + { + "name": "SUSE-SR:2008:009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html" + }, + { + "name": "32080", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32080" + }, + { + "name": "ADV-2008-2396", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2396" + }, + { + "name": "29939", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29939" + }, + { + "name": "ADV-2008-1035", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1035/references" + }, + { + "name": "29602", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29602" + }, + { + "name": "20080404 rPSA-2008-0139-1 gnome-ssh-askpass openssh openssh-client openssh-server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490488/100/0/threaded" + }, + { + "name": "NetBSD-SA2008-005", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139" + }, + { + "name": "29693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29693" + }, + { + "name": "MDVSA-2008:098", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:098" + }, + { + "name": "GLSA-200804-03", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml" + }, + { + "name": "openssh-forcecommand-command-execution(41549)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41549" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1665.json b/2008/1xxx/CVE-2008-1665.json index 229424c8339..9e2d61030ba 100644 --- a/2008/1xxx/CVE-2008-1665.json +++ b/2008/1xxx/CVE-2008-1665.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in HP Select Identity (HPSI) Active Directory Bidirectional LDAP Connector 2.20, 2.20.001, 2.20.002, and 2.30 allow remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02346", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01502023" - }, - { - "name" : "SSRT080097", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01502023" - }, - { - "name" : "30250", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30250" - }, - { - "name" : "ADV-2008-2119", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2119/references" - }, - { - "name" : "1020512", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020512" - }, - { - "name" : "31148", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31148" - }, - { - "name" : "hpselect-adb-unspecified-unauth-access(43847)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43847" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in HP Select Identity (HPSI) Active Directory Bidirectional LDAP Connector 2.20, 2.20.001, 2.20.002, and 2.30 allow remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1020512", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020512" + }, + { + "name": "hpselect-adb-unspecified-unauth-access(43847)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43847" + }, + { + "name": "30250", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30250" + }, + { + "name": "HPSBMA02346", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01502023" + }, + { + "name": "ADV-2008-2119", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2119/references" + }, + { + "name": "31148", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31148" + }, + { + "name": "SSRT080097", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01502023" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1679.json b/2008/1xxx/CVE-2008-1679.json index 354c870979f..542a3da7146 100644 --- a/2008/1xxx/CVE-2008-1679.json +++ b/2008/1xxx/CVE-2008-1679.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.python.org/msg64682", - "refsource" : "MISC", - "url" : "http://bugs.python.org/msg64682" - }, - { - "name" : "http://bugs.python.org/issue1179", - "refsource" : "CONFIRM", - "url" : "http://bugs.python.org/issue1179" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0149", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0149" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2424", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2424" - }, - { - "name" : "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900" - }, - { - "name" : "http://support.apple.com/kb/HT3438", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3438" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100074697", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100074697" - }, - { - "name" : "APPLE-SA-2009-02-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" - }, - { - "name" : "DSA-1551", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1551" - }, - { - "name" : "DSA-1620", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1620" - }, - { - "name" : "GLSA-200807-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200807-01.xml" - }, - { - "name" : "MDVSA-2008:163", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:163" - }, - { - "name" : "MDVSA-2008:164", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:164" - }, - { - "name" : "SSA:2008-217-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289" - }, - { - "name" : "SUSE-SR:2008:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" - }, - { - "name" : "USN-632-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-632-1" - }, - { - "name" : "oval:org.mitre.oval:def:10583", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10583" - }, - { - "name" : "oval:org.mitre.oval:def:7800", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7800" - }, - { - "name" : "29889", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29889" - }, - { - "name" : "29955", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29955" - }, - { - "name" : "30872", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30872" - }, - { - "name" : "31255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31255" - }, - { - "name" : "31358", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31358" - }, - { - "name" : "31365", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31365" - }, - { - "name" : "31518", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31518" - }, - { - "name" : "31687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31687" - }, - { - "name" : "33937", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33937" - }, - { - "name" : "38675", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38675" - }, - { - "name" : "python-imageopc-bo(41958)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41958" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2008:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" + }, + { + "name": "GLSA-200807-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200807-01.xml" + }, + { + "name": "30872", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30872" + }, + { + "name": "38675", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38675" + }, + { + "name": "33937", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33937" + }, + { + "name": "29955", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29955" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2424", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2424" + }, + { + "name": "31687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31687" + }, + { + "name": "DSA-1551", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1551" + }, + { + "name": "http://support.apple.com/kb/HT3438", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3438" + }, + { + "name": "oval:org.mitre.oval:def:10583", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10583" + }, + { + "name": "http://bugs.python.org/msg64682", + "refsource": "MISC", + "url": "http://bugs.python.org/msg64682" + }, + { + "name": "APPLE-SA-2009-02-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" + }, + { + "name": "31358", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31358" + }, + { + "name": "oval:org.mitre.oval:def:7800", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7800" + }, + { + "name": "USN-632-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-632-1" + }, + { + "name": "MDVSA-2008:164", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:164" + }, + { + "name": "31518", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31518" + }, + { + "name": "http://bugs.python.org/issue1179", + "refsource": "CONFIRM", + "url": "http://bugs.python.org/issue1179" + }, + { + "name": "31365", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31365" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100074697", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100074697" + }, + { + "name": "31255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31255" + }, + { + "name": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900" + }, + { + "name": "DSA-1620", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1620" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0149", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0149" + }, + { + "name": "MDVSA-2008:163", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:163" + }, + { + "name": "python-imageopc-bo(41958)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41958" + }, + { + "name": "SSA:2008-217-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289" + }, + { + "name": "29889", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29889" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1748.json b/2008/1xxx/CVE-2008-1748.json index 9fd5fe1d7b3..7502e50eec8 100644 --- a/2008/1xxx/CVE-2008-1748.json +++ b/2008/1xxx/CVE-2008-1748.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE message, aka Bug ID CSCsl22355." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2008-1748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml" - }, - { - "name" : "29221", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29221" - }, - { - "name" : "ADV-2008-1533", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1533" - }, - { - "name" : "1020022", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020022" - }, - { - "name" : "30238", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30238" - }, - { - "name" : "cucm-invite-dos(42419)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE message, aka Bug ID CSCsl22355." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml" + }, + { + "name": "ADV-2008-1533", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1533" + }, + { + "name": "29221", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29221" + }, + { + "name": "cucm-invite-dos(42419)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42419" + }, + { + "name": "30238", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30238" + }, + { + "name": "1020022", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020022" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4032.json b/2008/4xxx/CVE-2008-4032.json index 0f50ee0156e..073e7040a7b 100644 --- a/2008/4xxx/CVE-2008-4032.json +++ b/2008/4xxx/CVE-2008-4032.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and \"create scripts that would run in the context of the site\" via requests to administrative URIs, aka \"Access Control Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-4032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS08-077", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-077" - }, - { - "name" : "TA08-344A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-344A.html" - }, - { - "name" : "oval:org.mitre.oval:def:5774", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5774" - }, - { - "name" : "33063", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33063" - }, - { - "name" : "ADV-2008-3389", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3389" - }, - { - "name" : "1021367", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021367" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and \"create scripts that would run in the context of the site\" via requests to administrative URIs, aka \"Access Control Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1021367", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021367" + }, + { + "name": "ADV-2008-3389", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3389" + }, + { + "name": "oval:org.mitre.oval:def:5774", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5774" + }, + { + "name": "33063", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33063" + }, + { + "name": "TA08-344A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html" + }, + { + "name": "MS08-077", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-077" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4870.json b/2008/4xxx/CVE-2008-4870.json index 8321a029f34..223808da4c7 100644 --- a/2008/4xxx/CVE-2008-4870.json +++ b/2008/4xxx/CVE-2008-4870.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081029 CVE Request (dovecot)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/29/10" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=436287", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=436287" - }, - { - "name" : "GLSA-200812-16", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200812-16.xml" - }, - { - "name" : "RHSA-2009:0205", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0205.html" - }, - { - "name" : "oval:org.mitre.oval:def:10776", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10776" - }, - { - "name" : "33149", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33149" - }, - { - "name" : "32164", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32164" - }, - { - "name" : "33624", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33624" - }, - { - "name" : "dovecot-dovecot-information-disclosure(46323)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32164", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32164" + }, + { + "name": "[oss-security] 20081029 CVE Request (dovecot)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/29/10" + }, + { + "name": "33149", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33149" + }, + { + "name": "dovecot-dovecot-information-disclosure(46323)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46323" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=436287", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436287" + }, + { + "name": "GLSA-200812-16", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200812-16.xml" + }, + { + "name": "RHSA-2009:0205", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0205.html" + }, + { + "name": "33624", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33624" + }, + { + "name": "oval:org.mitre.oval:def:10776", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10776" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4949.json b/2008/4xxx/CVE-2008-4949.json index b3c170ee500..69407b7ffa0 100644 --- a/2008/4xxx/CVE-2008-4949.json +++ b/2008/4xxx/CVE-2008-4949.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dist 3.5 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/cil#####, (b) /tmp/pdo#####, and (c) /tmp/pdn##### temporary files, related to the (1) patcil and (2) patdiff scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2" - }, - { - "name" : "http://uvw.ru/report.lenny.txt", - "refsource" : "MISC", - "url" : "http://uvw.ru/report.lenny.txt" - }, - { - "name" : "http://bugs.debian.org/496412", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/496412" - }, - { - "name" : "http://dev.gentoo.org/~rbu/security/debiantemp/dist", - "refsource" : "CONFIRM", - "url" : "http://dev.gentoo.org/~rbu/security/debiantemp/dist" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770" - }, - { - "name" : "30908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30908" - }, - { - "name" : "dist-file-symlink(44818)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44818" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dist 3.5 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/cil#####, (b) /tmp/pdo#####, and (c) /tmp/pdn##### temporary files, related to the (1) patcil and (2) patdiff scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2" + }, + { + "name": "30908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30908" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=235770", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770" + }, + { + "name": "http://bugs.debian.org/496412", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/496412" + }, + { + "name": "http://uvw.ru/report.lenny.txt", + "refsource": "MISC", + "url": "http://uvw.ru/report.lenny.txt" + }, + { + "name": "http://dev.gentoo.org/~rbu/security/debiantemp/dist", + "refsource": "CONFIRM", + "url": "http://dev.gentoo.org/~rbu/security/debiantemp/dist" + }, + { + "name": "dist-file-symlink(44818)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44818" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5042.json b/2008/5xxx/CVE-2008-5042.json index 913fac27ac6..4865265afa0 100644 --- a/2008/5xxx/CVE-2008-5042.json +++ b/2008/5xxx/CVE-2008-5042.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to bypass authentication and perform administrative tasks via a direct request to admin/home.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7070", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7070" - }, - { - "name" : "32223", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32223" - }, - { - "name" : "ADV-2008-3065", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3065" - }, - { - "name" : "32601", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32601" - }, - { - "name" : "4574", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4574" - }, - { - "name" : "photovideotube-main-auth-bypass(46501)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to bypass authentication and perform administrative tasks via a direct request to admin/home.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "photovideotube-main-auth-bypass(46501)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46501" + }, + { + "name": "32223", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32223" + }, + { + "name": "7070", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7070" + }, + { + "name": "4574", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4574" + }, + { + "name": "32601", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32601" + }, + { + "name": "ADV-2008-3065", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3065" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5603.json b/2008/5xxx/CVE-2008-5603.json index b755bf9faa0..acfec8ec951 100644 --- a/2008/5xxx/CVE-2008-5603.json +++ b/2008/5xxx/CVE-2008-5603.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5603", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7359", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7359" - }, - { - "name" : "23573", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23573" - }, - { - "name" : "4762", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4762" - }, - { - "name" : "aspticker-news-info-disclosure(47143)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47143" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aspticker-news-info-disclosure(47143)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47143" + }, + { + "name": "7359", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7359" + }, + { + "name": "4762", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4762" + }, + { + "name": "23573", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23573" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2666.json b/2013/2xxx/CVE-2013-2666.json index 670cb91b07a..f2743671b35 100644 --- a/2013/2xxx/CVE-2013-2666.json +++ b/2013/2xxx/CVE-2013-2666.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2666", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2666", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3779.json b/2013/3xxx/CVE-2013-3779.json index 9e6e1a1727c..ad62cbe327a 100644 --- a/2013/3xxx/CVE-2013-3779.json +++ b/2013/3xxx/CVE-2013-3779.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3779", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization All 4.6 releases including 4.63 and 4.7 prior to 4.71 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web UI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-3779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" - }, - { - "name" : "61226", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61226" - }, - { - "name" : "95319", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95319" - }, - { - "name" : "1028793", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028793" - }, - { - "name" : "54238", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54238" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization All 4.6 releases including 4.63 and 4.7 prior to 4.71 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web UI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" + }, + { + "name": "54238", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54238" + }, + { + "name": "1028793", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028793" + }, + { + "name": "95319", + "refsource": "OSVDB", + "url": "http://osvdb.org/95319" + }, + { + "name": "61226", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61226" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3815.json b/2013/3xxx/CVE-2013-3815.json index b9c4ec99ce2..2ef573645d3 100644 --- a/2013/3xxx/CVE-2013-3815.json +++ b/2013/3xxx/CVE-2013-3815.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3815", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-3815", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4917.json b/2013/4xxx/CVE-2013-4917.json index 0cde9806859..55da76b450c 100644 --- a/2013/4xxx/CVE-2013-4917.json +++ b/2013/4xxx/CVE-2013-4917.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4917", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4917", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6216.json b/2013/6xxx/CVE-2013-6216.json index ad8aeebfd61..bfa95d8eea7 100644 --- a/2013/6xxx/CVE-2013-6216.json +++ b/2013/6xxx/CVE-2013-6216.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Array Configuration Utility, Array Diagnostics Utility, ProLiant Array Diagnostics, and SmartSSD Wear Gauge Utility 9.40 and earlier allows local users to gain privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-6216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02980", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04187357" - }, - { - "name" : "SSRT101452", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04187357" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Array Configuration Utility, Array Diagnostics Utility, ProLiant Array Diagnostics, and SmartSSD Wear Gauge Utility 9.40 and earlier allows local users to gain privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBST02980", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04187357" + }, + { + "name": "SSRT101452", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04187357" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6574.json b/2013/6xxx/CVE-2013-6574.json index f3aa5fabd8e..e6ba6406dd1 100644 --- a/2013/6xxx/CVE-2013-6574.json +++ b/2013/6xxx/CVE-2013-6574.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6574", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6574", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6984.json b/2013/6xxx/CVE-2013-6984.json index 50061cc14fe..30d55543a26 100644 --- a/2013/6xxx/CVE-2013-6984.json +++ b/2013/6xxx/CVE-2013-6984.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6984", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6984", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7166.json b/2013/7xxx/CVE-2013-7166.json index 8302dc6fbec..5ed98bb0649 100644 --- a/2013/7xxx/CVE-2013-7166.json +++ b/2013/7xxx/CVE-2013-7166.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7166", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-7166", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7358.json b/2013/7xxx/CVE-2013-7358.json index 264ae9c6145..dfbc8f1e7b1 100644 --- a/2013/7xxx/CVE-2013-7358.json +++ b/2013/7xxx/CVE-2013-7358.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.onapsis.com/get.php?resid=adv_onapsis-2013-011", - "refsource" : "MISC", - "url" : "http://www.onapsis.com/get.php?resid=adv_onapsis-2013-011" - }, - { - "name" : "http://www.onapsis.com/research-advisories.php", - "refsource" : "MISC", - "url" : "http://www.onapsis.com/research-advisories.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.onapsis.com/get.php?resid=adv_onapsis-2013-011", + "refsource": "MISC", + "url": "http://www.onapsis.com/get.php?resid=adv_onapsis-2013-011" + }, + { + "name": "http://www.onapsis.com/research-advisories.php", + "refsource": "MISC", + "url": "http://www.onapsis.com/research-advisories.php" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10003.json b/2017/10xxx/CVE-2017-10003.json index eb0efa142d7..8737b9d2a46 100644 --- a/2017/10xxx/CVE-2017-10003.json +++ b/2017/10xxx/CVE-2017-10003.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Solaris Operating System", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "10" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network Services Library). The supported version that is affected is 10. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99848", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99848" - }, - { - "name" : "1038938", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038938" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network Services Library). The supported version that is affected is 10. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99848", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99848" + }, + { + "name": "1038938", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038938" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10349.json b/2017/10xxx/CVE-2017-10349.json index a10c0cb32bc..887a38fed59 100644 --- a/2017/10xxx/CVE-2017-10349.json +++ b/2017/10xxx/CVE-2017-10349.json @@ -1,160 +1,160 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java SE: 6u161" - }, - { - "version_affected" : "=", - "version_value" : "7u151" - }, - { - "version_affected" : "=", - "version_value" : "8u144" - }, - { - "version_affected" : "=", - "version_value" : "9; Java SE Embedded: 8u144" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java SE: 6u161" + }, + { + "version_affected": "=", + "version_value": "7u151" + }, + { + "version_affected": "=", + "version_value": "8u144" + }, + { + "version_affected": "=", + "version_value": "9; Java SE Embedded: 8u144" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171019-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171019-0001/" - }, - { - "name" : "DSA-4015", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4015" - }, - { - "name" : "DSA-4048", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4048" - }, - { - "name" : "GLSA-201710-31", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-31" - }, - { - "name" : "GLSA-201711-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201711-14" - }, - { - "name" : "RHSA-2017:3264", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3264" - }, - { - "name" : "RHSA-2017:3267", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3267" - }, - { - "name" : "RHSA-2017:3268", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3268" - }, - { - "name" : "RHSA-2017:2998", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2998" - }, - { - "name" : "RHSA-2017:3392", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3392" - }, - { - "name" : "RHSA-2017:3046", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3046" - }, - { - "name" : "RHSA-2017:3047", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3047" - }, - { - "name" : "RHSA-2017:2999", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2999" - }, - { - "name" : "RHSA-2017:3453", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3453" - }, - { - "name" : "101348", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101348" - }, - { - "name" : "1039596", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039596" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:3047", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3047" + }, + { + "name": "GLSA-201711-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201711-14" + }, + { + "name": "101348", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101348" + }, + { + "name": "DSA-4015", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4015" + }, + { + "name": "RHSA-2017:3267", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3267" + }, + { + "name": "RHSA-2017:2998", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2998" + }, + { + "name": "RHSA-2017:3268", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3268" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "RHSA-2017:3046", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3046" + }, + { + "name": "1039596", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039596" + }, + { + "name": "GLSA-201710-31", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-31" + }, + { + "name": "RHSA-2017:3264", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3264" + }, + { + "name": "DSA-4048", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4048" + }, + { + "name": "RHSA-2017:3453", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3453" + }, + { + "name": "RHSA-2017:3392", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3392" + }, + { + "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20171019-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" + }, + { + "name": "RHSA-2017:2999", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2999" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10422.json b/2017/10xxx/CVE-2017-10422.json index ce27e56da74..8e2904792c8 100644 --- a/2017/10xxx/CVE-2017-10422.json +++ b/2017/10xxx/CVE-2017-10422.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.54" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Change Assistant). The supported version that is affected is 8.54. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.54" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101473", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101473" - }, - { - "name" : "1039598", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039598" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Change Assistant). The supported version that is affected is 8.54. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039598", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039598" + }, + { + "name": "101473", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101473" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10599.json b/2017/10xxx/CVE-2017-10599.json index 4c89970a43a..499e6cd34a9 100644 --- a/2017/10xxx/CVE-2017-10599.json +++ b/2017/10xxx/CVE-2017-10599.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10599", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10599", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10893.json b/2017/10xxx/CVE-2017-10893.json index 93db76e6eee..b4febf9f843 100644 --- a/2017/10xxx/CVE-2017-10893.json +++ b/2017/10xxx/CVE-2017-10893.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-10893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "The Public Certification Service for Individuals \"The JPKI user's software\"", - "version" : { - "version_data" : [ - { - "version_value" : "Ver3.1 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Japan Agency for Local Authority Information Systems" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in The Public Certification Service for Individuals \"The JPKI user's software\" Ver3.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-10893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "The Public Certification Service for Individuals \"The JPKI user's software\"", + "version": { + "version_data": [ + { + "version_value": "Ver3.1 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Japan Agency for Local Authority Information Systems" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#30352845", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN30352845/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in The Public Certification Service for Individuals \"The JPKI user's software\" Ver3.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#30352845", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN30352845/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13479.json b/2017/13xxx/CVE-2017-13479.json index f15585b006d..c481573dd6a 100644 --- a/2017/13xxx/CVE-2017-13479.json +++ b/2017/13xxx/CVE-2017-13479.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13479", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13479", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13568.json b/2017/13xxx/CVE-2017-13568.json index 92dd7d27d81..81f6b7a835e 100644 --- a/2017/13xxx/CVE-2017-13568.json +++ b/2017/13xxx/CVE-2017-13568.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13568", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13568", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13606.json b/2017/13xxx/CVE-2017-13606.json index 1f6e97c5955..da48bd2b9f4 100644 --- a/2017/13xxx/CVE-2017-13606.json +++ b/2017/13xxx/CVE-2017-13606.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13606", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13606", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13871.json b/2017/13xxx/CVE-2017-13871.json index 98da747d31e..66f488e2aea 100644 --- a/2017/13xxx/CVE-2017-13871.json +++ b/2017/13xxx/CVE-2017-13871.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-13871", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the \"Mail\" component. It allows remote attackers to read cleartext e-mail content (for which S/MIME encryption was intended) by leveraging the lack of installation of an S/MIME certificate by the recipient." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-13871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208331", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208331" - }, - { - "name" : "102099", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102099" - }, - { - "name" : "1039966", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the \"Mail\" component. It allows remote attackers to read cleartext e-mail content (for which S/MIME encryption was intended) by leveraging the lack of installation of an S/MIME certificate by the recipient." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208331", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208331" + }, + { + "name": "1039966", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039966" + }, + { + "name": "102099", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102099" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17171.json b/2017/17xxx/CVE-2017-17171.json index 160786e7294..c07e11fd421 100644 --- a/2017/17xxx/CVE-2017-17171.json +++ b/2017/17xxx/CVE-2017-17171.json @@ -1,155 +1,155 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-17171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HUAWEI Mate 8; HUAWEI P9; HUAWEI P9 Plus", - "version" : { - "version_data" : [ - { - "version_value" : "HUAWEI Mate 8 Versions earlier than NXT-AL10C00B592" - }, - { - "version_value" : "Versions earlier than NXT-CL00C92B592" - }, - { - "version_value" : "Versions earlier than NXT-DL00C17B592" - }, - { - "version_value" : "Versions earlier than NXT-L09AC636B220" - }, - { - "version_value" : "Versions earlier than NXT-L09C185B582" - }, - { - "version_value" : "Versions earlier than NXT-L09C432B581" - }, - { - "version_value" : "Versions earlier than NXT-L09C605B585" - }, - { - "version_value" : "Versions earlier than NXT-L29C10B580" - }, - { - "version_value" : "Versions earlier than NXT-L29C185B582" - }, - { - "version_value" : "Versions earlier than NXT-L29C636B589" - }, - { - "version_value" : "Versions earlier than NXT-TL00C01B592" - }, - { - "version_value" : "HUAWEI P9 Versions earlier than EVA-AL00C00B398" - }, - { - "version_value" : "Versions earlier than EVA-AL10C00B398" - }, - { - "version_value" : "Versions earlier than EVA-CL00C92B398" - }, - { - "version_value" : "Versions earlier than EVA-DL00C17B398" - }, - { - "version_value" : "Versions earlier than EVA-L09C185B391" - }, - { - "version_value" : "Versions earlier than EVA-L09C432B395" - }, - { - "version_value" : "Versions earlier than EVA-L09C464B383" - }, - { - "version_value" : "Versions earlier than EVA-L09C605B392" - }, - { - "version_value" : "Versions earlier than EVA-L09C635B391" - }, - { - "version_value" : "Versions earlier than EVA-L09C636B388" - }, - { - "version_value" : "Versions earlier than EVA-L19C10B394" - }, - { - "version_value" : "Versions earlier than EVA-L19C432B392" - }, - { - "version_value" : "Versions earlier than EVA-L19C605B390" - }, - { - "version_value" : "Versions earlier than EVA-L19C636B393" - }, - { - "version_value" : "Versions earlier than EVA-L29C636B389" - }, - { - "version_value" : "Versions earlier than EVA-TL00C01B398" - }, - { - "version_value" : "HUAWEI P9 Plus Versions earlier than VIE-L09C318B182" - }, - { - "version_value" : "Versions earlier than VIE-L09C432B380" - }, - { - "version_value" : "Versions earlier than VIE-L09C576B180" - }, - { - "version_value" : "Versions earlier than VIE-L29C605B370" - }, - { - "version_value" : "Versions earlier than VIE-L29C636B388" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful exploit could allow the app to send specific parameters to the smart phone driver, which will result in system restart." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-17171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HUAWEI Mate 8; HUAWEI P9; HUAWEI P9 Plus", + "version": { + "version_data": [ + { + "version_value": "HUAWEI Mate 8 Versions earlier than NXT-AL10C00B592" + }, + { + "version_value": "Versions earlier than NXT-CL00C92B592" + }, + { + "version_value": "Versions earlier than NXT-DL00C17B592" + }, + { + "version_value": "Versions earlier than NXT-L09AC636B220" + }, + { + "version_value": "Versions earlier than NXT-L09C185B582" + }, + { + "version_value": "Versions earlier than NXT-L09C432B581" + }, + { + "version_value": "Versions earlier than NXT-L09C605B585" + }, + { + "version_value": "Versions earlier than NXT-L29C10B580" + }, + { + "version_value": "Versions earlier than NXT-L29C185B582" + }, + { + "version_value": "Versions earlier than NXT-L29C636B589" + }, + { + "version_value": "Versions earlier than NXT-TL00C01B592" + }, + { + "version_value": "HUAWEI P9 Versions earlier than EVA-AL00C00B398" + }, + { + "version_value": "Versions earlier than EVA-AL10C00B398" + }, + { + "version_value": "Versions earlier than EVA-CL00C92B398" + }, + { + "version_value": "Versions earlier than EVA-DL00C17B398" + }, + { + "version_value": "Versions earlier than EVA-L09C185B391" + }, + { + "version_value": "Versions earlier than EVA-L09C432B395" + }, + { + "version_value": "Versions earlier than EVA-L09C464B383" + }, + { + "version_value": "Versions earlier than EVA-L09C605B392" + }, + { + "version_value": "Versions earlier than EVA-L09C635B391" + }, + { + "version_value": "Versions earlier than EVA-L09C636B388" + }, + { + "version_value": "Versions earlier than EVA-L19C10B394" + }, + { + "version_value": "Versions earlier than EVA-L19C432B392" + }, + { + "version_value": "Versions earlier than EVA-L19C605B390" + }, + { + "version_value": "Versions earlier than EVA-L19C636B393" + }, + { + "version_value": "Versions earlier than EVA-L29C636B389" + }, + { + "version_value": "Versions earlier than EVA-TL00C01B398" + }, + { + "version_value": "HUAWEI P9 Plus Versions earlier than VIE-L09C318B182" + }, + { + "version_value": "Versions earlier than VIE-L09C432B380" + }, + { + "version_value": "Versions earlier than VIE-L09C576B180" + }, + { + "version_value": "Versions earlier than VIE-L29C605B370" + }, + { + "version_value": "Versions earlier than VIE-L29C636B388" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-smartphone", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-smartphone" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful exploit could allow the app to send specific parameters to the smart phone driver, which will result in system restart." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-smartphone", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-smartphone" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17543.json b/2017/17xxx/CVE-2017-17543.json index 82a9e2958b5..111cca78e49 100644 --- a/2017/17xxx/CVE-2017-17543.json +++ b/2017/17xxx/CVE-2017-17543.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@fortinet.com", - "DATE_PUBLIC" : "2017-12-07T00:00:00", - "ID" : "CVE-2017-17543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FortiClient for Windows", - "version" : { - "version_data" : [ - { - "version_value" : "5.6.0 and below versions" - } - ] - } - }, - { - "product_name" : "FortiClient for Mac OSX", - "version" : { - "version_data" : [ - { - "version_value" : "5.6.0 and below versions" - } - ] - } - }, - { - "product_name" : "FortiClient SSLVPN Client for Linux", - "version" : { - "version_data" : [ - { - "version_value" : "4.4.2335 and below versions" - } - ] - } - } - ] - }, - "vendor_name" : "Fortinet, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@fortinet.com", + "DATE_PUBLIC": "2017-12-07T00:00:00", + "ID": "CVE-2017-17543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FortiClient for Windows", + "version": { + "version_data": [ + { + "version_value": "5.6.0 and below versions" + } + ] + } + }, + { + "product_name": "FortiClient for Mac OSX", + "version": { + "version_data": [ + { + "version_value": "5.6.0 and below versions" + } + ] + } + }, + { + "product_name": "FortiClient SSLVPN Client for Linux", + "version": { + "version_data": [ + { + "version_value": "4.4.2335 and below versions" + } + ] + } + } + ] + }, + "vendor_name": "Fortinet, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://fortiguard.com/advisory/FG-IR-17-313", - "refsource" : "CONFIRM", - "url" : "https://fortiguard.com/advisory/FG-IR-17-313" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://fortiguard.com/advisory/FG-IR-17-313", + "refsource": "CONFIRM", + "url": "https://fortiguard.com/advisory/FG-IR-17-313" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17756.json b/2017/17xxx/CVE-2017-17756.json index 6292510b184..a0aa981aa0f 100644 --- a/2017/17xxx/CVE-2017-17756.json +++ b/2017/17xxx/CVE-2017-17756.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17756", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17756", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17838.json b/2017/17xxx/CVE-2017-17838.json index 72ab7393eb5..48ae4cb4d54 100644 --- a/2017/17xxx/CVE-2017-17838.json +++ b/2017/17xxx/CVE-2017-17838.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17838", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17838", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9598.json b/2017/9xxx/CVE-2017-9598.json index e9e779c5ca2..c474c56e222 100644 --- a/2017/9xxx/CVE-2017-9598.json +++ b/2017/9xxx/CVE-2017-9598.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"Morton Credit Union Mobile Banking\" by Morton Credit Union app 3.0.1 -- aka morton-credit-union-mobile-banking/id1119623070 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"Morton Credit Union Mobile Banking\" by Morton Credit Union app 3.0.1 -- aka morton-credit-union-mobile-banking/id1119623070 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0036.json b/2018/0xxx/CVE-2018-0036.json index 8bbb23e6cd5..72a341beea7 100644 --- a/2018/0xxx/CVE-2018-0036.json +++ b/2018/0xxx/CVE-2018-0036.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0036", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-0036", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0508.json b/2018/0xxx/CVE-2018-0508.json index fe834c49abf..49df0eddf1f 100644 --- a/2018/0xxx/CVE-2018-0508.json +++ b/2018/0xxx/CVE-2018-0508.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "epg search result viewer(kkcald)", - "version" : { - "version_data" : [ - { - "version_value" : "0.7.21 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "kkcal" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "epg search result viewer(kkcald)", + "version": { + "version_data": [ + { + "version_value": "0.7.21 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "kkcal" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dbit.web.fc2.com/", - "refsource" : "CONFIRM", - "url" : "http://dbit.web.fc2.com/" - }, - { - "name" : "JVN#91393903", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN91393903/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dbit.web.fc2.com/", + "refsource": "CONFIRM", + "url": "http://dbit.web.fc2.com/" + }, + { + "name": "JVN#91393903", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN91393903/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0514.json b/2018/0xxx/CVE-2018-0514.json index d8887f12a58..012ec06fbd0 100644 --- a/2018/0xxx/CVE-2018-0514.json +++ b/2018/0xxx/CVE-2018-0514.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MP Form Mail CGI eCommerce Edition", - "version" : { - "version_data" : [ - { - "version_value" : "Ver 2.0.13 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "futomi Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MP Form Mail CGI eCommerce Edition", + "version": { + "version_data": [ + { + "version_value": "Ver 2.0.13 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "futomi Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.futomi.com/library/mpmailec.html#history", - "refsource" : "CONFIRM", - "url" : "http://www.futomi.com/library/mpmailec.html#history" - }, - { - "name" : "JVN#15462187", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN15462187/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#15462187", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN15462187/index.html" + }, + { + "name": "http://www.futomi.com/library/mpmailec.html#history", + "refsource": "CONFIRM", + "url": "http://www.futomi.com/library/mpmailec.html#history" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0541.json b/2018/0xxx/CVE-2018-0541.json index 7b9d8ec125c..adaa0b2c291 100644 --- a/2018/0xxx/CVE-2018-0541.json +++ b/2018/0xxx/CVE-2018-0541.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Tiny FTP Daemon", - "version" : { - "version_data" : [ - { - "version_value" : "Ver0.52d" - } - ] - } - } - ] - }, - "vendor_name" : "Hisayuki Nomura" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to cause a denial-of-service (DoS) condition or execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tiny FTP Daemon", + "version": { + "version_data": [ + { + "version_value": "Ver0.52d" + } + ] + } + } + ] + }, + "vendor_name": "Hisayuki Nomura" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#92259864", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN92259864/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to cause a denial-of-service (DoS) condition or execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#92259864", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN92259864/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0747.json b/2018/0xxx/CVE-2018-0747.json index 1777c7b19d0..c1cfecea4e8 100644 --- a/2018/0xxx/CVE-2018-0747.json +++ b/2018/0xxx/CVE-2018-0747.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-01-03T00:00:00", - "ID" : "CVE-2018-0747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows kernel", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka \"Windows Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0746." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-01-03T00:00:00", + "ID": "CVE-2018-0747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows kernel", + "version": { + "version_data": [ + { + "version_value": "Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0747", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0747" - }, - { - "name" : "102366", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102366" - }, - { - "name" : "1040097", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka \"Windows Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0746." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040097", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040097" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0747", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0747" + }, + { + "name": "102366", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102366" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0833.json b/2018/0xxx/CVE-2018-0833.json index d1ddbab1f80..fd13f275f5a 100644 --- a/2018/0xxx/CVE-2018-0833.json +++ b/2018/0xxx/CVE-2018-0833.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-02-13T00:00:00", - "ID" : "CVE-2018-0833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Server Message Block", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 8.1 and RT 8.1 and Windows Server 2012 R2" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in Windows 8.1 and RT 8.1 and Windows Server 2012 R2 allows a denial of service vulnerability due to how specially crafted requests are handled, aka \"SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Moderate" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-02-13T00:00:00", + "ID": "CVE-2018-0833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Server Message Block", + "version": { + "version_data": [ + { + "version_value": "Windows 8.1 and RT 8.1 and Windows Server 2012 R2" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44189", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44189/" - }, - { - "name" : "https://github.com/KINGSABRI/CVE-in-Ruby/tree/master/CVE-2018-0833", - "refsource" : "MISC", - "url" : "https://github.com/KINGSABRI/CVE-in-Ruby/tree/master/CVE-2018-0833" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0833", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0833" - }, - { - "name" : "102924", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102924" - }, - { - "name" : "1040375", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in Windows 8.1 and RT 8.1 and Windows Server 2012 R2 allows a denial of service vulnerability due to how specially crafted requests are handled, aka \"SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Moderate" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102924", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102924" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0833", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0833" + }, + { + "name": "1040375", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040375" + }, + { + "name": "https://github.com/KINGSABRI/CVE-in-Ruby/tree/master/CVE-2018-0833", + "refsource": "MISC", + "url": "https://github.com/KINGSABRI/CVE-in-Ruby/tree/master/CVE-2018-0833" + }, + { + "name": "44189", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44189/" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18503.json b/2018/18xxx/CVE-2018-18503.json index 3bf2b1703ec..7096887f4d0 100644 --- a/2018/18xxx/CVE-2018-18503.json +++ b/2018/18xxx/CVE-2018-18503.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-18503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "65" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox < 65." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory corruption with Audio Buffer" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-18503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "65" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2019-01/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2019-01/" - }, - { - "name" : "USN-3874-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3874-1/" - }, - { - "name" : "106773", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106773" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox < 65." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory corruption with Audio Buffer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2019-01/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-01/" + }, + { + "name": "106773", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106773" + }, + { + "name": "USN-3874-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3874-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18927.json b/2018/18xxx/CVE-2018-18927.json index e20f0628fcc..1450a49f194 100644 --- a/2018/18xxx/CVE-2018-18927.json +++ b/2018/18xxx/CVE-2018-18927.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list \"attached\" attribute (which typically has 'class=\"icon-globe icon-large\"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = \"[XSS]\" WHERE id=\"page_list\"' statement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/sanluan/PublicCMS/issues/22", - "refsource" : "MISC", - "url" : "https://github.com/sanluan/PublicCMS/issues/22" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list \"attached\" attribute (which typically has 'class=\"icon-globe icon-large\"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = \"[XSS]\" WHERE id=\"page_list\"' statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/sanluan/PublicCMS/issues/22", + "refsource": "MISC", + "url": "https://github.com/sanluan/PublicCMS/issues/22" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19282.json b/2018/19xxx/CVE-2018-19282.json index a63532564ce..7b677095deb 100644 --- a/2018/19xxx/CVE-2018-19282.json +++ b/2018/19xxx/CVE-2018-19282.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19282", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19282", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19374.json b/2018/19xxx/CVE-2018-19374.json index d0c00309e9f..eb5d7967348 100644 --- a/2018/19xxx/CVE-2018-19374.json +++ b/2018/19xxx/CVE-2018-19374.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19374", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19374", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19901.json b/2018/19xxx/CVE-2018-19901.json index 33a2cc3053b..ad650a36a25 100644 --- a/2018/19xxx/CVE-2018-19901.json +++ b/2018/19xxx/CVE-2018-19901.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article/index/ \"article_title\" parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/security-breachlock/CVE-2018-19901/blob/master/XSS-1.pdf", - "refsource" : "MISC", - "url" : "https://github.com/security-breachlock/CVE-2018-19901/blob/master/XSS-1.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article/index/ \"article_title\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/security-breachlock/CVE-2018-19901/blob/master/XSS-1.pdf", + "refsource": "MISC", + "url": "https://github.com/security-breachlock/CVE-2018-19901/blob/master/XSS-1.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19930.json b/2018/19xxx/CVE-2018-19930.json index 698c2d329a3..5e56f70d3dd 100644 --- a/2018/19xxx/CVE-2018-19930.json +++ b/2018/19xxx/CVE-2018-19930.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19930", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19930", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1009.json b/2018/1xxx/CVE-2018-1009.json index e11531dc40c..b78ace60910 100644 --- a/2018/1xxx/CVE-2018-1009.json +++ b/2018/1xxx/CVE-2018-1009.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-1009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows RT 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows RT 8.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2012", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1511 for 32-bit Systems" - }, - { - "version_value" : "Version 1511 for x64-based Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists when Windows improperly handles objects in memory and incorrectly maps kernel memory, aka \"Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-1009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1511 for 32-bit Systems" + }, + { + "version_value": "Version 1511 for x64-based Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1009", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1009" - }, - { - "name" : "103654", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103654" - }, - { - "name" : "1040673", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040673" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Windows improperly handles objects in memory and incorrectly maps kernel memory, aka \"Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103654", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103654" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1009", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1009" + }, + { + "name": "1040673", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040673" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1031.json b/2018/1xxx/CVE-2018-1031.json index eb737047a31..10c688b35fe 100644 --- a/2018/1xxx/CVE-2018-1031.json +++ b/2018/1xxx/CVE-2018-1031.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1031", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1031", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1086.json b/2018/1xxx/CVE-2018-1086.json index 1528cf60bfd..6d4ae025b95 100644 --- a/2018/1xxx/CVE-2018-1086.json +++ b/2018/1xxx/CVE-2018-1086.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-1086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "pcs", - "version" : { - "version_data" : [ - { - "version_value" : "pcs 0.9.164" - }, - { - "version_value" : " pcs 0.10" - } - ] - } - } - ] - }, - "vendor_name" : "redhat" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-1086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "pcs", + "version": { + "version_data": [ + { + "version_value": "pcs 0.9.164" + }, + { + "version_value": " pcs 0.10" + } + ] + } + } + ] + }, + "vendor_name": "redhat" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1086", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1086" - }, - { - "name" : "DSA-4169", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4169" - }, - { - "name" : "RHSA-2018:1060", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1060" - }, - { - "name" : "RHSA-2018:1927", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1927" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1086", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1086" + }, + { + "name": "RHSA-2018:1060", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1060" + }, + { + "name": "RHSA-2018:1927", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1927" + }, + { + "name": "DSA-4169", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4169" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1368.json b/2018/1xxx/CVE-2018-1368.json index cff5822a804..e8434b4d8fa 100644 --- a/2018/1xxx/CVE-2018-1368.json +++ b/2018/1xxx/CVE-2018-1368.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-02-06T00:00:00", - "ID" : "CVE-2018-1368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Guardium", - "version" : { - "version_data" : [ - { - "version_value" : "9.0" - }, - { - "version_value" : "9.1" - }, - { - "version_value" : "9.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 could allow a local user with low privileges to view report pages and perform some actions that only an admin should be performing, so there is risk that someone not authorized can change things that they are not suppose to. IBM X-Force ID: 137765." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-02-06T00:00:00", + "ID": "CVE-2018-1368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Guardium", + "version": { + "version_data": [ + { + "version_value": "9.0" + }, + { + "version_value": "9.1" + }, + { + "version_value": "9.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137765", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137765" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22013302", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22013302" - }, - { - "name" : "1040349", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040349" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 could allow a local user with low privileges to view report pages and perform some actions that only an admin should be performing, so there is risk that someone not authorized can change things that they are not suppose to. IBM X-Force ID: 137765." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137765", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137765" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22013302", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22013302" + }, + { + "name": "1040349", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040349" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1471.json b/2018/1xxx/CVE-2018-1471.json index f4861849e6b..00196dbe394 100644 --- a/2018/1xxx/CVE-2018-1471.json +++ b/2018/1xxx/CVE-2018-1471.json @@ -1,19 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_PUBLIC" : "2018-04-24T00:00:00", - "ID" : "CVE-2018-1471", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-1471", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1899.json b/2018/1xxx/CVE-2018-1899.json index d179b976ed2..02cd6b2a397 100644 --- a/2018/1xxx/CVE-2018-1899.json +++ b/2018/1xxx/CVE-2018-1899.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-02-01T00:00:00", - "ID" : "CVE-2018-1899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "InfoSphere Information Server", - "version" : { - "version_data" : [ - { - "version_value" : "11.3" - }, - { - "version_value" : "11.5" - }, - { - "version_value" : "11.7" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an attacker to change one of the settings related to InfoSphere Business Glossary Anywhere due to improper access control. IBM X-Force ID: 152528." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "A", - "C" : "N", - "I" : "L", - "PR" : "N", - "S" : "U", - "SCORE" : "4.300", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-02-01T00:00:00", + "ID": "CVE-2018-1899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InfoSphere Information Server", + "version": { + "version_data": [ + { + "version_value": "11.3" + }, + { + "version_value": "11.5" + }, + { + "version_value": "11.7" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10744029", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10744029" - }, - { - "name" : "ibm-infosphere-cve20181899-improper-access(152528)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an attacker to change one of the settings related to InfoSphere Business Glossary Anywhere due to improper access control. IBM X-Force ID: 152528." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "A", + "C": "N", + "I": "L", + "PR": "N", + "S": "U", + "SCORE": "4.300", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10744029", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10744029" + }, + { + "name": "ibm-infosphere-cve20181899-improper-access(152528)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152528" + } + ] + } +} \ No newline at end of file