diff --git a/2001/0xxx/CVE-2001-0052.json b/2001/0xxx/CVE-2001-0052.json index b0b861244bf..fce1219b97c 100644 --- a/2001/0xxx/CVE-2001-0052.json +++ b/2001/0xxx/CVE-2001-0052.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 Universal Database version 6.1 allows users to cause a denial of service via a malformed query." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001205 IBM DB2 SQL DOS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/149207" - }, - { - "name" : "2067", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2067" - }, - { - "name" : "ibm-db2-dos(5664)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5664" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 Universal Database version 6.1 allows users to cause a denial of service via a malformed query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-db2-dos(5664)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5664" + }, + { + "name": "2067", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2067" + }, + { + "name": "20001205 IBM DB2 SQL DOS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/149207" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0127.json b/2001/0xxx/CVE-2001-0127.json index b70cb13edd1..247cf501ceb 100644 --- a/2001/0xxx/CVE-2001-0127.json +++ b/2001/0xxx/CVE-2001-0127.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Olivier Debon Flash plugin (not the Macromedia plugin) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long DefineSound tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010115 Flash plugin write-overflow", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-01/0236.html" - }, - { - "name" : "VU#451096", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/451096" - }, - { - "name" : "2214", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Olivier Debon Flash plugin (not the Macromedia plugin) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long DefineSound tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010115 Flash plugin write-overflow", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-01/0236.html" + }, + { + "name": "VU#451096", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/451096" + }, + { + "name": "2214", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2214" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0177.json b/2001/0xxx/CVE-2001-0177.json index 92d350d9e2c..dd094dc7996 100644 --- a/2001/0xxx/CVE-2001-0177.json +++ b/2001/0xxx/CVE-2001-0177.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebMaster ConferenceRoom 1.8.1 allows remote attackers to cause a denial of service via a buddy relationship between the IRC server and a server clone." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010110 Vulnerable: Conference Room Professional-Developer Edititon.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/155388" - }, - { - "name" : "2178", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2178" - }, - { - "name" : "conferenceroom-developer-dos(5909)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5909" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebMaster ConferenceRoom 1.8.1 allows remote attackers to cause a denial of service via a buddy relationship between the IRC server and a server clone." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010110 Vulnerable: Conference Room Professional-Developer Edititon.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/155388" + }, + { + "name": "2178", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2178" + }, + { + "name": "conferenceroom-developer-dos(5909)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5909" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0313.json b/2001/0xxx/CVE-2001-0313.json index 12e19307b68..b447f72c28b 100644 --- a/2001/0xxx/CVE-2001-0313.json +++ b/2001/0xxx/CVE-2001-0313.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Borderware Firewall Server 6.1.2 allows remote attackers to cause a denial of service via a ping to the broadcast address of the public network on which the server is placed, which causes the server to continuously send pings (echo requests) to the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010126 Borderware v6.1.2 ping DoS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98053139231392&w=2" - }, - { - "name" : "borderware-ping-dos(6004)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Borderware Firewall Server 6.1.2 allows remote attackers to cause a denial of service via a ping to the broadcast address of the public network on which the server is placed, which causes the server to continuously send pings (echo requests) to the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010126 Borderware v6.1.2 ping DoS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98053139231392&w=2" + }, + { + "name": "borderware-ping-dos(6004)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6004" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0735.json b/2001/0xxx/CVE-2001-0735.json index c1871f04a42..47adb238165 100644 --- a/2001/0xxx/CVE-2001-0735.json +++ b/2001/0xxx/CVE-2001-0735.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010621 cfingerd local vulnerability (possibly root)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/192844" - }, - { - "name" : "20010711 Another exploit for cfingerd <= 1.4.3-8", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/01071120191900.00788@localhost.localdomain" - }, - { - "name" : "DSA-066", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2001/dsa-066" - }, - { - "name" : "2914", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2914" - }, - { - "name" : "cfingerd-util-bo(6744)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2914", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2914" + }, + { + "name": "DSA-066", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2001/dsa-066" + }, + { + "name": "cfingerd-util-bo(6744)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6744" + }, + { + "name": "20010711 Another exploit for cfingerd <= 1.4.3-8", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/01071120191900.00788@localhost.localdomain" + }, + { + "name": "20010621 cfingerd local vulnerability (possibly root)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/192844" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0434.json b/2008/0xxx/CVE-2008-0434.json index fff19c4e9a6..4deba5e2d83 100644 --- a/2008/0xxx/CVE-2008-0434.json +++ b/2008/0xxx/CVE-2008-0434.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the AXIMilter module in AXIGEN Mail Server 5.0.2 allows remote attackers to execute arbitrary code via format string specifiers in the CNHO command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080120 AXIGEN 5.0.x AXIMilter Format String Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/486722/100/0/threaded" - }, - { - "name" : "20080120 AXIGEN 5.0.x AXIMilter Format String Exploit", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059788.html" - }, - { - "name" : "4947", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4947" - }, - { - "name" : "27363", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27363" - }, - { - "name" : "ADV-2008-0237", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0237" - }, - { - "name" : "28562", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28562" - }, - { - "name" : "3570", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3570" - }, - { - "name" : "axigen-aximilter-format-string(39803)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the AXIMilter module in AXIGEN Mail Server 5.0.2 allows remote attackers to execute arbitrary code via format string specifiers in the CNHO command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3570", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3570" + }, + { + "name": "27363", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27363" + }, + { + "name": "4947", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4947" + }, + { + "name": "20080120 AXIGEN 5.0.x AXIMilter Format String Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/486722/100/0/threaded" + }, + { + "name": "axigen-aximilter-format-string(39803)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39803" + }, + { + "name": "20080120 AXIGEN 5.0.x AXIMilter Format String Exploit", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059788.html" + }, + { + "name": "28562", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28562" + }, + { + "name": "ADV-2008-0237", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0237" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1485.json b/2008/1xxx/CVE-2008-1485.json index 2374ebf850d..0d6109a57d9 100644 --- a/2008/1xxx/CVE-2008-1485.json +++ b/2008/1xxx/CVE-2008-1485.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt", - "refsource" : "CONFIRM", - "url" : "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt" - }, - { - "name" : "45561", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45561" - }, - { - "name" : "29043", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29043" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29043", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29043" + }, + { + "name": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt", + "refsource": "CONFIRM", + "url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt" + }, + { + "name": "45561", + "refsource": "OSVDB", + "url": "http://osvdb.org/45561" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1584.json b/2008/1xxx/CVE-2008-1584.json index ef2e3aebed6..9bcbb382e54 100644 --- a/2008/1xxx/CVE-2008-1584.json +++ b/2008/1xxx/CVE-2008-1584.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted Indeo video codec content in a movie file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080610 ZDI-08-037: Apple QuickTime Indeo Video Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493247/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-037/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-037/" - }, - { - "name" : "http://support.apple.com/kb/HT1991", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT1991" - }, - { - "name" : "APPLE-SA-2008-06-09", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html" - }, - { - "name" : "TA08-162C", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-162C.html" - }, - { - "name" : "29619", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29619" - }, - { - "name" : "29652", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29652" - }, - { - "name" : "ADV-2008-1776", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1776/references" - }, - { - "name" : "1020216", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020216" - }, - { - "name" : "29293", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29293" - }, - { - "name" : "quicktime-indeo-video-bo(42947)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42947" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted Indeo video codec content in a movie file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080610 ZDI-08-037: Apple QuickTime Indeo Video Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493247/100/0/threaded" + }, + { + "name": "TA08-162C", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-162C.html" + }, + { + "name": "1020216", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020216" + }, + { + "name": "quicktime-indeo-video-bo(42947)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42947" + }, + { + "name": "APPLE-SA-2008-06-09", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html" + }, + { + "name": "29293", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29293" + }, + { + "name": "29652", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29652" + }, + { + "name": "ADV-2008-1776", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1776/references" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-037/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-037/" + }, + { + "name": "29619", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29619" + }, + { + "name": "http://support.apple.com/kb/HT1991", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT1991" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1905.json b/2008/1xxx/CVE-2008-1905.json index f4ba328acbe..19acea3160a 100644 --- a/2008/1xxx/CVE-2008-1905.json +++ b/2008/1xxx/CVE-2008-1905.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NMMediaServer.exe in Nero MediaHome 3.3.3.0 and earlier, as used in Nero 8.3.2.1 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long HTTP request to TCP port 54444, a different vector than CVE-2007-2322." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/neromedia-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/neromedia-adv.txt" - }, - { - "name" : "28775", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28775" - }, - { - "name" : "ADV-2008-1216", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1216/references" - }, - { - "name" : "29808", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29808" - }, - { - "name" : "nero-nmmediaserver-dos(41795)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41795" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NMMediaServer.exe in Nero MediaHome 3.3.3.0 and earlier, as used in Nero 8.3.2.1 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long HTTP request to TCP port 54444, a different vector than CVE-2007-2322." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/neromedia-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/neromedia-adv.txt" + }, + { + "name": "ADV-2008-1216", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1216/references" + }, + { + "name": "28775", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28775" + }, + { + "name": "29808", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29808" + }, + { + "name": "nero-nmmediaserver-dos(41795)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41795" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5256.json b/2008/5xxx/CVE-2008-5256.json index 95c426246c4..b36198baa5c 100644 --- a/2008/5xxx/CVE-2008-5256.json +++ b/2008/5xxx/CVE-2008-5256.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504149", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504149" - }, - { - "name" : "http://www.virtualbox.org/changeset?new=trunk%2Fsrc%2Flibs%2Fxpcom18a4%2Fipc%2Fipcd%2Fdaemon%2Fsrc%2FipcdUnix.cpp%4013810", - "refsource" : "CONFIRM", - "url" : "http://www.virtualbox.org/changeset?new=trunk%2Fsrc%2Flibs%2Fxpcom18a4%2Fipc%2Fipcd%2Fdaemon%2Fsrc%2FipcdUnix.cpp%4013810" - }, - { - "name" : "http://www.virtualbox.org/wiki/Changelog", - "refsource" : "CONFIRM", - "url" : "http://www.virtualbox.org/wiki/Changelog" - }, - { - "name" : "MDVSA-2009:011", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:011" - }, - { - "name" : "247326", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-247326-1" - }, - { - "name" : "SUSE-SR:2009:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" - }, - { - "name" : "32444", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32444" - }, - { - "name" : "1021384", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021384" - }, - { - "name" : "ADV-2008-3410", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3410" - }, - { - "name" : "32851", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32851" - }, - { - "name" : "sun-virtualbox-ipcdunix-symlink(46826)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46826" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "247326", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-247326-1" + }, + { + "name": "http://www.virtualbox.org/wiki/Changelog", + "refsource": "CONFIRM", + "url": "http://www.virtualbox.org/wiki/Changelog" + }, + { + "name": "32851", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32851" + }, + { + "name": "http://www.virtualbox.org/changeset?new=trunk%2Fsrc%2Flibs%2Fxpcom18a4%2Fipc%2Fipcd%2Fdaemon%2Fsrc%2FipcdUnix.cpp%4013810", + "refsource": "CONFIRM", + "url": "http://www.virtualbox.org/changeset?new=trunk%2Fsrc%2Flibs%2Fxpcom18a4%2Fipc%2Fipcd%2Fdaemon%2Fsrc%2FipcdUnix.cpp%4013810" + }, + { + "name": "ADV-2008-3410", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3410" + }, + { + "name": "1021384", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021384" + }, + { + "name": "SUSE-SR:2009:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504149", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504149" + }, + { + "name": "sun-virtualbox-ipcdunix-symlink(46826)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46826" + }, + { + "name": "32444", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32444" + }, + { + "name": "MDVSA-2009:011", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:011" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5593.json b/2008/5xxx/CVE-2008-5593.json index ff8f05e06f8..28f8d8abb63 100644 --- a/2008/5xxx/CVE-2008-5593.json +++ b/2008/5xxx/CVE-2008-5593.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in index.php in Mini CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7375", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7375" - }, - { - "name" : "32680", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32680" - }, - { - "name" : "33024", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33024" - }, - { - "name" : "4750", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4750" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in index.php in Mini CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7375", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7375" + }, + { + "name": "4750", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4750" + }, + { + "name": "32680", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32680" + }, + { + "name": "33024", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33024" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5812.json b/2008/5xxx/CVE-2008-5812.json index 4c24be348b3..1a796904fca 100644 --- a/2008/5xxx/CVE-2008-5812.json +++ b/2008/5xxx/CVE-2008-5812.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2", - "refsource" : "CONFIRM", - "url" : "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2" - }, - { - "name" : "33061", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33061" - }, - { - "name" : "33307", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33307" - }, - { - "name" : "spip-multiple-unspecified(47695)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47695" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33307", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33307" + }, + { + "name": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2", + "refsource": "CONFIRM", + "url": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2" + }, + { + "name": "spip-multiple-unspecified(47695)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47695" + }, + { + "name": "33061", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33061" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5818.json b/2008/5xxx/CVE-2008-5818.json index 1fb7b628d10..59ae09fe349 100644 --- a/2008/5xxx/CVE-2008-5818.json +++ b/2008/5xxx/CVE-2008-5818.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in eDreamers eDContainer 2.22, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lg parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7604", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7604" - }, - { - "name" : "33026", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33026" - }, - { - "name" : "33335", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33335" - }, - { - "name" : "4861", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4861" - }, - { - "name" : "edcontainer-index-file-include(47609)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in eDreamers eDContainer 2.22, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lg parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4861", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4861" + }, + { + "name": "33026", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33026" + }, + { + "name": "7604", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7604" + }, + { + "name": "edcontainer-index-file-include(47609)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47609" + }, + { + "name": "33335", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33335" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5877.json b/2008/5xxx/CVE-2008-5877.json index 1f33425ee92..0eb7840bd06 100644 --- a/2008/5xxx/CVE-2008-5877.json +++ b/2008/5xxx/CVE-2008-5877.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) form_id parameter to pcw/processforms.php, (3) pcwlogin and (4) pcw_pass parameters to pcw/setlogin.php, (5) searchvalue parameter to pcw/downloads.php, and the (6) searchvalue and (7) whichfield parameter to pcw/downloads.php, a different vector than CVE-2006-0444." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7515", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7515" - }, - { - "name" : "32915", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32915" - }, - { - "name" : "33211", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33211" - }, - { - "name" : "4881", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4881" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) form_id parameter to pcw/processforms.php, (3) pcwlogin and (4) pcw_pass parameters to pcw/setlogin.php, (5) searchvalue parameter to pcw/downloads.php, and the (6) searchvalue and (7) whichfield parameter to pcw/downloads.php, a different vector than CVE-2006-0444." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4881", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4881" + }, + { + "name": "7515", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7515" + }, + { + "name": "33211", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33211" + }, + { + "name": "32915", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32915" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0246.json b/2013/0xxx/CVE-2013-0246.json index 3ce0c35d47a..f0def169c47 100644 --- a/2013/0xxx/CVE-2013-0246.json +++ b/2013/0xxx/CVE-2013-0246.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130116 [Security-news] SA-CORE-2013-001 - Drupal core - Multiple vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Jan/120" - }, - { - "name" : "[oss-security] 20130130 Re: CVE", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q1/211" - }, - { - "name" : "http://packetstormsecurity.com/files/119598/Drupal-Core-6.x-7.x-Cross-Site-Scripting-Access-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/119598/Drupal-Core-6.x-7.x-Cross-Site-Scripting-Access-Bypass.html" - }, - { - "name" : "https://drupal.org/SA-CORE-2013-001", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/SA-CORE-2013-001" - }, - { - "name" : "51717", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51717" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/119598/Drupal-Core-6.x-7.x-Cross-Site-Scripting-Access-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/119598/Drupal-Core-6.x-7.x-Cross-Site-Scripting-Access-Bypass.html" + }, + { + "name": "[oss-security] 20130130 Re: CVE", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q1/211" + }, + { + "name": "20130116 [Security-news] SA-CORE-2013-001 - Drupal core - Multiple vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Jan/120" + }, + { + "name": "https://drupal.org/SA-CORE-2013-001", + "refsource": "CONFIRM", + "url": "https://drupal.org/SA-CORE-2013-001" + }, + { + "name": "51717", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51717" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0534.json b/2013/0xxx/CVE-2013-0534.json index 8fd38bb94ab..6ac73ebbcf6 100644 --- a/2013/0xxx/CVE-2013-0534.json +++ b/2013/0xxx/CVE-2013-0534.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and 8.5.2.1, as used in the Lotus Notes client and separately, might allow local users to obtain sensitive information by leveraging the persistence of cleartext password strings within process memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21635218", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21635218" - }, - { - "name" : "notes-cve20130534-info-disclosure(82656)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and 8.5.2.1, as used in the Lotus Notes client and separately, might allow local users to obtain sensitive information by leveraging the persistence of cleartext password strings within process memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21635218", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21635218" + }, + { + "name": "notes-cve20130534-info-disclosure(82656)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82656" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0725.json b/2013/0xxx/CVE-2013-0725.json index 9fdfbb37fb8..61e9f07df2a 100644 --- a/2013/0xxx/CVE-2013-0725.json +++ b/2013/0xxx/CVE-2013-0725.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0725", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0725", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3174.json b/2013/3xxx/CVE-2013-3174.json index 5639fb34918..cbad5fa79eb 100644 --- a/2013/3xxx/CVE-2013-3174.json +++ b/2013/3xxx/CVE-2013-3174.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka \"DirectShow Arbitrary Memory Overwrite Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-056", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-056" - }, - { - "name" : "TA13-190A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-190A" - }, - { - "name" : "oval:org.mitre.oval:def:16883", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16883" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka \"DirectShow Arbitrary Memory Overwrite Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-056", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-056" + }, + { + "name": "TA13-190A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-190A" + }, + { + "name": "oval:org.mitre.oval:def:16883", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16883" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3201.json b/2013/3xxx/CVE-2013-3201.json index b2fe5bd9281..c77ccfabe5f 100644 --- a/2013/3xxx/CVE-2013-3201.json +++ b/2013/3xxx/CVE-2013-3201.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3203, CVE-2013-3206, CVE-2013-3207, and CVE-2013-3209." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-069", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-069" - }, - { - "name" : "TA13-253A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-253A" - }, - { - "name" : "oval:org.mitre.oval:def:18651", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3203, CVE-2013-3206, CVE-2013-3207, and CVE-2013-3209." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-069", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-069" + }, + { + "name": "TA13-253A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-253A" + }, + { + "name": "oval:org.mitre.oval:def:18651", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18651" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3303.json b/2013/3xxx/CVE-2013-3303.json index 93cd7dc0bc8..994a5afe7e6 100644 --- a/2013/3xxx/CVE-2013-3303.json +++ b/2013/3xxx/CVE-2013-3303.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3303", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3303", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3388.json b/2013/3xxx/CVE-2013-3388.json index a5970200b4d..2c887f16796 100644 --- a/2013/3xxx/CVE-2013-3388.json +++ b/2013/3xxx/CVE-2013-3388.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets to port 44444, aka Bug ID CSCtz92776." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-3388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130821 Cisco Prime Central for Hosted Collaboration Solution Assurance Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-hcm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets to port 44444, aka Bug ID CSCtz92776." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130821 Cisco Prime Central for Hosted Collaboration Solution Assurance Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-hcm" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3571.json b/2013/3xxx/CVE-2013-3571.json index 7a8a811c464..8445c022f34 100644 --- a/2013/3xxx/CVE-2013-3571.json +++ b/2013/3xxx/CVE-2013-3571.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130526 socat security advisory 4 - CVE-2013-3571", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/05/26/1" - }, - { - "name" : "http://www.dest-unreach.org/socat/contrib/socat-secadv4.html", - "refsource" : "CONFIRM", - "url" : "http://www.dest-unreach.org/socat/contrib/socat-secadv4.html" - }, - { - "name" : "MDVSA-2013:169", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:169" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.dest-unreach.org/socat/contrib/socat-secadv4.html", + "refsource": "CONFIRM", + "url": "http://www.dest-unreach.org/socat/contrib/socat-secadv4.html" + }, + { + "name": "MDVSA-2013:169", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:169" + }, + { + "name": "[oss-security] 20130526 socat security advisory 4 - CVE-2013-3571", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/05/26/1" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4271.json b/2013/4xxx/CVE-2013-4271.json index ef703b133a7..b09076abf74 100644 --- a/2013/4xxx/CVE-2013-4271.json +++ b/2013/4xxx/CVE-2013-4271.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://restlet.org/learn/2.1/changes", - "refsource" : "CONFIRM", - "url" : "http://restlet.org/learn/2.1/changes" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=999735", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=999735" - }, - { - "name" : "https://github.com/restlet/restlet-framework-java/issues/778", - "refsource" : "CONFIRM", - "url" : "https://github.com/restlet/restlet-framework-java/issues/778" - }, - { - "name" : "RHSA-2013:1410", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1410.html" - }, - { - "name" : "RHSA-2013:1862", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1862.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1862", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1862.html" + }, + { + "name": "https://github.com/restlet/restlet-framework-java/issues/778", + "refsource": "CONFIRM", + "url": "https://github.com/restlet/restlet-framework-java/issues/778" + }, + { + "name": "http://restlet.org/learn/2.1/changes", + "refsource": "CONFIRM", + "url": "http://restlet.org/learn/2.1/changes" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=999735", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=999735" + }, + { + "name": "RHSA-2013:1410", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1410.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4350.json b/2013/4xxx/CVE-2013-4350.json index dbde873593c..ebadb9bfc6a 100644 --- a/2013/4xxx/CVE-2013-4350.json +++ b/2013/4xxx/CVE-2013-4350.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130913 Re: CVE request -- Linux kernel: net: sctp: ipv6 ipsec encryption bug in sctp_v6_xmit", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/09/13/3" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=95ee62083cb6453e056562d91f597552021e6ae7", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=95ee62083cb6453e056562d91f597552021e6ae7" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1007872", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1007872" - }, - { - "name" : "https://github.com/torvalds/linux/commit/95ee62083cb6453e056562d91f597552021e6ae7", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/95ee62083cb6453e056562d91f597552021e6ae7" - }, - { - "name" : "RHSA-2013:1490", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1490.html" - }, - { - "name" : "USN-2041-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2041-1" - }, - { - "name" : "USN-2045-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2045-1" - }, - { - "name" : "USN-2049-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2049-1" - }, - { - "name" : "USN-2019-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2019-1" - }, - { - "name" : "USN-2021-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2021-1" - }, - { - "name" : "USN-2022-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2022-1" - }, - { - "name" : "USN-2024-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2024-1" - }, - { - "name" : "USN-2038-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2038-1" - }, - { - "name" : "USN-2039-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2039-1" - }, - { - "name" : "USN-2050-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2050-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/95ee62083cb6453e056562d91f597552021e6ae7", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/95ee62083cb6453e056562d91f597552021e6ae7" + }, + { + "name": "USN-2024-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2024-1" + }, + { + "name": "[oss-security] 20130913 Re: CVE request -- Linux kernel: net: sctp: ipv6 ipsec encryption bug in sctp_v6_xmit", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/09/13/3" + }, + { + "name": "RHSA-2013:1490", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html" + }, + { + "name": "USN-2039-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2039-1" + }, + { + "name": "USN-2022-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2022-1" + }, + { + "name": "USN-2038-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2038-1" + }, + { + "name": "USN-2021-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2021-1" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=95ee62083cb6453e056562d91f597552021e6ae7", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=95ee62083cb6453e056562d91f597552021e6ae7" + }, + { + "name": "USN-2019-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2019-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1007872", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007872" + }, + { + "name": "USN-2049-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2049-1" + }, + { + "name": "USN-2045-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2045-1" + }, + { + "name": "USN-2050-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2050-1" + }, + { + "name": "USN-2041-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2041-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4577.json b/2013/4xxx/CVE-2013-4577.json index f464e5154d4..f9124fb2ddc 100644 --- a/2013/4xxx/CVE-2013-4577.json +++ b/2013/4xxx/CVE-2013-4577.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131114 CVE Request: grub-mkconfig", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q4/291" - }, - { - "name" : "[oss-security] 20131114 Re: CVE Request: grub-mkconfig", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q4/292" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632598", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632598" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632598", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632598" + }, + { + "name": "[oss-security] 20131114 CVE Request: grub-mkconfig", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q4/291" + }, + { + "name": "[oss-security] 20131114 Re: CVE Request: grub-mkconfig", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q4/292" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7039.json b/2013/7xxx/CVE-2013-7039.json index 4cb467f60bb..171eb54b1b4 100644 --- a/2013/7xxx/CVE-2013-7039.json +++ b/2013/7xxx/CVE-2013-7039.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131209 Re: CVE request: two issues in libmicro", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/12/09/11" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=493450", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=493450" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1039390", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1039390" - }, - { - "name" : "https://gnunet.org/svn/libmicrohttpd/ChangeLog", - "refsource" : "CONFIRM", - "url" : "https://gnunet.org/svn/libmicrohttpd/ChangeLog" - }, - { - "name" : "GLSA-201402-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201402-01.xml" - }, - { - "name" : "64138", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64138" - }, - { - "name" : "55903", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55903" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1039390", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039390" + }, + { + "name": "64138", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64138" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=493450", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=493450" + }, + { + "name": "GLSA-201402-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201402-01.xml" + }, + { + "name": "https://gnunet.org/svn/libmicrohttpd/ChangeLog", + "refsource": "CONFIRM", + "url": "https://gnunet.org/svn/libmicrohttpd/ChangeLog" + }, + { + "name": "[oss-security] 20131209 Re: CVE request: two issues in libmicro", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/12/09/11" + }, + { + "name": "55903", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55903" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12596.json b/2017/12xxx/CVE-2017-12596.json index da11c0eeedc..025696e1815 100644 --- a/2017/12xxx/CVE-2017-12596.json +++ b/2017/12xxx/CVE-2017-12596.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/openexr/openexr/issues/238", - "refsource" : "MISC", - "url" : "https://github.com/openexr/openexr/issues/238" - }, - { - "name" : "https://github.com/xiaoqx/pocs/blob/master/openexr.md", - "refsource" : "MISC", - "url" : "https://github.com/xiaoqx/pocs/blob/master/openexr.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/xiaoqx/pocs/blob/master/openexr.md", + "refsource": "MISC", + "url": "https://github.com/xiaoqx/pocs/blob/master/openexr.md" + }, + { + "name": "https://github.com/openexr/openexr/issues/238", + "refsource": "MISC", + "url": "https://github.com/openexr/openexr/issues/238" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12612.json b/2017/12xxx/CVE-2017-12612.json index ba288493744..e8f5a82407c 100644 --- a/2017/12xxx/CVE-2017-12612.json +++ b/2017/12xxx/CVE-2017-12612.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2017-12612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user account on the local machine. It does not affect apps run by spark-submit or spark-shell. The attacker would be able to execute code as the user that ran the Spark application. Users are encouraged to update to version 2.2.0 or later." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2017-12612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://mail-archives.apache.org/mod_mbox/spark-dev/201709.mbox/%3CCAEccTyy-1yYuhdNgkBUg0sr9NeaZSrBKkBePdTNZbxXZNTAR-g%40mail.gmail.com%3E", - "refsource" : "MISC", - "url" : "https://mail-archives.apache.org/mod_mbox/spark-dev/201709.mbox/%3CCAEccTyy-1yYuhdNgkBUg0sr9NeaZSrBKkBePdTNZbxXZNTAR-g%40mail.gmail.com%3E" - }, - { - "name" : "100823", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user account on the local machine. It does not affect apps run by spark-submit or spark-shell. The attacker would be able to execute code as the user that ran the Spark application. Users are encouraged to update to version 2.2.0 or later." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100823", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100823" + }, + { + "name": "https://mail-archives.apache.org/mod_mbox/spark-dev/201709.mbox/%3CCAEccTyy-1yYuhdNgkBUg0sr9NeaZSrBKkBePdTNZbxXZNTAR-g%40mail.gmail.com%3E", + "refsource": "MISC", + "url": "https://mail-archives.apache.org/mod_mbox/spark-dev/201709.mbox/%3CCAEccTyy-1yYuhdNgkBUg0sr9NeaZSrBKkBePdTNZbxXZNTAR-g%40mail.gmail.com%3E" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12854.json b/2017/12xxx/CVE-2017-12854.json index 99cc43d70ed..02423b30dc3 100644 --- a/2017/12xxx/CVE-2017-12854.json +++ b/2017/12xxx/CVE-2017-12854.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12854", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12854", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12865.json b/2017/12xxx/CVE-2017-12865.json index 2991ae20be8..9446ae9bd41 100644 --- a/2017/12xxx/CVE-2017-12865.json +++ b/2017/12xxx/CVE-2017-12865.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12865", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in \"dnsproxy.c\" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the \"name\" variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.nri-secure.com/blog/new-iot-vulnerability-connmando", - "refsource" : "MISC", - "url" : "https://www.nri-secure.com/blog/new-iot-vulnerability-connmando" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1483720", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1483720" - }, - { - "name" : "https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71", - "refsource" : "CONFIRM", - "url" : "https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71" - }, - { - "name" : "https://01.org/security/intel-oss-10001/intel-oss-10001", - "refsource" : "CONFIRM", - "url" : "https://01.org/security/intel-oss-10001/intel-oss-10001" - }, - { - "name" : "DSA-3956", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3956" - }, - { - "name" : "GLSA-201812-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201812-02" - }, - { - "name" : "100498", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in \"dnsproxy.c\" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the \"name\" variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://01.org/security/intel-oss-10001/intel-oss-10001", + "refsource": "CONFIRM", + "url": "https://01.org/security/intel-oss-10001/intel-oss-10001" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1483720", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1483720" + }, + { + "name": "GLSA-201812-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201812-02" + }, + { + "name": "https://www.nri-secure.com/blog/new-iot-vulnerability-connmando", + "refsource": "MISC", + "url": "https://www.nri-secure.com/blog/new-iot-vulnerability-connmando" + }, + { + "name": "100498", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100498" + }, + { + "name": "https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71", + "refsource": "CONFIRM", + "url": "https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71" + }, + { + "name": "DSA-3956", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3956" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12905.json b/2017/12xxx/CVE-2017-12905.json index 6ec306e8b22..c734142a144 100644 --- a/2017/12xxx/CVE-2017-12905.json +++ b/2017/12xxx/CVE-2017-12905.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170921 Pixie image Editor SSRF vulnerability for CVE-2017-12905", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Sep/47" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20170921 Pixie image Editor SSRF vulnerability for CVE-2017-12905", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Sep/47" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13063.json b/2017/13xxx/CVE-2017-13063.json index 8f72fc148f1..6f700f61bbf 100644 --- a/2017/13xxx/CVE-2017-13063.json +++ b/2017/13xxx/CVE-2017-13063.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html" - }, - { - "name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a", - "refsource" : "CONFIRM", - "url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a" - }, - { - "name" : "https://sourceforge.net/p/graphicsmagick/bugs/434/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/graphicsmagick/bugs/434/" - }, - { - "name" : "DSA-4321", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4321", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4321" + }, + { + "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html" + }, + { + "name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a", + "refsource": "CONFIRM", + "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a" + }, + { + "name": "https://sourceforge.net/p/graphicsmagick/bugs/434/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/graphicsmagick/bugs/434/" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13381.json b/2017/13xxx/CVE-2017-13381.json index 7e72d58a115..e3fe5c328f3 100644 --- a/2017/13xxx/CVE-2017-13381.json +++ b/2017/13xxx/CVE-2017-13381.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13381", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13381", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13414.json b/2017/13xxx/CVE-2017-13414.json index eb93c592055..50a65ee1a5a 100644 --- a/2017/13xxx/CVE-2017-13414.json +++ b/2017/13xxx/CVE-2017-13414.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13414", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13414", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13474.json b/2017/13xxx/CVE-2017-13474.json index ccefd95320b..c0a34869af4 100644 --- a/2017/13xxx/CVE-2017-13474.json +++ b/2017/13xxx/CVE-2017-13474.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13474", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13474", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13685.json b/2017/13xxx/CVE-2017-13685.json index 145f1920770..c3492025aa7 100644 --- a/2017/13xxx/CVE-2017-13685.json +++ b/2017/13xxx/CVE-2017-13685.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html", - "refsource" : "MISC", - "url" : "http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html" - }, - { - "name" : "100521", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100521" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html", + "refsource": "MISC", + "url": "http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html" + }, + { + "name": "100521", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100521" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16028.json b/2017/16xxx/CVE-2017-16028.json index 45b2f0c303a..981356cf5df 100644 --- a/2017/16xxx/CVE-2017-16028.json +++ b/2017/16xxx/CVE-2017-16028.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "react-native-meteor-oauth node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random())." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use of Insufficiently Random Values (CWE-330)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "react-native-meteor-oauth node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/tableflip/react-native-meteor-oauth/blob/a7eb738b74c469f5db20296b44b7cae4e2337435/src/meteor-oauth.js#L66", - "refsource" : "MISC", - "url" : "https://github.com/tableflip/react-native-meteor-oauth/blob/a7eb738b74c469f5db20296b44b7cae4e2337435/src/meteor-oauth.js#L66" - }, - { - "name" : "https://nodesecurity.io/advisories/157", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/157" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random())." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of Insufficiently Random Values (CWE-330)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tableflip/react-native-meteor-oauth/blob/a7eb738b74c469f5db20296b44b7cae4e2337435/src/meteor-oauth.js#L66", + "refsource": "MISC", + "url": "https://github.com/tableflip/react-native-meteor-oauth/blob/a7eb738b74c469f5db20296b44b7cae4e2337435/src/meteor-oauth.js#L66" + }, + { + "name": "https://nodesecurity.io/advisories/157", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/157" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16085.json b/2017/16xxx/CVE-2017-16085.json index bbae1b5e48c..befc01d97ec 100644 --- a/2017/16xxx/CVE-2017-16085.json +++ b/2017/16xxx/CVE-2017-16085.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "tinyserver2 node module", - "version" : { - "version_data" : [ - { - "version_value" : "<=0.5.2" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tinyserver2 is a webserver for static files. tinyserver2 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tinyserver2 node module", + "version": { + "version_data": [ + { + "version_value": "<=0.5.2" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/tinyserver2", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/tinyserver2" - }, - { - "name" : "https://nodesecurity.io/advisories/371", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/371" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tinyserver2 is a webserver for static files. tinyserver2 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/tinyserver2", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/tinyserver2" + }, + { + "name": "https://nodesecurity.io/advisories/371", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/371" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17121.json b/2017/17xxx/CVE-2017-17121.json index 10c9c7d417f..28d28472e04 100644 --- a/2017/17xxx/CVE-2017-17121.json +++ b/2017/17xxx/CVE-2017-17121.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22506", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22506" - }, - { - "name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b23dc97fe237a1d9e850d7cbeee066183a00630b", - "refsource" : "MISC", - "url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b23dc97fe237a1d9e850d7cbeee066183a00630b" - }, - { - "name" : "GLSA-201811-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-17" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22506", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22506" + }, + { + "name": "GLSA-201811-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-17" + }, + { + "name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b23dc97fe237a1d9e850d7cbeee066183a00630b", + "refsource": "MISC", + "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b23dc97fe237a1d9e850d7cbeee066183a00630b" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17270.json b/2017/17xxx/CVE-2017-17270.json index 3fba9efc9b0..282c6b47477 100644 --- a/2017/17xxx/CVE-2017-17270.json +++ b/2017/17xxx/CVE-2017-17270.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17270", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17270", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17317.json b/2017/17xxx/CVE-2017-17317.json index 9203561b0af..02dcbec1310 100644 --- a/2017/17xxx/CVE-2017-17317.json +++ b/2017/17xxx/CVE-2017-17317.json @@ -1,158 +1,158 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-17317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DP300; IPS Module; NGFW Module; RP200; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60", - "version" : { - "version_data" : [ - { - "version_value" : "USG6300 V100R001C10" - }, - { - "version_value" : "V100R001C20" - }, - { - "version_value" : "V100R001C30" - }, - { - "version_value" : "V500R001C00" - }, - { - "version_value" : "V500R001C20" - }, - { - "version_value" : "V500R001C30" - }, - { - "version_value" : "V500R001C50" - }, - { - "version_value" : "Secospace USG6500 V100R001C10" - }, - { - "version_value" : "V100R001C20" - }, - { - "version_value" : "V100R001C30" - }, - { - "version_value" : "V500R001C00" - }, - { - "version_value" : "V500R001C20" - }, - { - "version_value" : "V500R001C30" - }, - { - "version_value" : "V500R001C50" - }, - { - "version_value" : "Secospace USG6600 V100R001C00" - }, - { - "version_value" : "V100R001C20" - }, - { - "version_value" : "V100R001C30" - }, - { - "version_value" : "V500R001C00" - }, - { - "version_value" : "V500R001C20" - }, - { - "version_value" : "V500R001C30" - }, - { - "version_value" : "V500R001C50" - }, - { - "version_value" : "TE30 V100R001C02" - }, - { - "version_value" : "V100R001C10" - }, - { - "version_value" : "V500R002C00" - }, - { - "version_value" : "V600R006C00" - }, - { - "version_value" : "TE40 V500R002C00" - }, - { - "version_value" : "V600R006C00" - }, - { - "version_value" : "TE50 V500R002C00" - }, - { - "version_value" : "V600R006C00" - }, - { - "version_value" : "TE60 V100R001C01" - }, - { - "version_value" : "V100R001C10" - }, - { - "version_value" : "V500R002C00" - }, - { - "version_value" : "V600R006C00" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Common Open Policy Service Protocol (COPS) module in Huawei USG6300 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6500 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6600 V100R001C00; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00 has a buffer overflow vulnerability. An unauthenticated, remote attacker has to control the peer device and send specially crafted message to the affected products. Due to insufficient input validation, successful exploit may cause some services abnormal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-17317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DP300; IPS Module; NGFW Module; RP200; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60", + "version": { + "version_data": [ + { + "version_value": "USG6300 V100R001C10" + }, + { + "version_value": "V100R001C20" + }, + { + "version_value": "V100R001C30" + }, + { + "version_value": "V500R001C00" + }, + { + "version_value": "V500R001C20" + }, + { + "version_value": "V500R001C30" + }, + { + "version_value": "V500R001C50" + }, + { + "version_value": "Secospace USG6500 V100R001C10" + }, + { + "version_value": "V100R001C20" + }, + { + "version_value": "V100R001C30" + }, + { + "version_value": "V500R001C00" + }, + { + "version_value": "V500R001C20" + }, + { + "version_value": "V500R001C30" + }, + { + "version_value": "V500R001C50" + }, + { + "version_value": "Secospace USG6600 V100R001C00" + }, + { + "version_value": "V100R001C20" + }, + { + "version_value": "V100R001C30" + }, + { + "version_value": "V500R001C00" + }, + { + "version_value": "V500R001C20" + }, + { + "version_value": "V500R001C30" + }, + { + "version_value": "V500R001C50" + }, + { + "version_value": "TE30 V100R001C02" + }, + { + "version_value": "V100R001C10" + }, + { + "version_value": "V500R002C00" + }, + { + "version_value": "V600R006C00" + }, + { + "version_value": "TE40 V500R002C00" + }, + { + "version_value": "V600R006C00" + }, + { + "version_value": "TE50 V500R002C00" + }, + { + "version_value": "V600R006C00" + }, + { + "version_value": "TE60 V100R001C01" + }, + { + "version_value": "V100R001C10" + }, + { + "version_value": "V500R002C00" + }, + { + "version_value": "V600R006C00" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180630-01-cops-en", - "refsource" : "CONFIRM", - "url" : "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180630-01-cops-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Common Open Policy Service Protocol (COPS) module in Huawei USG6300 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6500 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6600 V100R001C00; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00 has a buffer overflow vulnerability. An unauthenticated, remote attacker has to control the peer device and send specially crafted message to the affected products. Due to insufficient input validation, successful exploit may cause some services abnormal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180630-01-cops-en", + "refsource": "CONFIRM", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180630-01-cops-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17798.json b/2017/17xxx/CVE-2017-17798.json index 95931922ebc..af1fdbec520 100644 --- a/2017/17xxx/CVE-2017-17798.json +++ b/2017/17xxx/CVE-2017-17798.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In TG Soft Vir.IT eXplorer Lite 8.5.42, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273A0A0, a different vulnerability than CVE-2017-17800." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x8273A0A0", - "refsource" : "MISC", - "url" : "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x8273A0A0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In TG Soft Vir.IT eXplorer Lite 8.5.42, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273A0A0, a different vulnerability than CVE-2017-17800." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x8273A0A0", + "refsource": "MISC", + "url": "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x8273A0A0" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17912.json b/2017/17xxx/CVE-2017-17912.json index 59437fa3bdd..90c26df60c7 100644 --- a/2017/17xxx/CVE-2017-17912.json +++ b/2017/17xxx/CVE-2017-17912.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180108 [SECURITY] [DLA 1231-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html" - }, - { - "name" : "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html" - }, - { - "name" : "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/0d871e813a4f", - "refsource" : "CONFIRM", - "url" : "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/0d871e813a4f" - }, - { - "name" : "https://sourceforge.net/p/graphicsmagick/bugs/533/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/graphicsmagick/bugs/533/" - }, - { - "name" : "DSA-4321", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4321", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4321" + }, + { + "name": "https://sourceforge.net/p/graphicsmagick/bugs/533/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/graphicsmagick/bugs/533/" + }, + { + "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html" + }, + { + "name": "[debian-lts-announce] 20180108 [SECURITY] [DLA 1231-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html" + }, + { + "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/0d871e813a4f", + "refsource": "CONFIRM", + "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/0d871e813a4f" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18214.json b/2018/18xxx/CVE-2018-18214.json index 1c73e45e8e2..984b481df8d 100644 --- a/2018/18xxx/CVE-2018-18214.json +++ b/2018/18xxx/CVE-2018-18214.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18214", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18214", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18498.json b/2018/18xxx/CVE-2018-18498.json index e82d9cdd1b0..cc365c5ea4d 100644 --- a/2018/18xxx/CVE-2018-18498.json +++ b/2018/18xxx/CVE-2018-18498.json @@ -1,155 +1,155 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-18498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "60.4" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "60.4" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "64" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer overflow when calculating buffer sizes for images" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-18498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "60.4" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "60.4" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "64" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1500011", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1500011" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-29/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-29/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-30/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-30/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-31/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-31/" - }, - { - "name" : "DSA-4354", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4354" - }, - { - "name" : "DSA-4362", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4362" - }, - { - "name" : "GLSA-201903-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201903-04" - }, - { - "name" : "RHSA-2018:3831", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3831" - }, - { - "name" : "RHSA-2018:3833", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3833" - }, - { - "name" : "RHSA-2019:0159", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0159" - }, - { - "name" : "RHSA-2019:0160", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0160" - }, - { - "name" : "USN-3844-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3844-1/" - }, - { - "name" : "USN-3868-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3868-1/" - }, - { - "name" : "106168", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106168" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer overflow when calculating buffer sizes for images" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-29/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-29/" + }, + { + "name": "[debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html" + }, + { + "name": "RHSA-2018:3833", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3833" + }, + { + "name": "RHSA-2018:3831", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3831" + }, + { + "name": "DSA-4362", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4362" + }, + { + "name": "GLSA-201903-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201903-04" + }, + { + "name": "USN-3844-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3844-1/" + }, + { + "name": "106168", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106168" + }, + { + "name": "RHSA-2019:0159", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0159" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-31/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-31/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-30/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-30/" + }, + { + "name": "DSA-4354", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4354" + }, + { + "name": "USN-3868-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3868-1/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1500011", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1500011" + }, + { + "name": "RHSA-2019:0160", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0160" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18575.json b/2018/18xxx/CVE-2018-18575.json index 5aa79b7bddd..26d3124bf8f 100644 --- a/2018/18xxx/CVE-2018-18575.json +++ b/2018/18xxx/CVE-2018-18575.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18575", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18575", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18897.json b/2018/18xxx/CVE-2018-18897.json index 4dafd235444..b2d6cbe6550 100644 --- a/2018/18xxx/CVE-2018-18897.json +++ b/2018/18xxx/CVE-2018-18897.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gitlab.freedesktop.org/poppler/poppler/issues/654", - "refsource" : "MISC", - "url" : "https://gitlab.freedesktop.org/poppler/poppler/issues/654" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.freedesktop.org/poppler/poppler/issues/654", + "refsource": "MISC", + "url": "https://gitlab.freedesktop.org/poppler/poppler/issues/654" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19150.json b/2018/19xxx/CVE-2018-19150.json index d47ff7a6694..93f5f8a911f 100644 --- a/2018/19xxx/CVE-2018-19150.json +++ b/2018/19xxx/CVE-2018-19150.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in pdfforge PDF Architect 6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of a \"Data from Faulting Address controls Code Flow\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2018-09-19-pdf-architect-corruption.md", - "refsource" : "MISC", - "url" : "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2018-09-19-pdf-architect-corruption.md" - }, - { - "name" : "https://nafiez.github.io/security/integer/2018/09/18/pdf-architect-corruption.html", - "refsource" : "MISC", - "url" : "https://nafiez.github.io/security/integer/2018/09/18/pdf-architect-corruption.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in pdfforge PDF Architect 6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of a \"Data from Faulting Address controls Code Flow\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nafiez.github.io/security/integer/2018/09/18/pdf-architect-corruption.html", + "refsource": "MISC", + "url": "https://nafiez.github.io/security/integer/2018/09/18/pdf-architect-corruption.html" + }, + { + "name": "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2018-09-19-pdf-architect-corruption.md", + "refsource": "MISC", + "url": "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2018-09-19-pdf-architect-corruption.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19394.json b/2018/19xxx/CVE-2018-19394.json index 1d4b2b7dbf4..b9c62b745a5 100644 --- a/2018/19xxx/CVE-2018-19394.json +++ b/2018/19xxx/CVE-2018-19394.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cyberskr.com/blog/cobham-satcom-800-900.html", - "refsource" : "MISC", - "url" : "https://cyberskr.com/blog/cobham-satcom-800-900.html" - }, - { - "name" : "https://gist.github.com/CyberSKR/fe21b920c8933867ea262a325d37f03b", - "refsource" : "MISC", - "url" : "https://gist.github.com/CyberSKR/fe21b920c8933867ea262a325d37f03b" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cyberskr.com/blog/cobham-satcom-800-900.html", + "refsource": "MISC", + "url": "https://cyberskr.com/blog/cobham-satcom-800-900.html" + }, + { + "name": "https://gist.github.com/CyberSKR/fe21b920c8933867ea262a325d37f03b", + "refsource": "MISC", + "url": "https://gist.github.com/CyberSKR/fe21b920c8933867ea262a325d37f03b" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1124.json b/2018/1xxx/CVE-2018-1124.json index 77c8e69c383..8fb487a710f 100644 --- a/2018/1xxx/CVE-2018-1124.json +++ b/2018/1xxx/CVE-2018-1124.json @@ -1,165 +1,165 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-1124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "procps-ng", - "version" : { - "version_data" : [ - { - "version_value" : "procps-ng 3.3.15" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-190" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-1124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "procps-ng", + "version": { + "version_data": [ + { + "version_value": "procps-ng 3.3.15" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - }, - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-122" - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44806", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44806/" - }, - { - "name" : "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2018/q2/122" - }, - { - "name" : "[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html" - }, - { - "name" : "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt", - "refsource" : "MISC", - "url" : "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10241" - }, - { - "name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", - "refsource" : "CONFIRM", - "url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" - }, - { - "name" : "DSA-4208", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4208" - }, - { - "name" : "GLSA-201805-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201805-14" - }, - { - "name" : "RHSA-2018:1700", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1700" - }, - { - "name" : "RHSA-2018:1777", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1777" - }, - { - "name" : "RHSA-2018:1820", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1820" - }, - { - "name" : "RHSA-2018:2267", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2267" - }, - { - "name" : "RHSA-2018:2268", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2268" - }, - { - "name" : "USN-3658-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3658-1/" - }, - { - "name" : "USN-3658-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3658-2/" - }, - { - "name" : "104214", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104214" - }, - { - "name" : "1041057", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041057" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-122" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3658-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3658-1/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124" + }, + { + "name": "DSA-4208", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4208" + }, + { + "name": "GLSA-201805-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201805-14" + }, + { + "name": "44806", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44806/" + }, + { + "name": "RHSA-2018:1777", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1777" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10241" + }, + { + "name": "[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html" + }, + { + "name": "RHSA-2018:2267", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2267" + }, + { + "name": "RHSA-2018:2268", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2268" + }, + { + "name": "RHSA-2018:1700", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1700" + }, + { + "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", + "refsource": "CONFIRM", + "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" + }, + { + "name": "104214", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104214" + }, + { + "name": "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2018/q2/122" + }, + { + "name": "1041057", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041057" + }, + { + "name": "RHSA-2018:1820", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1820" + }, + { + "name": "USN-3658-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3658-2/" + }, + { + "name": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt", + "refsource": "MISC", + "url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1323.json b/2018/1xxx/CVE-2018-1323.json index 306c6d17b53..fb7aa497a59 100644 --- a/2018/1xxx/CVE-2018-1323.json +++ b/2018/1xxx/CVE-2018-1323.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-03-12T00:00:00", - "ID" : "CVE-2018-1323", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Tomcat Connectors", - "version" : { - "version_data" : [ - { - "version_value" : "Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing Tomcat via the reverse proxy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-03-12T00:00:00", + "ID": "CVE-2018-1323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Tomcat Connectors", + "version": { + "version_data": [ + { + "version_value": "Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://lists.apache.org/thread.html/6e146bce83578bd870893250ba8354e28f9d8e86c674c30dbeee529f@%3Cannounce.tomcat.apache.org%3E", - "refsource" : "MISC", - "url" : "https://lists.apache.org/thread.html/6e146bce83578bd870893250ba8354e28f9d8e86c674c30dbeee529f@%3Cannounce.tomcat.apache.org%3E" - }, - { - "name" : "RHSA-2018:1843", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1843" - }, - { - "name" : "103389", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103389" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing Tomcat via the reverse proxy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103389", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103389" + }, + { + "name": "RHSA-2018:1843", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1843" + }, + { + "name": "https://lists.apache.org/thread.html/6e146bce83578bd870893250ba8354e28f9d8e86c674c30dbeee529f@%3Cannounce.tomcat.apache.org%3E", + "refsource": "MISC", + "url": "https://lists.apache.org/thread.html/6e146bce83578bd870893250ba8354e28f9d8e86c674c30dbeee529f@%3Cannounce.tomcat.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1683.json b/2018/1xxx/CVE-2018-1683.json index 575fe5910ed..ca3d95ebd17 100644 --- a/2018/1xxx/CVE-2018-1683.json +++ b/2018/1xxx/CVE-2018-1683.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-09-21T00:00:00", - "ID" : "CVE-2018-1683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Application Server", - "version" : { - "version_data" : [ - { - "version_value" : "" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication. IBM X-Force ID: 145455." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "H", - "AV" : "N", - "C" : "H", - "I" : "N", - "PR" : "N", - "S" : "U", - "SCORE" : "5.900", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-09-21T00:00:00", + "ID": "CVE-2018-1683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Application Server", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10716533", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10716533" - }, - { - "name" : "1041720", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041720" - }, - { - "name" : "ibm-websphere-cve20181683-info-disc(145455)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145455" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication. IBM X-Force ID: 145455." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "H", + "AV": "N", + "C": "H", + "I": "N", + "PR": "N", + "S": "U", + "SCORE": "5.900", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-websphere-cve20181683-info-disc(145455)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145455" + }, + { + "name": "1041720", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041720" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10716533", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10716533" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1927.json b/2018/1xxx/CVE-2018-1927.json index 316432c0d88..1d92cea6375 100644 --- a/2018/1xxx/CVE-2018-1927.json +++ b/2018/1xxx/CVE-2018-1927.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-11-28T00:00:00", - "ID" : "CVE-2018-1927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "StoredIQ", - "version" : { - "version_data" : [ - { - "version_value" : "7.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153118." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "N", - "I" : "H", - "PR" : "N", - "S" : "U", - "SCORE" : "6.500", - "UI" : "R" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-11-28T00:00:00", + "ID": "CVE-2018-1927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "StoredIQ", + "version": { + "version_data": [ + { + "version_value": "7.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10741605", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10741605" - }, - { - "name" : "ibm-storeiq-cve20181927-csrf(153118)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153118." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "N", + "I": "H", + "PR": "N", + "S": "U", + "SCORE": "6.500", + "UI": "R" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10741605", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10741605" + }, + { + "name": "ibm-storeiq-cve20181927-csrf(153118)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153118" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1992.json b/2018/1xxx/CVE-2018-1992.json index 078e42dfb09..b08c7a43805 100644 --- a/2018/1xxx/CVE-2018-1992.json +++ b/2018/1xxx/CVE-2018-1992.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1992", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1992", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5431.json b/2018/5xxx/CVE-2018-5431.json index 22fa41d2589..10c2fb21e2b 100644 --- a/2018/5xxx/CVE-2018-5431.json +++ b/2018/5xxx/CVE-2018-5431.json @@ -1,154 +1,154 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@tibco.com", - "DATE_PUBLIC" : "2018-04-17T16:00:00.000Z", - "ID" : "CVE-2018-5431", - "STATE" : "PUBLIC", - "TITLE" : "TIBCO JasperReports Server Cross Site Scripting Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TIBCO JasperReports Server", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "6.2.4" - }, - { - "affected" : "=", - "version_value" : "6.3.0" - }, - { - "affected" : "=", - "version_value" : "6.3.2" - }, - { - "affected" : "=", - "version_value" : "6.3.3" - }, - { - "affected" : "=", - "version_value" : "6.4.0" - }, - { - "affected" : "=", - "version_value" : "6.4.2" - } - ] - } - }, - { - "product_name" : "TIBCO JasperReports Server Community Edition", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "6.4.2" - } - ] - } - }, - { - "product_name" : "TIBCO JasperReports Server for ActiveMatrix BPM", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "6.4.2" - } - ] - } - }, - { - "product_name" : "TIBCO Jaspersoft for AWS with Multi-Tenancy", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "6.4.2" - } - ] - } - }, - { - "product_name" : "TIBCO Jaspersoft Reporting and Analytics for AWS", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "6.4.2" - } - ] - } - } - ] - }, - "vendor_name" : "TIBCO Software Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The domain designer component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which may allow, in the context of a non-default permissions configuration, persisted cross-site scripting (XSS) attacks. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 6.3, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "LOW", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "The impact includes the theoretical possibility of a user performing operations using another user's access, including administrative functions being performed by a non-administrative user.\n" - } + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2018-04-17T16:00:00.000Z", + "ID": "CVE-2018-5431", + "STATE": "PUBLIC", + "TITLE": "TIBCO JasperReports Server Cross Site Scripting Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO JasperReports Server", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "6.2.4" + }, + { + "affected": "=", + "version_value": "6.3.0" + }, + { + "affected": "=", + "version_value": "6.3.2" + }, + { + "affected": "=", + "version_value": "6.3.3" + }, + { + "affected": "=", + "version_value": "6.4.0" + }, + { + "affected": "=", + "version_value": "6.4.2" + } + ] + } + }, + { + "product_name": "TIBCO JasperReports Server Community Edition", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "6.4.2" + } + ] + } + }, + { + "product_name": "TIBCO JasperReports Server for ActiveMatrix BPM", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "6.4.2" + } + ] + } + }, + { + "product_name": "TIBCO Jaspersoft for AWS with Multi-Tenancy", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "6.4.2" + } + ] + } + }, + { + "product_name": "TIBCO Jaspersoft Reporting and Analytics for AWS", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "6.4.2" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5431", - "refsource" : "CONFIRM", - "url" : "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5431" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Server versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Server versions 6.4.0 and 6.4.2 update to version 6.4.3 or higher\n\nTIBCO JasperReports Server Community Edition versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.2 and below update to version 6.4.3 or higher\n" - } - ], - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The domain designer component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which may allow, in the context of a non-default permissions configuration, persisted cross-site scripting (XSS) attacks. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The impact includes the theoretical possibility of a user performing operations using another user's access, including administrative functions being performed by a non-administrative user.\n" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5431", + "refsource": "CONFIRM", + "url": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5431" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Server versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Server versions 6.4.0 and 6.4.2 update to version 6.4.3 or higher\n\nTIBCO JasperReports Server Community Edition versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.2 and below update to version 6.4.3 or higher\n" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5587.json b/2018/5xxx/CVE-2018-5587.json index 21ca577db4e..04a4f58695e 100644 --- a/2018/5xxx/CVE-2018-5587.json +++ b/2018/5xxx/CVE-2018-5587.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5587", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5587", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5646.json b/2018/5xxx/CVE-2018-5646.json index 29935c59edb..3d78df4397a 100644 --- a/2018/5xxx/CVE-2018-5646.json +++ b/2018/5xxx/CVE-2018-5646.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5646", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5646", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file