From 474a4e1ce2d035021518c8664ae05d820df15169 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 21:33:47 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/1xxx/CVE-2004-1427.json | 150 +++++----- 2004/1xxx/CVE-2004-1442.json | 200 ++++++------- 2008/0xxx/CVE-2008-0135.json | 150 +++++----- 2008/0xxx/CVE-2008-0356.json | 190 ++++++------ 2008/0xxx/CVE-2008-0378.json | 150 +++++----- 2008/3xxx/CVE-2008-3091.json | 150 +++++----- 2008/3xxx/CVE-2008-3159.json | 180 ++++++------ 2008/3xxx/CVE-2008-3184.json | 160 +++++----- 2008/3xxx/CVE-2008-3450.json | 200 ++++++------- 2008/3xxx/CVE-2008-3832.json | 160 +++++----- 2008/4xxx/CVE-2008-4172.json | 140 ++++----- 2008/4xxx/CVE-2008-4247.json | 260 ++++++++--------- 2008/4xxx/CVE-2008-4419.json | 180 ++++++------ 2008/4xxx/CVE-2008-4584.json | 150 +++++----- 2008/7xxx/CVE-2008-7221.json | 130 ++++----- 2013/2xxx/CVE-2013-2442.json | 320 ++++++++++---------- 2013/2xxx/CVE-2013-2690.json | 180 ++++++------ 2013/2xxx/CVE-2013-2728.json | 180 ++++++------ 2013/6xxx/CVE-2013-6125.json | 34 +-- 2013/6xxx/CVE-2013-6238.json | 34 +-- 2013/6xxx/CVE-2013-6702.json | 140 ++++----- 2013/6xxx/CVE-2013-6730.json | 140 ++++----- 2013/6xxx/CVE-2013-6753.json | 34 +-- 2013/7xxx/CVE-2013-7384.json | 150 +++++----- 2017/10xxx/CVE-2017-10390.json | 34 +-- 2017/10xxx/CVE-2017-10498.json | 34 +-- 2017/10xxx/CVE-2017-10737.json | 120 ++++---- 2017/10xxx/CVE-2017-10895.json | 120 ++++---- 2017/14xxx/CVE-2017-14041.json | 160 +++++----- 2017/14xxx/CVE-2017-14110.json | 34 +-- 2017/14xxx/CVE-2017-14232.json | 34 +-- 2017/14xxx/CVE-2017-14246.json | 130 ++++----- 2017/14xxx/CVE-2017-14598.json | 34 +-- 2017/14xxx/CVE-2017-14969.json | 120 ++++---- 2017/15xxx/CVE-2017-15293.json | 150 +++++----- 2017/15xxx/CVE-2017-15611.json | 120 ++++---- 2017/15xxx/CVE-2017-15617.json | 130 ++++----- 2017/15xxx/CVE-2017-15827.json | 34 +-- 2017/15xxx/CVE-2017-15983.json | 120 ++++---- 2017/9xxx/CVE-2017-9053.json | 120 ++++---- 2017/9xxx/CVE-2017-9236.json | 34 +-- 2017/9xxx/CVE-2017-9314.json | 122 ++++---- 2017/9xxx/CVE-2017-9413.json | 130 ++++----- 2017/9xxx/CVE-2017-9503.json | 170 +++++------ 2018/0xxx/CVE-2018-0031.json | 450 ++++++++++++++--------------- 2018/0xxx/CVE-2018-0259.json | 130 ++++----- 2018/0xxx/CVE-2018-0401.json | 130 ++++----- 2018/1000xxx/CVE-2018-1000202.json | 126 ++++---- 2018/16xxx/CVE-2018-16179.json | 130 ++++----- 2018/16xxx/CVE-2018-16713.json | 120 ++++---- 2018/16xxx/CVE-2018-16995.json | 34 +-- 2018/19xxx/CVE-2018-19036.json | 120 ++++---- 2018/19xxx/CVE-2018-19286.json | 120 ++++---- 2018/19xxx/CVE-2018-19573.json | 34 +-- 2018/4xxx/CVE-2018-4097.json | 140 ++++----- 2018/4xxx/CVE-2018-4147.json | 160 +++++----- 2018/4xxx/CVE-2018-4587.json | 34 +-- 2018/4xxx/CVE-2018-4907.json | 140 ++++----- 2018/4xxx/CVE-2018-4959.json | 140 ++++----- 59 files changed, 3860 insertions(+), 3860 deletions(-) diff --git a/2004/1xxx/CVE-2004-1427.json b/2004/1xxx/CVE-2004-1427.json index 4cff82baa5d..c8eaf8fec77 100644 --- a/2004/1xxx/CVE-2004-1427.json +++ b/2004/1xxx/CVE-2004-1427.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in main.inc in KorWeblog 1.6.2-cvs and earlier allows remote attackers to execute arbitrary PHP code by modifying the G_PATH parameter to reference a URL on a remote web server that contains the code, as demonstrated in index.php when using .. (dot dot) sequences in the lng parameter to cause main.inc to be loaded." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041230 KorWeblog php injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110442847614890&w=2" - }, - { - "name" : "12132", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12132" - }, - { - "name" : "13700", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13700" - }, - { - "name" : "korweblog-install-file-include(18717)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18717" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in main.inc in KorWeblog 1.6.2-cvs and earlier allows remote attackers to execute arbitrary PHP code by modifying the G_PATH parameter to reference a URL on a remote web server that contains the code, as demonstrated in index.php when using .. (dot dot) sequences in the lng parameter to cause main.inc to be loaded." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041230 KorWeblog php injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110442847614890&w=2" + }, + { + "name": "12132", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12132" + }, + { + "name": "korweblog-install-file-include(18717)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18717" + }, + { + "name": "13700", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13700" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1442.json b/2004/1xxx/CVE-2004-1442.json index 72fdb6e451b..9b633bfe7eb 100644 --- a/2004/1xxx/CVE-2004-1442.json +++ b/2004/1xxx/CVE-2004-1442.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in IBM Net.Data 7 and 7.2 allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is not properly handled by error messages such as \"DTWP001E.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040126 Secunia Research: IBM Net.Data Macro Name Cross-Site Scripting Vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0019.html" - }, - { - "name" : "http://secunia.com/secunia_research/2004-1/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2004-1/advisory/" - }, - { - "name" : "VU#197318", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/197318" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/DMOA-5VNPEL", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/DMOA-5VNPEL" - }, - { - "name" : "9488", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9488" - }, - { - "name" : "3712", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3712" - }, - { - "name" : "1008845", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1008845" - }, - { - "name" : "10709", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10709/" - }, - { - "name" : "ibm-netdata-db2wwwcomponent-xss(14925)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14925" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in IBM Net.Data 7 and 7.2 allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is not properly handled by error messages such as \"DTWP001E.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kb.cert.org/vuls/id/DMOA-5VNPEL", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/DMOA-5VNPEL" + }, + { + "name": "1008845", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1008845" + }, + { + "name": "VU#197318", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/197318" + }, + { + "name": "10709", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10709/" + }, + { + "name": "9488", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9488" + }, + { + "name": "ibm-netdata-db2wwwcomponent-xss(14925)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14925" + }, + { + "name": "http://secunia.com/secunia_research/2004-1/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2004-1/advisory/" + }, + { + "name": "20040126 Secunia Research: IBM Net.Data Macro Name Cross-Site Scripting Vulnerability", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0019.html" + }, + { + "name": "3712", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3712" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0135.json b/2008/0xxx/CVE-2008-0135.json index e28e944636a..c5c9dfea893 100644 --- a/2008/0xxx/CVE-2008-0135.json +++ b/2008/0xxx/CVE-2008-0135.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080107 RE: [HSC] Snitz Forums Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485894/100/200/threaded" - }, - { - "name" : "20080107 [HSC] Snitz Forums Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485836/100/200/threaded" - }, - { - "name" : "http://hackerscenter.com/archive/view.asp?id=28145", - "refsource" : "MISC", - "url" : "http://hackerscenter.com/archive/view.asp?id=28145" - }, - { - "name" : "http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hackerscenter.com/archive/view.asp?id=28145", + "refsource": "MISC", + "url": "http://hackerscenter.com/archive/view.asp?id=28145" + }, + { + "name": "20080107 [HSC] Snitz Forums Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485836/100/200/threaded" + }, + { + "name": "20080107 RE: [HSC] Snitz Forums Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485894/100/200/threaded" + }, + { + "name": "http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0356.json b/2008/0xxx/CVE-2008-0356.json index f0063251062..89c2f09dc01 100644 --- a/2008/0xxx/CVE-2008-0356.json +++ b/2008/0xxx/CVE-2008-0356.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0356", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0356", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080117 ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/486585/100/0/threaded" - }, - { - "name" : "http://support.citrix.com/article/CTX114487", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX114487" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-08-002.html", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-08-002.html" - }, - { - "name" : "VU#412228", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/412228" - }, - { - "name" : "27329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27329" - }, - { - "name" : "ADV-2008-0172", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0172" - }, - { - "name" : "1019231", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019231" - }, - { - "name" : "28508", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080117 ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/486585/100/0/threaded" + }, + { + "name": "28508", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28508" + }, + { + "name": "ADV-2008-0172", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0172" + }, + { + "name": "VU#412228", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/412228" + }, + { + "name": "1019231", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019231" + }, + { + "name": "27329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27329" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-08-002.html", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-08-002.html" + }, + { + "name": "http://support.citrix.com/article/CTX114487", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX114487" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0378.json b/2008/0xxx/CVE-2008-0378.json index 8023b668e35..f8ff6fcf840 100644 --- a/2008/0xxx/CVE-2008-0378.json +++ b/2008/0xxx/CVE-2008-0378.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when \"Resolve all names remotely\" is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hostname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080118 SocksCap Stack Overflow (<= 2.40-051231)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/486632/100/0/threaded" - }, - { - "name" : "27357", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27357" - }, - { - "name" : "3560", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3560" - }, - { - "name" : "sockscap-hostname-bo(39781)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when \"Resolve all names remotely\" is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hostname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3560", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3560" + }, + { + "name": "20080118 SocksCap Stack Overflow (<= 2.40-051231)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/486632/100/0/threaded" + }, + { + "name": "sockscap-hostname-bo(39781)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39781" + }, + { + "name": "27357", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27357" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3091.json b/2008/3xxx/CVE-2008-3091.json index a89029d209e..737ce6787fe 100644 --- a/2008/3xxx/CVE-2008-3091.json +++ b/2008/3xxx/CVE-2008-3091.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/277877", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/277877" - }, - { - "name" : "30067", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30067" - }, - { - "name" : "30933", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30933" - }, - { - "name" : "taxonomy-autotagger-unspecified-xss(43570)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43570" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30067", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30067" + }, + { + "name": "taxonomy-autotagger-unspecified-xss(43570)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43570" + }, + { + "name": "30933", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30933" + }, + { + "name": "http://drupal.org/node/277877", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/277877" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3159.json b/2008/3xxx/CVE-2008-3159.json index d7e5f7ee3ee..581bb875941 100644 --- a/2008/3xxx/CVE-2008-3159.json +++ b/2008/3xxx/CVE-2008-3159.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related to \"flawed arithmetic.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-041/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-041/" - }, - { - "name" : "http://www.novell.com/support/search.do?cmd=displayKC&sliceId=SAL_Public&externalId=3694858", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/search.do?cmd=displayKC&sliceId=SAL_Public&externalId=3694858" - }, - { - "name" : "30085", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30085" - }, - { - "name" : "ADV-2008-1999", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1999" - }, - { - "name" : "1020431", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020431" - }, - { - "name" : "30938", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30938" - }, - { - "name" : "novell-edirectory-dsdlm-bo(43589)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43589" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related to \"flawed arithmetic.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1020431", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020431" + }, + { + "name": "30085", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30085" + }, + { + "name": "http://www.novell.com/support/search.do?cmd=displayKC&sliceId=SAL_Public&externalId=3694858", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/search.do?cmd=displayKC&sliceId=SAL_Public&externalId=3694858" + }, + { + "name": "novell-edirectory-dsdlm-bo(43589)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43589" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-041/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-041/" + }, + { + "name": "ADV-2008-1999", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1999" + }, + { + "name": "30938", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30938" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3184.json b/2008/3xxx/CVE-2008-3184.json index da264bbb432..363135ac094 100644 --- a/2008/3xxx/CVE-2008-3184.json +++ b/2008/3xxx/CVE-2008-3184.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO (PHP_SELF) or (2) the do parameter, as demonstrated by requests to upload/admincp/faq.php. NOTE: this issue can be leveraged to execute arbitrary PHP code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080708 XSS in admin logs - vBulletin 3.7.2 and lower, vBulletin 3.6.10 PL2 and lower", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494049/100/0/threaded" - }, - { - "name" : "http://www.vbulletin.com/forum/showthread.php?t=277945", - "refsource" : "CONFIRM", - "url" : "http://www.vbulletin.com/forum/showthread.php?t=277945" - }, - { - "name" : "30134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30134" - }, - { - "name" : "30991", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30991" - }, - { - "name" : "4000", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO (PHP_SELF) or (2) the do parameter, as demonstrated by requests to upload/admincp/faq.php. NOTE: this issue can be leveraged to execute arbitrary PHP code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080708 XSS in admin logs - vBulletin 3.7.2 and lower, vBulletin 3.6.10 PL2 and lower", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494049/100/0/threaded" + }, + { + "name": "30991", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30991" + }, + { + "name": "http://www.vbulletin.com/forum/showthread.php?t=277945", + "refsource": "CONFIRM", + "url": "http://www.vbulletin.com/forum/showthread.php?t=277945" + }, + { + "name": "4000", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4000" + }, + { + "name": "30134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30134" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3450.json b/2008/3xxx/CVE-2008-3450.json index 57b1384031c..e11466eef2e 100644 --- a/2008/3xxx/CVE-2008-3450.json +++ b/2008/3xxx/CVE-2008-3450.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-355.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-355.htm" - }, - { - "name" : "237986", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237986-1" - }, - { - "name" : "30513", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30513" - }, - { - "name" : "oval:org.mitre.oval:def:5609", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5609" - }, - { - "name" : "ADV-2008-2290", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2290" - }, - { - "name" : "1020616", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020616" - }, - { - "name" : "31356", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31356" - }, - { - "name" : "31536", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31536" - }, - { - "name" : "solaris-namefs-code-execution(44158)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31356", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31356" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-355.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-355.htm" + }, + { + "name": "oval:org.mitre.oval:def:5609", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5609" + }, + { + "name": "237986", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237986-1" + }, + { + "name": "30513", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30513" + }, + { + "name": "31536", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31536" + }, + { + "name": "ADV-2008-2290", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2290" + }, + { + "name": "solaris-namefs-code-execution(44158)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44158" + }, + { + "name": "1020616", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020616" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3832.json b/2008/3xxx/CVE-2008-3832.json index 983abd938fd..ae44efbf3ab 100644 --- a/2008/3xxx/CVE-2008-3832.json +++ b/2008/3xxx/CVE-2008-3832.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to the utrace_control function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-3832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081002 CVE-2008-3832 kernel: null pointer dereference in utrace_control", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/02/1" - }, - { - "name" : "http://kerneloops.org/oops.php?number=56705", - "refsource" : "MISC", - "url" : "http://kerneloops.org/oops.php?number=56705" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=464883", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=464883" - }, - { - "name" : "31536", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31536" - }, - { - "name" : "fedora-utracecontrol-dos(45644)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45644" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to the utrace_control function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31536", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31536" + }, + { + "name": "[oss-security] 20081002 CVE-2008-3832 kernel: null pointer dereference in utrace_control", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/02/1" + }, + { + "name": "fedora-utracecontrol-dos(45644)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45644" + }, + { + "name": "http://kerneloops.org/oops.php?number=56705", + "refsource": "MISC", + "url": "http://kerneloops.org/oops.php?number=56705" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=464883", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=464883" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4172.json b/2008/4xxx/CVE-2008-4172.json index 039886d7dc8..13d2861c7ab 100644 --- a/2008/4xxx/CVE-2008-4172.json +++ b/2008/4xxx/CVE-2008-4172.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in page.php in Cars & Vehicle (aka Cars-Vehicle Script) allows remote attackers to execute arbitrary SQL commands via the lnkid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0809-exploits/carsvehicle-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0809-exploits/carsvehicle-sql.txt" - }, - { - "name" : "31214", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31214" - }, - { - "name" : "carsvehicle-page-sql-injection(45210)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in page.php in Cars & Vehicle (aka Cars-Vehicle Script) allows remote attackers to execute arbitrary SQL commands via the lnkid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "carsvehicle-page-sql-injection(45210)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45210" + }, + { + "name": "31214", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31214" + }, + { + "name": "http://packetstormsecurity.org/0809-exploits/carsvehicle-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0809-exploits/carsvehicle-sql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4247.json b/2008/4xxx/CVE-2008-4247.json index f04e9cdbafb..0603528d6fc 100644 --- a/2008/4xxx/CVE-2008-4247.json +++ b/2008/4xxx/CVE-2008-4247.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080926 multiple vendor ftpd - Cross-site request forgery", - "refsource" : "SREASONRES", - "url" : "http://securityreason.com/achievement_securityalert/56" - }, - { - "name" : "http://bugs.proftpd.org/show_bug.cgi?id=3115", - "refsource" : "MISC", - "url" : "http://bugs.proftpd.org/show_bug.cgi?id=3115" - }, - { - "name" : "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y", - "refsource" : "CONFIRM", - "url" : "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y" - }, - { - "name" : "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y.diff?r1=1.51&r2=1.52&f=h", - "refsource" : "CONFIRM", - "url" : "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y.diff?r1=1.51&r2=1.52&f=h" - }, - { - "name" : "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c", - "refsource" : "CONFIRM", - "url" : "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c" - }, - { - "name" : "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c.diff?r1=1.183&r2=1.184&f=h", - "refsource" : "CONFIRM", - "url" : "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c.diff?r1=1.183&r2=1.184&f=h" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "FreeBSD-SA-08:12", - "refsource" : "FREEBSD", - "url" : "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:12.ftpd.asc" - }, - { - "name" : "NetBSD-SA2008-014", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-014.txt.asc" - }, - { - "name" : "1020946", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020946" - }, - { - "name" : "1021112", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021112" - }, - { - "name" : "32068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32068" - }, - { - "name" : "32070", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32070" - }, - { - "name" : "33341", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33341" - }, - { - "name" : "4313", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4313" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1021112", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021112" + }, + { + "name": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y.diff?r1=1.51&r2=1.52&f=h", + "refsource": "CONFIRM", + "url": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y.diff?r1=1.51&r2=1.52&f=h" + }, + { + "name": "1020946", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020946" + }, + { + "name": "20080926 multiple vendor ftpd - Cross-site request forgery", + "refsource": "SREASONRES", + "url": "http://securityreason.com/achievement_securityalert/56" + }, + { + "name": "33341", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33341" + }, + { + "name": "http://bugs.proftpd.org/show_bug.cgi?id=3115", + "refsource": "MISC", + "url": "http://bugs.proftpd.org/show_bug.cgi?id=3115" + }, + { + "name": "NetBSD-SA2008-014", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-014.txt.asc" + }, + { + "name": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y", + "refsource": "CONFIRM", + "url": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y" + }, + { + "name": "32068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32068" + }, + { + "name": "FreeBSD-SA-08:12", + "refsource": "FREEBSD", + "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:12.ftpd.asc" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "32070", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32070" + }, + { + "name": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c.diff?r1=1.183&r2=1.184&f=h", + "refsource": "CONFIRM", + "url": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c.diff?r1=1.183&r2=1.184&f=h" + }, + { + "name": "4313", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4313" + }, + { + "name": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c", + "refsource": "CONFIRM", + "url": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4419.json b/2008/4xxx/CVE-2008-4419.json index 1545cd6315c..455b8c1348c 100644 --- a/2008/4xxx/CVE-2008-4419.json +++ b/2008/4xxx/CVE-2008-4419.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color LaserJet 4730mfp before firmware 46.200.9; LaserJet 2410, LaserJet 2420, and LaserJet 2430 before firmware 20080819 SPCL112A; LaserJet 4250 and LaserJet 4350 before firmware 20080819 SPCL015A; and LaserJet 9040 and LaserJet 9050 before firmware 20080819 SPCL110A allows remote attackers to read arbitrary files via directory traversal sequences in the URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090204 DDIVRT-2008-19 HP JetDirect Web Administration Directory Traversal", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500657/100/0/threaded" - }, - { - "name" : "HPSBPI02398", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905" - }, - { - "name" : "SSRT080166", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905" - }, - { - "name" : "33611", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33611" - }, - { - "name" : "1021687", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021687" - }, - { - "name" : "33779", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33779" - }, - { - "name" : "ADV-2009-0341", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0341" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color LaserJet 4730mfp before firmware 46.200.9; LaserJet 2410, LaserJet 2420, and LaserJet 2430 before firmware 20080819 SPCL112A; LaserJet 4250 and LaserJet 4350 before firmware 20080819 SPCL015A; and LaserJet 9040 and LaserJet 9050 before firmware 20080819 SPCL110A allows remote attackers to read arbitrary files via directory traversal sequences in the URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33779", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33779" + }, + { + "name": "33611", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33611" + }, + { + "name": "20090204 DDIVRT-2008-19 HP JetDirect Web Administration Directory Traversal", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500657/100/0/threaded" + }, + { + "name": "1021687", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021687" + }, + { + "name": "ADV-2009-0341", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0341" + }, + { + "name": "SSRT080166", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905" + }, + { + "name": "HPSBPI02398", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4584.json b/2008/4xxx/CVE-2008-4584.json index bac13298e77..50a1eed5fe7 100644 --- a/2008/4xxx/CVE-2008-4584.json +++ b/2008/4xxx/CVE-2008-4584.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname to the SaveLastError method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5005", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5005" - }, - { - "name" : "27493", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27493" - }, - { - "name" : "4424", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4424" - }, - { - "name" : "chilkatmail-chilkatcert-file-overwrite(40041)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname to the SaveLastError method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4424", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4424" + }, + { + "name": "27493", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27493" + }, + { + "name": "5005", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5005" + }, + { + "name": "chilkatmail-chilkatcert-file-overwrite(40041)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40041" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7221.json b/2008/7xxx/CVE-2008-7221.json index b20b7535c3f..f88d4872a08 100644 --- a/2008/7xxx/CVE-2008-7221.json +++ b/2008/7xxx/CVE-2008-7221.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7221", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows remote attackers to hijack the authentication of administrators for requests that (1) add new administrators or (2) modify user profiles via a crafted request to system/admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080216 RunCMS 1.6.1 Multiple XSS and XSRF Vulnerabilties", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488287/100/200/threaded" - }, - { - "name" : "runcms-admin-csrf(40628)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows remote attackers to hijack the authentication of administrators for requests that (1) add new administrators or (2) modify user profiles via a crafted request to system/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080216 RunCMS 1.6.1 Multiple XSS and XSRF Vulnerabilties", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488287/100/200/threaded" + }, + { + "name": "runcms-admin-csrf(40628)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40628" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2442.json b/2013/2xxx/CVE-2013-2442.json index a2d64d941ca..86a58f15132 100644 --- a/2013/2xxx/CVE-2013-2442.json +++ b/2013/2xxx/CVE-2013-2442.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2466 and CVE-2013-2468." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-2442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644197" - }, - { - "name" : "HPSBUX02907", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137545505800971&w=2" - }, - { - "name" : "HPSBUX02908", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137545592101387&w=2" - }, - { - "name" : "RHSA-2013:0963", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0963.html" - }, - { - "name" : "RHSA-2013:1060", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1060.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "RHSA-2013:1059", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1059.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "SUSE-SU-2013:1305", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" - }, - { - "name" : "SUSE-SU-2013:1255", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" - }, - { - "name" : "SUSE-SU-2013:1256", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html" - }, - { - "name" : "SUSE-SU-2013:1257", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" - }, - { - "name" : "TA13-169A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-169A" - }, - { - "name" : "60643", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60643" - }, - { - "name" : "oval:org.mitre.oval:def:16803", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16803" - }, - { - "name" : "oval:org.mitre.oval:def:19460", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19460" - }, - { - "name" : "oval:org.mitre.oval:def:19569", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19569" - }, - { - "name" : "54154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2466 and CVE-2013-2468." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1060", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html" + }, + { + "name": "oval:org.mitre.oval:def:16803", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16803" + }, + { + "name": "HPSBUX02908", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137545592101387&w=2" + }, + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" + }, + { + "name": "60643", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60643" + }, + { + "name": "SUSE-SU-2013:1257", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" + }, + { + "name": "HPSBUX02907", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137545505800971&w=2" + }, + { + "name": "SUSE-SU-2013:1256", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html" + }, + { + "name": "54154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54154" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "RHSA-2013:1059", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197" + }, + { + "name": "oval:org.mitre.oval:def:19460", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19460" + }, + { + "name": "oval:org.mitre.oval:def:19569", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19569" + }, + { + "name": "TA13-169A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-169A" + }, + { + "name": "RHSA-2013:0963", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0963.html" + }, + { + "name": "SUSE-SU-2013:1255", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" + }, + { + "name": "SUSE-SU-2013:1305", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2690.json b/2013/2xxx/CVE-2013-2690.json index ead08348625..eb05e2ed89a 100644 --- a/2013/2xxx/CVE-2013-2690.json +++ b/2013/2xxx/CVE-2013-2690.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Synchroweb Technology SynConnect 2.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter in a logoff action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130325 SynConnect PMS SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-03/0134.html" - }, - { - "name" : "24898", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/24898" - }, - { - "name" : "http://osvdb.org/ref/91/synconnect.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/91/synconnect.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/120958/SynConnect-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/120958/SynConnect-SQL-Injection.html" - }, - { - "name" : "58711", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58711" - }, - { - "name" : "91693", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/91693" - }, - { - "name" : "synconnect-index-sql-injection(83040)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Synchroweb Technology SynConnect 2.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter in a logoff action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91693", + "refsource": "OSVDB", + "url": "http://osvdb.org/91693" + }, + { + "name": "http://osvdb.org/ref/91/synconnect.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/91/synconnect.txt" + }, + { + "name": "58711", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58711" + }, + { + "name": "20130325 SynConnect PMS SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0134.html" + }, + { + "name": "24898", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/24898" + }, + { + "name": "synconnect-index-sql-injection(83040)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83040" + }, + { + "name": "http://packetstormsecurity.com/files/120958/SynConnect-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/120958/SynConnect-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2728.json b/2013/2xxx/CVE-2013-2728.json index 1b59c3b7d37..2e4f299cea1 100644 --- a/2013/2xxx/CVE-2013-2728.json +++ b/2013/2xxx/CVE-2013-2728.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-2728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-14.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-14.html" - }, - { - "name" : "RHSA-2013:0825", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0825.html" - }, - { - "name" : "SUSE-SU-2013:0798", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.html" - }, - { - "name" : "openSUSE-SU-2013:0892", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.html" - }, - { - "name" : "openSUSE-SU-2013:0954", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.html" - }, - { - "name" : "oval:org.mitre.oval:def:16932", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16932" - }, - { - "name" : "53442", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:0892", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.html" + }, + { + "name": "53442", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53442" + }, + { + "name": "oval:org.mitre.oval:def:16932", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16932" + }, + { + "name": "SUSE-SU-2013:0798", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.html" + }, + { + "name": "openSUSE-SU-2013:0954", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-14.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-14.html" + }, + { + "name": "RHSA-2013:0825", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0825.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6125.json b/2013/6xxx/CVE-2013-6125.json index a833541ade2..b6818931117 100644 --- a/2013/6xxx/CVE-2013-6125.json +++ b/2013/6xxx/CVE-2013-6125.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6125", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6125", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6238.json b/2013/6xxx/CVE-2013-6238.json index 4dbd601878c..6417469d7ce 100644 --- a/2013/6xxx/CVE-2013-6238.json +++ b/2013/6xxx/CVE-2013-6238.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6238", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6238", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6702.json b/2013/6xxx/CVE-2013-6702.json index 07b945b5ea5..d590add0761 100644 --- a/2013/6xxx/CVE-2013-6702.json +++ b/2013/6xxx/CVE-2013-6702.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The management implementation on Cisco ONS 15454 controller cards with software 9.8 and earlier allows remote attackers to cause a denial of service (card reset) via crafted packets, aka Bug ID CSCtz50902." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-6702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=31999", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=31999" - }, - { - "name" : "20131203 Cisco ONS 15454 Controller Card Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6702" - }, - { - "name" : "1029421", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The management implementation on Cisco ONS 15454 controller cards with software 9.8 and earlier allows remote attackers to cause a denial of service (card reset) via crafted packets, aka Bug ID CSCtz50902." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131203 Cisco ONS 15454 Controller Card Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6702" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31999", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31999" + }, + { + "name": "1029421", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029421" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6730.json b/2013/6xxx/CVE-2013-6730.json index c22f3a7719a..bc6a59da328 100644 --- a/2013/6xxx/CVE-2013-6730.json +++ b/2013/6xxx/CVE-2013-6730.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6730", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled, allows remote attackers to bypass intended read restrictions on an item by accessing that item within search results." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-6730", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21665915", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21665915" - }, - { - "name" : "PI07185", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07185" - }, - { - "name" : "ibm-websphere-portal-cve20136730-search(89363)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled, allows remote attackers to bypass intended read restrictions on an item by accessing that item within search results." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PI07185", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07185" + }, + { + "name": "ibm-websphere-portal-cve20136730-search(89363)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89363" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21665915", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21665915" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6753.json b/2013/6xxx/CVE-2013-6753.json index 6cb962e7738..5f19e8ef05c 100644 --- a/2013/6xxx/CVE-2013-6753.json +++ b/2013/6xxx/CVE-2013-6753.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6753", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6753", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7384.json b/2013/7xxx/CVE-2013-7384.json index 61fda41db6b..f7c8b9b4b52 100644 --- a/2013/7xxx/CVE-2013-7384.json +++ b/2013/7xxx/CVE-2013-7384.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from CVE-2013-6413 per ADT2 due to different vulnerability types." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131129 CVE request: UnrealIRCd remote DoS", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q4/379" - }, - { - "name" : "[oss-security] 20131129 Re: CVE request: UnrealIRCd remote DoS", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q4/383" - }, - { - "name" : "http://forums.unrealircd.com/viewtopic.php?f=2&t=8221", - "refsource" : "CONFIRM", - "url" : "http://forums.unrealircd.com/viewtopic.php?f=2&t=8221" - }, - { - "name" : "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from CVE-2013-6413 per ADT2 due to different vulnerability types." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20131129 CVE request: UnrealIRCd remote DoS", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q4/379" + }, + { + "name": "http://forums.unrealircd.com/viewtopic.php?f=2&t=8221", + "refsource": "CONFIRM", + "url": "http://forums.unrealircd.com/viewtopic.php?f=2&t=8221" + }, + { + "name": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt", + "refsource": "CONFIRM", + "url": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt" + }, + { + "name": "[oss-security] 20131129 Re: CVE request: UnrealIRCd remote DoS", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q4/383" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10390.json b/2017/10xxx/CVE-2017-10390.json index 8aa6b94b87a..4d0b6e9d9b4 100644 --- a/2017/10xxx/CVE-2017-10390.json +++ b/2017/10xxx/CVE-2017-10390.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10390", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10390", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10498.json b/2017/10xxx/CVE-2017-10498.json index 431d6cf6500..fc3ab76508e 100644 --- a/2017/10xxx/CVE-2017-10498.json +++ b/2017/10xxx/CVE-2017-10498.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10498", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10498", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10737.json b/2017/10xxx/CVE-2017-10737.json index 654ac142330..ecf6107361a 100644 --- a/2017/10xxx/CVE-2017-10737.json +++ b/2017/10xxx/CVE-2017-10737.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000002e6.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10737", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10737" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000002e6.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10737", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10737" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10895.json b/2017/10xxx/CVE-2017-10895.json index 64ad61979e0..0b6e7fbab11 100644 --- a/2017/10xxx/CVE-2017-10895.json +++ b/2017/10xxx/CVE-2017-10895.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-10895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "sDNSProxy.exe", - "version" : { - "version_data" : [ - { - "version_value" : "ver1.1.0.0 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Tomoki Sanaki" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause a denial of service via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial-of-service (DoS)" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-10895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "sDNSProxy.exe", + "version": { + "version_data": [ + { + "version_value": "ver1.1.0.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Tomoki Sanaki" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#71291160", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN71291160/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause a denial of service via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial-of-service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#71291160", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN71291160/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14041.json b/2017/14xxx/CVE-2017-14041.json index 9bde3e5ea36..d13e8fe934b 100644 --- a/2017/14xxx/CVE-2017-14041.json +++ b/2017/14xxx/CVE-2017-14041.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/08/28/openjpeg-stack-based-buffer-overflow-write-in-pgxtoimage-convert-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/08/28/openjpeg-stack-based-buffer-overflow-write-in-pgxtoimage-convert-c/" - }, - { - "name" : "https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9", - "refsource" : "MISC", - "url" : "https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9" - }, - { - "name" : "https://github.com/uclouvain/openjpeg/issues/997", - "refsource" : "MISC", - "url" : "https://github.com/uclouvain/openjpeg/issues/997" - }, - { - "name" : "DSA-4013", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-4013" - }, - { - "name" : "100555", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/08/28/openjpeg-stack-based-buffer-overflow-write-in-pgxtoimage-convert-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/08/28/openjpeg-stack-based-buffer-overflow-write-in-pgxtoimage-convert-c/" + }, + { + "name": "https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9", + "refsource": "MISC", + "url": "https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9" + }, + { + "name": "100555", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100555" + }, + { + "name": "https://github.com/uclouvain/openjpeg/issues/997", + "refsource": "MISC", + "url": "https://github.com/uclouvain/openjpeg/issues/997" + }, + { + "name": "DSA-4013", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-4013" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14110.json b/2017/14xxx/CVE-2017-14110.json index b8deb14a1a5..35dfcacd580 100644 --- a/2017/14xxx/CVE-2017-14110.json +++ b/2017/14xxx/CVE-2017-14110.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14110", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14110", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14232.json b/2017/14xxx/CVE-2017-14232.json index 4960da8a8f0..a9e72bf80ee 100644 --- a/2017/14xxx/CVE-2017-14232.json +++ b/2017/14xxx/CVE-2017-14232.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14232", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14232", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14246.json b/2017/14xxx/CVE-2017-14246.json index 4ee3d601817..6b56bb2c3bd 100644 --- a/2017/14xxx/CVE-2017-14246.json +++ b/2017/14xxx/CVE-2017-14246.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" - }, - { - "name" : "https://github.com/erikd/libsndfile/issues/317", - "refsource" : "MISC", - "url" : "https://github.com/erikd/libsndfile/issues/317" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/erikd/libsndfile/issues/317", + "refsource": "MISC", + "url": "https://github.com/erikd/libsndfile/issues/317" + }, + { + "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14598.json b/2017/14xxx/CVE-2017-14598.json index 3519a368609..31b71233c3a 100644 --- a/2017/14xxx/CVE-2017-14598.json +++ b/2017/14xxx/CVE-2017-14598.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14598", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14598", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14969.json b/2017/14xxx/CVE-2017-14969.json index 4d43700502b..1e004afbd48 100644 --- a/2017/14xxx/CVE-2017-14969.json +++ b/2017/14xxx/CVE-2017-14969.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14969", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000084, a related issue to CVE-2017-17114." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.greyhathacker.net/?p=995", - "refsource" : "MISC", - "url" : "http://www.greyhathacker.net/?p=995" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000084, a related issue to CVE-2017-17114." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.greyhathacker.net/?p=995", + "refsource": "MISC", + "url": "http://www.greyhathacker.net/?p=995" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15293.json b/2017/15xxx/CVE-2017-15293.json index be227592d8f..8870301ac4f 100644 --- a/2017/15xxx/CVE-2017-15293.json +++ b/2017/15xxx/CVE-2017-15293.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15293", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15293", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.sap.com/2017/09/12/sap-security-patch-day-september-2017/", - "refsource" : "MISC", - "url" : "https://blogs.sap.com/2017/09/12/sap-security-patch-day-september-2017/" - }, - { - "name" : "https://erpscan.io/advisories/erpscan-17-032-sap-pos-missing-authentication-xpressserver/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-17-032-sap-pos-missing-authentication-xpressserver/" - }, - { - "name" : "https://erpscan.io/research/hacking-sap-pos/", - "refsource" : "MISC", - "url" : "https://erpscan.io/research/hacking-sap-pos/" - }, - { - "name" : "100713", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100713" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://erpscan.io/advisories/erpscan-17-032-sap-pos-missing-authentication-xpressserver/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-17-032-sap-pos-missing-authentication-xpressserver/" + }, + { + "name": "100713", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100713" + }, + { + "name": "https://erpscan.io/research/hacking-sap-pos/", + "refsource": "MISC", + "url": "https://erpscan.io/research/hacking-sap-pos/" + }, + { + "name": "https://blogs.sap.com/2017/09/12/sap-security-patch-day-september-2017/", + "refsource": "MISC", + "url": "https://blogs.sap.com/2017/09/12/sap-security-patch-day-september-2017/" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15611.json b/2017/15xxx/CVE-2017-15611.json index eac89368f90..da7ff71affe 100644 --- a/2017/15xxx/CVE-2017-15611.json +++ b/2017/15xxx/CVE-2017-15611.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15611", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Octopus before 3.17.7, an authenticated user who was explicitly granted the permission to invite new users (aka UserInvite) can invite users to teams with escalated privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/OctopusDeploy/Issues/issues/3864", - "refsource" : "CONFIRM", - "url" : "https://github.com/OctopusDeploy/Issues/issues/3864" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Octopus before 3.17.7, an authenticated user who was explicitly granted the permission to invite new users (aka UserInvite) can invite users to teams with escalated privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/OctopusDeploy/Issues/issues/3864", + "refsource": "CONFIRM", + "url": "https://github.com/OctopusDeploy/Issues/issues/3864" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15617.json b/2017/15xxx/CVE-2017-15617.json index 51c47778c7c..a1f1a938dea 100644 --- a/2017/15xxx/CVE-2017-15617.json +++ b/2017/15xxx/CVE-2017-15617.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interface_wan.lua file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/541655/100/0/threaded" - }, - { - "name" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt", - "refsource" : "MISC", - "url" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interface_wan.lua file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt", + "refsource": "MISC", + "url": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt" + }, + { + "name": "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/541655/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15827.json b/2017/15xxx/CVE-2017-15827.json index 9d15b7b913e..d5a380ca767 100644 --- a/2017/15xxx/CVE-2017-15827.json +++ b/2017/15xxx/CVE-2017-15827.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15827", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15827", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15983.json b/2017/15xxx/CVE-2017-15983.json index 641ac18e94e..6dedf8f1dd6 100644 --- a/2017/15xxx/CVE-2017-15983.json +++ b/2017/15xxx/CVE-2017-15983.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43076", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43076/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43076", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43076/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9053.json b/2017/9xxx/CVE-2017-9053.json index 860eebf21c5..5299740226d 100644 --- a/2017/9xxx/CVE-2017-9053.json +++ b/2017/9xxx/CVE-2017-9053.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op() is due to a failure to check a pointer for being in bounds (in a few places in this function)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.prevanders.net/dwarfbug.html", - "refsource" : "MISC", - "url" : "https://www.prevanders.net/dwarfbug.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op() is due to a failure to check a pointer for being in bounds (in a few places in this function)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.prevanders.net/dwarfbug.html", + "refsource": "MISC", + "url": "https://www.prevanders.net/dwarfbug.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9236.json b/2017/9xxx/CVE-2017-9236.json index 507795463ca..499e69e9f1d 100644 --- a/2017/9xxx/CVE-2017-9236.json +++ b/2017/9xxx/CVE-2017-9236.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9236", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9236", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9314.json b/2017/9xxx/CVE-2017-9314.json index d1e553bf693..585b2c2ccae 100644 --- a/2017/9xxx/CVE-2017-9314.json +++ b/2017/9xxx/CVE-2017-9314.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cybersecurity@dahuatech.com", - "DATE_PUBLIC" : "2017-11-08T00:00:00", - "ID" : "CVE-2017-9314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NVR50XX, VR52XX, VR54XX, VR58XX", - "version" : { - "version_data" : [ - { - "version_value" : "Versions Build between 2013 and 2017/10" - } - ] - } - } - ] - }, - "vendor_name" : "Dahua Technologies" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authentication vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "cybersecurity@dahuatech.com", + "DATE_PUBLIC": "2017-11-08T00:00:00", + "ID": "CVE-2017-9314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NVR50XX, VR52XX, VR54XX, VR58XX", + "version": { + "version_data": [ + { + "version_value": "Versions Build between 2013 and 2017/10" + } + ] + } + } + ] + }, + "vendor_name": "Dahua Technologies" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.html", - "refsource" : "CONFIRM", - "url" : "http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.html", + "refsource": "CONFIRM", + "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9413.json b/2017/9xxx/CVE-2017-9413.json index d43033dbc1f..77cb9263016 100644 --- a/2017/9xxx/CVE-2017-9413.json +++ b/2017/9xxx/CVE-2017-9413.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. NOTE: These vulnerabilities can be exploited to conduct server-side request forgery (SSRF) attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42118", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42118/" - }, - { - "name" : "http://packetstormsecurity.com/files/142794/Subsonic-6.1.1-Server-Side-Request-Forgery.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/142794/Subsonic-6.1.1-Server-Side-Request-Forgery.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. NOTE: These vulnerabilities can be exploited to conduct server-side request forgery (SSRF) attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/142794/Subsonic-6.1.1-Server-Side-Request-Forgery.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/142794/Subsonic-6.1.1-Server-Side-Request-Forgery.html" + }, + { + "name": "42118", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42118/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9503.json b/2017/9xxx/CVE-2017-9503.json index e35e0069e00..bdadaaa3ae8 100644 --- a/2017/9xxx/CVE-2017-9503.json +++ b/2017/9xxx/CVE-2017-9503.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170608 CVE-2017-9503 Qemu: scsi: null pointer dereference while processing megasas command", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/06/08/1" - }, - { - "name" : "[qemu-devel] 20170606 [PATCH 4/7] megasas: do not read DCMD opcode more than once", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01309.html" - }, - { - "name" : "[qemu-devel] 20170606 [PATCH 7/7] megasas: always store SCSIRequest* into Megasas", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01313.html" - }, - { - "name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1459477", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1459477" - }, - { - "name" : "99010", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" + }, + { + "name": "[oss-security] 20170608 CVE-2017-9503 Qemu: scsi: null pointer dereference while processing megasas command", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/06/08/1" + }, + { + "name": "99010", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99010" + }, + { + "name": "[qemu-devel] 20170606 [PATCH 7/7] megasas: always store SCSIRequest* into Megasas", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01313.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1459477", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459477" + }, + { + "name": "[qemu-devel] 20170606 [PATCH 4/7] megasas: do not read DCMD opcode more than once", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01309.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0031.json b/2018/0xxx/CVE-2018-0031.json index d15cfedf707..de270e52480 100644 --- a/2018/0xxx/CVE-2018-0031.json +++ b/2018/0xxx/CVE-2018-0031.json @@ -1,228 +1,228 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "DATE_PUBLIC" : "2018-07-11T16:00:00.000Z", - "ID" : "CVE-2018-0031", - "STATE" : "PUBLIC", - "TITLE" : "Junos OS: Receipt of specially crafted UDP packets over MPLS may bypass stateless IP firewall rules" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2018-07-11T16:00:00.000Z", + "ID": "CVE-2018-0031", + "STATE": "PUBLIC", + "TITLE": "Junos OS: Receipt of specially crafted UDP packets over MPLS may bypass stateless IP firewall rules" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "affected": "<", + "platform": "SRX Series", + "version_name": "12.1X46", + "version_value": "12.1X46-D76" + }, + { + "affected": "<", + "version_name": "12.3", + "version_value": "12.3R12-S10" + }, + { + "affected": "<", + "platform": "SRX Series", + "version_name": "12.3X48", + "version_value": "12.3X48-D66, 12.3X48-D70" + }, + { + "affected": "<", + "platform": "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100", + "version_name": "14.1X53", + "version_value": "14.1X53-D47" + }, + { + "affected": "<", + "version_name": "15.1", + "version_value": "15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7" + }, + { + "affected": "<", + "platform": "SRX Series", + "version_name": "15.1X49", + "version_value": "15.1X49-D131, 15.1X49-D140" + }, + { + "affected": "<", + "platform": "EX2300, EX3400", + "version_name": "15.1X53", + "version_value": "15.1X53-D59" + }, + { + "affected": "<", + "platform": "QFX10000 Series", + "version_name": "15.1X53", + "version_value": "15.1X53-D67" + }, + { + "affected": "<", + "platform": "QFX5110, QFX5200", + "version_name": "15.1X53", + "version_value": "15.1X53-D233" + }, + { + "affected": "<", + "platform": "NFX150, NFX250", + "version_name": "15.1X53", + "version_value": "15.1X53-D471, 15.1X53-D490" + }, + { + "affected": "<", + "version_name": "16.1", + "version_value": "16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7" + }, + { + "affected": "<", + "version_name": "16.2", + "version_value": "16.2R1-S6, 16.2R2-S5, 16.2R3" + }, + { + "affected": "<", + "version_name": "17.1", + "version_value": "17.1R1-S7, 17.1R2-S7, 17.1R3" + }, + { + "affected": "<", + "version_name": "17.2", + "version_value": "17.2R1-S6, 17.2R2-S4, 17.2R3" + }, + { + "affected": "<", + "version_name": "17.2X75", + "version_value": "17.2X75-D100" + }, + { + "affected": "<", + "version_name": "17.3", + "version_value": "17.3R1-S4, 17.3R2-S2, 17.3R3" + }, + { + "affected": "<", + "version_name": "17.4", + "version_value": "17.4R1-S3, 17.4R2" + }, + { + "affected": "<", + "version_name": "18.1", + "version_value": "18.1R2" + }, + { + "affected": "<", + "version_name": "18.2X75", + "version_value": "18.2X75-D5" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Internet2" + }, + { + "lang": "eng", + "value": "The Indiana University GlobalNOC" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Junos OS", - "version" : { - "version_data" : [ - { - "affected" : "<", - "platform" : "SRX Series", - "version_name" : "12.1X46", - "version_value" : "12.1X46-D76" - }, - { - "affected" : "<", - "version_name" : "12.3", - "version_value" : "12.3R12-S10" - }, - { - "affected" : "<", - "platform" : "SRX Series", - "version_name" : "12.3X48", - "version_value" : "12.3X48-D66, 12.3X48-D70" - }, - { - "affected" : "<", - "platform" : "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100", - "version_name" : "14.1X53", - "version_value" : "14.1X53-D47" - }, - { - "affected" : "<", - "version_name" : "15.1", - "version_value" : "15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7" - }, - { - "affected" : "<", - "platform" : "SRX Series", - "version_name" : "15.1X49", - "version_value" : "15.1X49-D131, 15.1X49-D140" - }, - { - "affected" : "<", - "platform" : "EX2300, EX3400", - "version_name" : "15.1X53", - "version_value" : "15.1X53-D59" - }, - { - "affected" : "<", - "platform" : "QFX10000 Series", - "version_name" : "15.1X53", - "version_value" : "15.1X53-D67" - }, - { - "affected" : "<", - "platform" : "QFX5110, QFX5200", - "version_name" : "15.1X53", - "version_value" : "15.1X53-D233" - }, - { - "affected" : "<", - "platform" : "NFX150, NFX250", - "version_name" : "15.1X53", - "version_value" : "15.1X53-D471, 15.1X53-D490" - }, - { - "affected" : "<", - "version_name" : "16.1", - "version_value" : "16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7" - }, - { - "affected" : "<", - "version_name" : "16.2", - "version_value" : "16.2R1-S6, 16.2R2-S5, 16.2R3" - }, - { - "affected" : "<", - "version_name" : "17.1", - "version_value" : "17.1R1-S7, 17.1R2-S7, 17.1R3" - }, - { - "affected" : "<", - "version_name" : "17.2", - "version_value" : "17.2R1-S6, 17.2R2-S4, 17.2R3" - }, - { - "affected" : "<", - "version_name" : "17.2X75", - "version_value" : "17.2X75-D100" - }, - { - "affected" : "<", - "version_name" : "17.3", - "version_value" : "17.3R1-S4, 17.3R2-S2, 17.3R3" - }, - { - "affected" : "<", - "version_name" : "17.4", - "version_value" : "17.4R1-S3, 17.4R2" - }, - { - "affected" : "<", - "version_name" : "18.1", - "version_value" : "18.1R2" - }, - { - "affected" : "<", - "version_name" : "18.2X75", - "version_value" : "18.2X75-D5" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" + "lang": "eng", + "value": "Receipt of specially crafted UDP/IP packets over MPLS may be able to bypass a stateless firewall filter. The crafted UDP packets must be encapsulated and meet a very specific packet format to be classified in a way that bypasses IP firewall filter rules. The packets themselves do not cause a service interruption (e.g. RPD crash), but receipt of a high rate of UDP packets may be able to contribute to a denial of service attack. This issue only affects processing of transit UDP/IP packets over MPLS, received on an interface with MPLS enabled. TCP packet processing and non-MPLS encapsulated UDP packet processing are unaffected by this issue. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D76; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D66, 12.3X48-D70; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D131, 15.1X49-D140; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400; 15.1X53 versions prior to 15.1X53-D67 on QFX10K; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX; 16.1 versions prior to 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D100; 17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.1 versions prior to 18.1R2; 18.2X75 versions prior to 18.2X75-D5." } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Internet2" - }, - { - "lang" : "eng", - "value" : "The Indiana University GlobalNOC" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Receipt of specially crafted UDP/IP packets over MPLS may be able to bypass a stateless firewall filter. The crafted UDP packets must be encapsulated and meet a very specific packet format to be classified in a way that bypasses IP firewall filter rules. The packets themselves do not cause a service interruption (e.g. RPD crash), but receipt of a high rate of UDP packets may be able to contribute to a denial of service attack. This issue only affects processing of transit UDP/IP packets over MPLS, received on an interface with MPLS enabled. TCP packet processing and non-MPLS encapsulated UDP packet processing are unaffected by this issue. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D76; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D66, 12.3X48-D70; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D131, 15.1X49-D140; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400; 15.1X53 versions prior to 15.1X53-D67 on QFX10K; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX; 16.1 versions prior to 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D100; 17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.1 versions prior to 18.1R2; 18.2X75 versions prior to 18.2X75-D5." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." - } - ], - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 5.3, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "NONE", - "integrityImpact" : "LOW", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Firewall bypass" - } - ] - }, - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10865", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10865" - }, - { - "name" : "1041326", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041326" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "The following software releases have been updated to resolve this specific issue: 12.1X46-D76, 12.3X48-D66, 12.3X48-D70, 14.1X53-D47, 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7, 15.1X49-D131, 15.1X49-D140, 15.1X53-D233, 15.1X53-D471, 15.1X53-D490, 15.1X53-D59, 15.1X53-D67, 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7, 16.2R1-S6, 16.2R2-S5, 16.2R3, 17.1R1-S7, 17.1R2-S7, 17.1R3, 17.2R1-S6, 17.2R2-S4, 17.2R3, 17.2X75-D100, 17.3R1-S4, 17.3R2-S2, 17.3R3, 17.4R1-S3, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D5, and all subsequent releases.\n" - } - ], - "source" : { - "advisory" : "JSA10865", - "defect" : [ - "1326402" - ], - "discovery" : "EXTERNAL" - }, - "work_around" : [ - { - "lang" : "eng", - "value" : "There are no viable workarounds for this issue." - } - ] -} + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Firewall bypass" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10865", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10865" + }, + { + "name": "1041326", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041326" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D76, 12.3X48-D66, 12.3X48-D70, 14.1X53-D47, 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7, 15.1X49-D131, 15.1X49-D140, 15.1X53-D233, 15.1X53-D471, 15.1X53-D490, 15.1X53-D59, 15.1X53-D67, 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7, 16.2R1-S6, 16.2R2-S5, 16.2R3, 17.1R1-S7, 17.1R2-S7, 17.1R3, 17.2R1-S6, 17.2R2-S4, 17.2R3, 17.2X75-D100, 17.3R1-S4, 17.3R2-S2, 17.3R3, 17.4R1-S3, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D5, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA10865", + "defect": [ + "1326402" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no viable workarounds for this issue." + } + ] +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0259.json b/2018/0xxx/CVE-2018-0259.json index e55f08b5dfd..049345f6803 100644 --- a/2018/0xxx/CVE-2018-0259.json +++ b/2018/0xxx/CVE-2018-0259.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0259", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco MATE Collector", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco MATE Collector" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of Cisco MATE Collector could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvh31222." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-352" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco MATE Collector", + "version": { + "version_data": [ + { + "version_value": "Cisco MATE Collector" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-MATE", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-MATE" - }, - { - "name" : "103928", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco MATE Collector could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvh31222." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-MATE", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-MATE" + }, + { + "name": "103928", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103928" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0401.json b/2018/0xxx/CVE-2018-0401.json index 7a31da1ddd7..d752372a3d6 100644 --- a/2018/0xxx/CVE-2018-0401.json +++ b/2018/0xxx/CVE-2018-0401.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Unified Contact Center Express unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Unified Contact Center Express unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70967." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Unified Contact Center Express unknown", + "version": { + "version_data": [ + { + "version_value": "Cisco Unified Contact Center Express unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-uccx", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-uccx" - }, - { - "name" : "1041352", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041352" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70967." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-uccx", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-uccx" + }, + { + "name": "1041352", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041352" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000202.json b/2018/1000xxx/CVE-2018-1000202.json index 9424d878960..c5633c84153 100644 --- a/2018/1000xxx/CVE-2018-1000202.json +++ b/2018/1000xxx/CVE-2018-1000202.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-06-05T13:57:43.659756", - "DATE_REQUESTED" : "2018-05-09T00:00:00", - "ID" : "CVE-2018-1000202", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Groovy Postbuild Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "2.3.1 and older" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-06-05T13:57:43.659756", + "DATE_REQUESTED": "2018-05-09T00:00:00", + "ID": "CVE-2018-1000202", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-821", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-821" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-821", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-821" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16179.json b/2018/16xxx/CVE-2018-16179.json index b74df48a297..fa3f4f2d038 100644 --- a/2018/16xxx/CVE-2018-16179.json +++ b/2018/16xxx/CVE-2018-16179.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-16179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mizuho Direct App for Android", - "version" : { - "version_data" : [ - { - "version_value" : "version 3.13.0 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Mizuho Bank, Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Mizuho Direct App for Android version 3.13.0 and earlier does not verify server certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Fails to verify SSL certificates" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mizuho Direct App for Android", + "version": { + "version_data": [ + { + "version_value": "version 3.13.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Mizuho Bank, Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jvn.jp/en/vu/JVNVU91640357/index.html", - "refsource" : "MISC", - "url" : "https://jvn.jp/en/vu/JVNVU91640357/index.html" - }, - { - "name" : "https://play.google.com/store/apps/details?id=jp.co.mizuhobank.banking", - "refsource" : "MISC", - "url" : "https://play.google.com/store/apps/details?id=jp.co.mizuhobank.banking" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mizuho Direct App for Android version 3.13.0 and earlier does not verify server certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to verify SSL certificates" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://play.google.com/store/apps/details?id=jp.co.mizuhobank.banking", + "refsource": "MISC", + "url": "https://play.google.com/store/apps/details?id=jp.co.mizuhobank.banking" + }, + { + "name": "https://jvn.jp/en/vu/JVNVU91640357/index.html", + "refsource": "MISC", + "url": "https://jvn.jp/en/vu/JVNVU91640357/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16713.json b/2018/16xxx/CVE-2018-16713.json index 586f852375f..418eedb9d04 100644 --- a/2018/16xxx/CVE-2018-16713.json +++ b/2018/16xxx/CVE-2018-16713.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16713", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402084) with a buffer containing user defined content. The driver's subroutine will execute a rdmsr instruction with the user's buffer for input, and provide output from the instruction." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://downwithup.github.io/CVEPosts.html", - "refsource" : "MISC", - "url" : "https://downwithup.github.io/CVEPosts.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402084) with a buffer containing user defined content. The driver's subroutine will execute a rdmsr instruction with the user's buffer for input, and provide output from the instruction." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://downwithup.github.io/CVEPosts.html", + "refsource": "MISC", + "url": "https://downwithup.github.io/CVEPosts.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16995.json b/2018/16xxx/CVE-2018-16995.json index 756caa4ea6d..73ee1fda92f 100644 --- a/2018/16xxx/CVE-2018-16995.json +++ b/2018/16xxx/CVE-2018-16995.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16995", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16995", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19036.json b/2018/19xxx/CVE-2018-19036.json index 283286e8a1d..dc76a82be82 100644 --- a/2018/19xxx/CVE-2018-19036.json +++ b/2018/19xxx/CVE-2018-19036.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2018-1202-bt-cve-2018-19036_security_advisory_ip_camera_vulnerability.pdf", - "refsource" : "CONFIRM", - "url" : "https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2018-1202-bt-cve-2018-19036_security_advisory_ip_camera_vulnerability.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2018-1202-bt-cve-2018-19036_security_advisory_ip_camera_vulnerability.pdf", + "refsource": "CONFIRM", + "url": "https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2018-1202-bt-cve-2018-19036_security_advisory_ip_camera_vulnerability.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19286.json b/2018/19xxx/CVE-2018-19286.json index 382428abf19..2f7ac1fb6f6 100644 --- a/2018/19xxx/CVE-2018-19286.json +++ b/2018/19xxx/CVE-2018-19286.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The server in mubu note 2018-11-11 has XSS by configuring an account with a crafted name value (along with an arbitrary username value), and then creating and sharing a note." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/CCCCCrash/POCs/blob/master/Web/mubu/xss.md", - "refsource" : "MISC", - "url" : "https://github.com/CCCCCrash/POCs/blob/master/Web/mubu/xss.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The server in mubu note 2018-11-11 has XSS by configuring an account with a crafted name value (along with an arbitrary username value), and then creating and sharing a note." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/CCCCCrash/POCs/blob/master/Web/mubu/xss.md", + "refsource": "MISC", + "url": "https://github.com/CCCCCrash/POCs/blob/master/Web/mubu/xss.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19573.json b/2018/19xxx/CVE-2018-19573.json index e532c2656f5..0e3a52190e6 100644 --- a/2018/19xxx/CVE-2018-19573.json +++ b/2018/19xxx/CVE-2018-19573.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19573", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19573", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4097.json b/2018/4xxx/CVE-2018-4097.json index a744d60013d..da659402bc5 100644 --- a/2018/4xxx/CVE-2018-4097.json +++ b/2018/4xxx/CVE-2018-4097.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208465", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208465" - }, - { - "name" : "102785", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102785" - }, - { - "name" : "1040267", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040267" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208465", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208465" + }, + { + "name": "102785", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102785" + }, + { + "name": "1040267", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040267" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4147.json b/2018/4xxx/CVE-2018-4147.json index d91e78d4740..c547bc60452 100644 --- a/2018/4xxx/CVE-2018-4147.json +++ b/2018/4xxx/CVE-2018-4147.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208465", - "refsource" : "MISC", - "url" : "https://support.apple.com/HT208465" - }, - { - "name" : "https://support.apple.com/HT208473", - "refsource" : "MISC", - "url" : "https://support.apple.com/HT208473" - }, - { - "name" : "https://support.apple.com/HT208474", - "refsource" : "MISC", - "url" : "https://support.apple.com/HT208474" - }, - { - "name" : "https://support.apple.com/HT208475", - "refsource" : "MISC", - "url" : "https://support.apple.com/HT208475" - }, - { - "name" : "https://support.apple.com/HT208463", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208463" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208473", + "refsource": "MISC", + "url": "https://support.apple.com/HT208473" + }, + { + "name": "https://support.apple.com/HT208474", + "refsource": "MISC", + "url": "https://support.apple.com/HT208474" + }, + { + "name": "https://support.apple.com/HT208475", + "refsource": "MISC", + "url": "https://support.apple.com/HT208475" + }, + { + "name": "https://support.apple.com/HT208465", + "refsource": "MISC", + "url": "https://support.apple.com/HT208465" + }, + { + "name": "https://support.apple.com/HT208463", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208463" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4587.json b/2018/4xxx/CVE-2018-4587.json index 6622ce0fcfc..df5628fa749 100644 --- a/2018/4xxx/CVE-2018-4587.json +++ b/2018/4xxx/CVE-2018-4587.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4587", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4587", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4907.json b/2018/4xxx/CVE-2018-4907.json index 0c39873e8da..4b700bcfbbf 100644 --- a/2018/4xxx/CVE-2018-4907.json +++ b/2018/4xxx/CVE-2018-4907.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing in the XPS module. A successful attack can lead to sensitive data exposure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "name" : "102996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102996" - }, - { - "name" : "1040364", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing in the XPS module. A successful attack can lead to sensitive data exposure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102996" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" + }, + { + "name": "1040364", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040364" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4959.json b/2018/4xxx/CVE-2018-4959.json index dc9cfcc95b7..f2c579628e8 100644 --- a/2018/4xxx/CVE-2018-4959.json +++ b/2018/4xxx/CVE-2018-4959.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" - }, - { - "name" : "104169", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104169" - }, - { - "name" : "1040920", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104169", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104169" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" + }, + { + "name": "1040920", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040920" + } + ] + } +} \ No newline at end of file