From 4a4fc9e724e715ec7ede288c577955f4efbf4ce4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:21:44 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2008/0xxx/CVE-2008-0067.json | 200 +++++++++---------- 2008/0xxx/CVE-2008-0188.json | 34 ++-- 2008/0xxx/CVE-2008-0663.json | 160 +++++++-------- 2008/0xxx/CVE-2008-0670.json | 130 ++++++------ 2008/1xxx/CVE-2008-1164.json | 130 ++++++------ 2008/1xxx/CVE-2008-1738.json | 190 +++++++++--------- 2008/3xxx/CVE-2008-3334.json | 150 +++++++------- 2008/3xxx/CVE-2008-3455.json | 150 +++++++------- 2008/3xxx/CVE-2008-3466.json | 210 +++++++++---------- 2008/3xxx/CVE-2008-3589.json | 160 +++++++-------- 2008/3xxx/CVE-2008-3712.json | 170 ++++++++-------- 2008/3xxx/CVE-2008-3891.json | 130 ++++++------ 2008/4xxx/CVE-2008-4003.json | 160 +++++++-------- 2008/4xxx/CVE-2008-4148.json | 160 +++++++-------- 2008/4xxx/CVE-2008-4339.json | 170 ++++++++-------- 2008/4xxx/CVE-2008-4592.json | 150 +++++++------- 2008/4xxx/CVE-2008-4755.json | 170 ++++++++-------- 2008/4xxx/CVE-2008-4881.json | 150 +++++++------- 2013/2xxx/CVE-2013-2237.json | 310 ++++++++++++++--------------- 2013/2xxx/CVE-2013-2438.json | 150 +++++++------- 2013/2xxx/CVE-2013-2783.json | 120 +++++------ 2013/2xxx/CVE-2013-2882.json | 160 +++++++-------- 2013/2xxx/CVE-2013-2895.json | 230 ++++++++++----------- 2013/3xxx/CVE-2013-3424.json | 130 ++++++------ 2013/3xxx/CVE-2013-3862.json | 130 ++++++------ 2013/6xxx/CVE-2013-6142.json | 120 +++++------ 2013/6xxx/CVE-2013-6295.json | 34 ++-- 2013/6xxx/CVE-2013-6381.json | 190 +++++++++--------- 2013/6xxx/CVE-2013-6474.json | 180 ++++++++--------- 2013/6xxx/CVE-2013-6813.json | 34 ++-- 2013/6xxx/CVE-2013-6961.json | 160 +++++++-------- 2013/7xxx/CVE-2013-7099.json | 34 ++-- 2013/7xxx/CVE-2013-7278.json | 140 ++++++------- 2017/10xxx/CVE-2017-10020.json | 150 +++++++------- 2017/10xxx/CVE-2017-10080.json | 150 +++++++------- 2017/10xxx/CVE-2017-10253.json | 150 +++++++------- 2017/10xxx/CVE-2017-10614.json | 244 +++++++++++------------ 2017/10xxx/CVE-2017-10840.json | 130 ++++++------ 2017/14xxx/CVE-2017-14220.json | 34 ++-- 2017/14xxx/CVE-2017-14244.json | 130 ++++++------ 2017/14xxx/CVE-2017-14765.json | 120 +++++------ 2017/14xxx/CVE-2017-14853.json | 34 ++-- 2017/14xxx/CVE-2017-14875.json | 132 ++++++------ 2017/15xxx/CVE-2017-15883.json | 130 ++++++------ 2017/17xxx/CVE-2017-17116.json | 34 ++-- 2017/17xxx/CVE-2017-17242.json | 34 ++-- 2017/9xxx/CVE-2017-9266.json | 34 ++-- 2017/9xxx/CVE-2017-9472.json | 120 +++++------ 2017/9xxx/CVE-2017-9752.json | 130 ++++++------ 2017/9xxx/CVE-2017-9946.json | 130 ++++++------ 2017/9xxx/CVE-2017-9982.json | 140 ++++++------- 2018/0xxx/CVE-2018-0326.json | 140 ++++++------- 2018/0xxx/CVE-2018-0338.json | 140 ++++++------- 2018/0xxx/CVE-2018-0518.json | 130 ++++++------ 2018/0xxx/CVE-2018-0681.json | 140 ++++++------- 2018/1000xxx/CVE-2018-1000166.json | 37 ++-- 2018/1000xxx/CVE-2018-1000838.json | 136 ++++++------- 2018/16xxx/CVE-2018-16114.json | 34 ++-- 2018/16xxx/CVE-2018-16322.json | 34 ++-- 2018/18xxx/CVE-2018-18849.json | 78 +++++++- 2018/19xxx/CVE-2018-19258.json | 34 ++-- 2018/19xxx/CVE-2018-19918.json | 130 ++++++------ 2018/1xxx/CVE-2018-1101.json | 162 +++++++-------- 2018/4xxx/CVE-2018-4178.json | 34 ++-- 2018/4xxx/CVE-2018-4382.json | 34 ++-- 2018/4xxx/CVE-2018-4410.json | 34 ++-- 2018/4xxx/CVE-2018-4960.json | 140 ++++++------- 67 files changed, 4215 insertions(+), 4144 deletions(-) diff --git a/2008/0xxx/CVE-2008-0067.json b/2008/0xxx/CVE-2008-0067.json index 1054375cfaf..932e5f5350c 100644 --- a/2008/0xxx/CVE-2008-0067.json +++ b/2008/0xxx/CVE-2008-0067.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0067", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2008-0067", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090107 Secunia Research: HP OpenView Network Node Manager Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499826/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2008-13/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2008-13/" - }, - { - "name" : "HPSBMA02400", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=123247393715913&w=2" - }, - { - "name" : "SSRT080144", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=123247393715913&w=2" - }, - { - "name" : "33147", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33147" - }, - { - "name" : "1021521", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021521" - }, - { - "name" : "28074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28074" - }, - { - "name" : "4885", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4885" - }, - { - "name" : "8307", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secunia.com/secunia_research/2008-13/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2008-13/" + }, + { + "name": "HPSBMA02400", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=123247393715913&w=2" + }, + { + "name": "1021521", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021521" + }, + { + "name": "33147", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33147" + }, + { + "name": "4885", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4885" + }, + { + "name": "20090107 Secunia Research: HP OpenView Network Node Manager Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499826/100/0/threaded" + }, + { + "name": "SSRT080144", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=123247393715913&w=2" + }, + { + "name": "8307", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8307" + }, + { + "name": "28074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28074" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0188.json b/2008/0xxx/CVE-2008-0188.json index 833f694dfee..643d8a0627a 100644 --- a/2008/0xxx/CVE-2008-0188.json +++ b/2008/0xxx/CVE-2008-0188.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0188", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its requester. Further investigation showed that it was not a new security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-0188", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its requester. Further investigation showed that it was not a new security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0663.json b/2008/0xxx/CVE-2008-0663.json index 3617de19a3f..82d6cb2d808 100644 --- a/2008/0xxx/CVE-2008-0663.json +++ b/2008/0xxx/CVE-2008-0663.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with Novell Client for Windows 4.91 SP4, allows users with physical access to a locked system to obtain contents of the clipboard by pasting the contents into the Challenge Question field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://secure-support.novell.com/KanisaPlatform/Publishing/686/3726376_f.SAL_Public.html", - "refsource" : "CONFIRM", - "url" : "https://secure-support.novell.com/KanisaPlatform/Publishing/686/3726376_f.SAL_Public.html" - }, - { - "name" : "27631", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27631" - }, - { - "name" : "ADV-2008-0423", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0423/references" - }, - { - "name" : "1019304", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019304" - }, - { - "name" : "28792", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with Novell Client for Windows 4.91 SP4, allows users with physical access to a locked system to obtain contents of the clipboard by pasting the contents into the Challenge Question field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28792", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28792" + }, + { + "name": "ADV-2008-0423", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0423/references" + }, + { + "name": "https://secure-support.novell.com/KanisaPlatform/Publishing/686/3726376_f.SAL_Public.html", + "refsource": "CONFIRM", + "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/686/3726376_f.SAL_Public.html" + }, + { + "name": "1019304", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019304" + }, + { + "name": "27631", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27631" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0670.json b/2008/0xxx/CVE-2008-0670.json index 6ecf08d26ab..d31995e7d45 100644 --- a/2008/0xxx/CVE-2008-0670.json +++ b/2008/0xxx/CVE-2008-0670.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in the Noticias (com_noticias) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detalhe action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5081", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5081" - }, - { - "name" : "27691", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27691" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in the Noticias (com_noticias) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detalhe action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5081", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5081" + }, + { + "name": "27691", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27691" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1164.json b/2008/1xxx/CVE-2008-1164.json index 3bd25468ba5..bd5ede0d200 100644 --- a/2008/1xxx/CVE-2008-1164.json +++ b/2008/1xxx/CVE-2008-1164.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in phpComasy 0.8 allows remote attackers to execute arbitrary SQL commands via the mod_project_id parameter in a project_detail action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5209", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5209" - }, - { - "name" : "28064", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in phpComasy 0.8 allows remote attackers to execute arbitrary SQL commands via the mod_project_id parameter in a project_detail action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5209", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5209" + }, + { + "name": "28064", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28064" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1738.json b/2008/1xxx/CVE-2008-1738.json index 5ebb23af853..f65361bc757 100644 --- a/2008/1xxx/CVE-2008-1738.json +++ b/2008/1xxx/CVE-2008-1738.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Rising Antivirus 2008 before 20.38.20 allows local users to cause a denial of service (system crash) via an invalid pointer to the _CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080428 CORE-2008-0320 - Insufficient argument validation of hooked SSDT functions on multiple Antivirus and Firewalls", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491405/100/0/threaded" - }, - { - "name" : "http://www.coresecurity.com/?action=item&id=2249", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/?action=item&id=2249" - }, - { - "name" : "28744", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28744" - }, - { - "name" : "ADV-2008-1382", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1382" - }, - { - "name" : "1019946", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019946" - }, - { - "name" : "30007", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30007" - }, - { - "name" : "3838", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3838" - }, - { - "name" : "risingantivirus-ssdt-dos(42084)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Rising Antivirus 2008 before 20.38.20 allows local users to cause a denial of service (system crash) via an invalid pointer to the _CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28744", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28744" + }, + { + "name": "3838", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3838" + }, + { + "name": "risingantivirus-ssdt-dos(42084)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42084" + }, + { + "name": "http://www.coresecurity.com/?action=item&id=2249", + "refsource": "MISC", + "url": "http://www.coresecurity.com/?action=item&id=2249" + }, + { + "name": "ADV-2008-1382", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1382" + }, + { + "name": "30007", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30007" + }, + { + "name": "20080428 CORE-2008-0320 - Insufficient argument validation of hooked SSDT functions on multiple Antivirus and Firewalls", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491405/100/0/threaded" + }, + { + "name": "1019946", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019946" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3334.json b/2008/3xxx/CVE-2008-3334.json index 2c3aae6b558..d9e0fb0b57c 100644 --- a/2008/3xxx/CVE-2008-3334.json +++ b/2008/3xxx/CVE-2008-3334.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://community.mybboard.net/thread-33865.html", - "refsource" : "CONFIRM", - "url" : "http://community.mybboard.net/thread-33865.html" - }, - { - "name" : "30401", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30401" - }, - { - "name" : "31216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31216" - }, - { - "name" : "mybb-unspecified-xss(44034)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31216" + }, + { + "name": "30401", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30401" + }, + { + "name": "http://community.mybboard.net/thread-33865.html", + "refsource": "CONFIRM", + "url": "http://community.mybboard.net/thread-33865.html" + }, + { + "name": "mybb-unspecified-xss(44034)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44034" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3455.json b/2008/3xxx/CVE-2008-3455.json index df3edc6e20d..c05ac10416d 100644 --- a/2008/3xxx/CVE-2008-3455.json +++ b/2008/3xxx/CVE-2008-3455.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in include/admin.php in JnSHosts PHP Hosting Directory 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the rd parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6160", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6160" - }, - { - "name" : "30428", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30428" - }, - { - "name" : "4106", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4106" - }, - { - "name" : "phphostingdirectory-admin-file-include(44108)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44108" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in include/admin.php in JnSHosts PHP Hosting Directory 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the rd parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30428", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30428" + }, + { + "name": "phphostingdirectory-admin-file-include(44108)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44108" + }, + { + "name": "4106", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4106" + }, + { + "name": "6160", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6160" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3466.json b/2008/3xxx/CVE-2008-3466.json index 13f5ad3e60f..1f26a26e3f8 100644 --- a/2008/3xxx/CVE-2008-3466.json +++ b/2008/3xxx/CVE-2008-3466.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka \"HIS Command Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-3466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081014 Microsoft Host Integration Server 2006 Command Execution Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=745" - }, - { - "name" : "HPSBST02379", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122479227205998&w=2" - }, - { - "name" : "SSRT080143", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122479227205998&w=2" - }, - { - "name" : "MS08-059", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-059" - }, - { - "name" : "TA08-288A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-288A.html" - }, - { - "name" : "31620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31620" - }, - { - "name" : "oval:org.mitre.oval:def:6075", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6075" - }, - { - "name" : "ADV-2008-2810", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2810" - }, - { - "name" : "1021043", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021043" - }, - { - "name" : "32233", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32233" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka \"HIS Command Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-2810", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2810" + }, + { + "name": "20081014 Microsoft Host Integration Server 2006 Command Execution Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=745" + }, + { + "name": "31620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31620" + }, + { + "name": "SSRT080143", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2" + }, + { + "name": "32233", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32233" + }, + { + "name": "HPSBST02379", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2" + }, + { + "name": "MS08-059", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-059" + }, + { + "name": "TA08-288A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html" + }, + { + "name": "1021043", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021043" + }, + { + "name": "oval:org.mitre.oval:def:6075", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6075" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3589.json b/2008/3xxx/CVE-2008-3589.json index c8b298c4939..1119bd51ec9 100644 --- a/2008/3xxx/CVE-2008-3589.json +++ b/2008/3xxx/CVE-2008-3589.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6194", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6194" - }, - { - "name" : "30526", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30526" - }, - { - "name" : "31327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31327" - }, - { - "name" : "4136", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4136" - }, - { - "name" : "mozilocms-download-directory-traversal(44162)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4136", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4136" + }, + { + "name": "6194", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6194" + }, + { + "name": "mozilocms-download-directory-traversal(44162)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44162" + }, + { + "name": "30526", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30526" + }, + { + "name": "31327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31327" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3712.json b/2008/3xxx/CVE-2008-3712.json index d92280022a2..aec7b04c704 100644 --- a/2008/3xxx/CVE-2008-3712.json +++ b/2008/3xxx/CVE-2008-3712.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php and the (2) mosConfig_sitename parameter to administrator/popups/index3pop.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080815 Mambo 4.6.2 Full Version - Multiple Cross Site Scripting - By Khashayar Fereidani", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495507/100/0/threaded" - }, - { - "name" : "30708", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30708" - }, - { - "name" : "31528", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31528" - }, - { - "name" : "4164", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4164" - }, - { - "name" : "mambo-connectorphp-xss(44502)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44502" - }, - { - "name" : "mambo-index3pop-xss(44503)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44503" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php and the (2) mosConfig_sitename parameter to administrator/popups/index3pop.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31528", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31528" + }, + { + "name": "mambo-connectorphp-xss(44502)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44502" + }, + { + "name": "mambo-index3pop-xss(44503)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44503" + }, + { + "name": "20080815 Mambo 4.6.2 Full Version - Multiple Cross Site Scripting - By Khashayar Fereidani", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495507/100/0/threaded" + }, + { + "name": "30708", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30708" + }, + { + "name": "4164", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4164" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3891.json b/2008/3xxx/CVE-2008-3891.json index dfacfee9a6a..bb0e2584a8b 100644 --- a/2008/3xxx/CVE-2008-3891.json +++ b/2008/3xxx/CVE-2008-3891.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/MIMG-7FQGWU", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/MIMG-7FQGWU" - }, - { - "name" : "VU#612636", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/612636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kb.cert.org/vuls/id/MIMG-7FQGWU", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/MIMG-7FQGWU" + }, + { + "name": "VU#612636", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/612636" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4003.json b/2008/4xxx/CVE-2008-4003.json index db530647382..1604bd9398f 100644 --- a/2008/4xxx/CVE-2008-4003.json +++ b/2008/4xxx/CVE-2008-4003.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2008-4003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html" - }, - { - "name" : "ADV-2008-2825", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2825" - }, - { - "name" : "1021055", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021055" - }, - { - "name" : "32291", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32291" - }, - { - "name" : "oracle-peoplesoft-peopletool-info-disclosure(45905)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html" + }, + { + "name": "32291", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32291" + }, + { + "name": "oracle-peoplesoft-peopletool-info-disclosure(45905)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45905" + }, + { + "name": "1021055", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021055" + }, + { + "name": "ADV-2008-2825", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2825" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4148.json b/2008/4xxx/CVE-2008-4148.json index e290e8704fa..88641484908 100644 --- a/2008/4xxx/CVE-2008-4148.json +++ b/2008/4xxx/CVE-2008-4148.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/309769", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/309769" - }, - { - "name" : "31230", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31230" - }, - { - "name" : "31877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31877" - }, - { - "name" : "ADV-2008-2616", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2616" - }, - { - "name" : "mailhandler-unspecified-sql-injection(45216)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-2616", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2616" + }, + { + "name": "31230", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31230" + }, + { + "name": "mailhandler-unspecified-sql-injection(45216)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45216" + }, + { + "name": "31877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31877" + }, + { + "name": "http://drupal.org/node/309769", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/309769" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4339.json b/2008/4xxx/CVE-2008-4339.json index 1b8a09046a2..69810f3ee09 100644 --- a/2008/4xxx/CVE-2008-4339.json +++ b/2008/4xxx/CVE-2008-4339.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4339", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Administration GUI (jnbSA) in Symantec Veritas NetBackup Server and NetBackup Enterprise Server 5.1 before MP7, 6.0 before MP7, and 6.5 before 6.5.2 allows remote authenticated users to gain privileges via unknown attack vectors related to \"bpjava* binaries.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/avcenter/security/Content/2008.09.24a.html", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/avcenter/security/Content/2008.09.24a.html" - }, - { - "name" : "239908", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239908-1" - }, - { - "name" : "31221", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31221" - }, - { - "name" : "ADV-2008-2672", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2672" - }, - { - "name" : "1020928", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020928" - }, - { - "name" : "veritas-netbackup-jnbsa-privilege-escalation(45386)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45386" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Administration GUI (jnbSA) in Symantec Veritas NetBackup Server and NetBackup Enterprise Server 5.1 before MP7, 6.0 before MP7, and 6.5 before 6.5.2 allows remote authenticated users to gain privileges via unknown attack vectors related to \"bpjava* binaries.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "239908", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239908-1" + }, + { + "name": "http://www.symantec.com/avcenter/security/Content/2008.09.24a.html", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/avcenter/security/Content/2008.09.24a.html" + }, + { + "name": "31221", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31221" + }, + { + "name": "1020928", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020928" + }, + { + "name": "ADV-2008-2672", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2672" + }, + { + "name": "veritas-netbackup-jnbsa-privilege-escalation(45386)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45386" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4592.json b/2008/4xxx/CVE-2008-4592.json index c44ba02dc5f..2e6d09dc82a 100644 --- a/2008/4xxx/CVE-2008-4592.json +++ b/2008/4xxx/CVE-2008-4592.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6427", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6427" - }, - { - "name" : "ADV-2008-2550", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2550" - }, - { - "name" : "4423", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4423" - }, - { - "name" : "sportsclubs-index-file-include(45062)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45062" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6427", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6427" + }, + { + "name": "sportsclubs-index-file-include(45062)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45062" + }, + { + "name": "ADV-2008-2550", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2550" + }, + { + "name": "4423", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4423" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4755.json b/2008/4xxx/CVE-2008-4755.json index c34aa1da295..862a9655615 100644 --- a/2008/4xxx/CVE-2008-4755.json +++ b/2008/4xxx/CVE-2008-4755.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in gotourl.php in PozScripts Classified Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6839", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6839" - }, - { - "name" : "31925", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31925" - }, - { - "name" : "ADV-2008-2923", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2923" - }, - { - "name" : "32373", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32373" - }, - { - "name" : "4521", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4521" - }, - { - "name" : "classifiedauctions-gotourl-sql-injection(46112)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46112" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in gotourl.php in PozScripts Classified Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-2923", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2923" + }, + { + "name": "4521", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4521" + }, + { + "name": "classifiedauctions-gotourl-sql-injection(46112)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46112" + }, + { + "name": "31925", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31925" + }, + { + "name": "32373", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32373" + }, + { + "name": "6839", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6839" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4881.json b/2008/4xxx/CVE-2008-4881.json index 8462d57f71b..ec474e5fa1a 100644 --- a/2008/4xxx/CVE-2008-4881.json +++ b/2008/4xxx/CVE-2008-4881.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in tr.php in YourFreeWorld Reminder Service Script allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6943", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6943" - }, - { - "name" : "32061", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32061" - }, - { - "name" : "49593", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49593" - }, - { - "name" : "32504", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32504" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in tr.php in YourFreeWorld Reminder Service Script allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32061", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32061" + }, + { + "name": "49593", + "refsource": "OSVDB", + "url": "http://osvdb.org/49593" + }, + { + "name": "6943", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6943" + }, + { + "name": "32504", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32504" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2237.json b/2013/2xxx/CVE-2013-2237.json index ae0f5ed35c3..eba8b2385a6 100644 --- a/2013/2xxx/CVE-2013-2237.json +++ b/2013/2xxx/CVE-2013-2237.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130703 Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/07/04/3" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=85dfb745ee40232876663ae206cba35f24ab2a40", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=85dfb745ee40232876663ae206cba35f24ab2a40" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=981220", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=981220" - }, - { - "name" : "https://github.com/torvalds/linux/commit/85dfb745ee40232876663ae206cba35f24ab2a40", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/85dfb745ee40232876663ae206cba35f24ab2a40" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.9.bz2", - "refsource" : "CONFIRM", - "url" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.9.bz2" - }, - { - "name" : "DSA-2766", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2766" - }, - { - "name" : "RHSA-2013:1166", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1166.html" - }, - { - "name" : "RHSA-2013:1173", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1173.html" - }, - { - "name" : "SUSE-SU-2013:1473", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html" - }, - { - "name" : "SUSE-SU-2013:1474", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html" - }, - { - "name" : "openSUSE-SU-2013:1971", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html" - }, - { - "name" : "USN-1912-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1912-1" - }, - { - "name" : "USN-1913-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1913-1" - }, - { - "name" : "USN-1970-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1970-1" - }, - { - "name" : "USN-1972-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1972-1" - }, - { - "name" : "USN-1973-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1973-1" - }, - { - "name" : "USN-1992-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1992-1" - }, - { - "name" : "USN-1993-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1993-1" - }, - { - "name" : "USN-1995-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1995-1" - }, - { - "name" : "USN-1998-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1998-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1970-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1970-1" + }, + { + "name": "RHSA-2013:1166", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1166.html" + }, + { + "name": "[oss-security] 20130703 Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/07/04/3" + }, + { + "name": "USN-1913-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1913-1" + }, + { + "name": "SUSE-SU-2013:1473", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html" + }, + { + "name": "USN-1995-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1995-1" + }, + { + "name": "RHSA-2013:1173", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1173.html" + }, + { + "name": "DSA-2766", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2766" + }, + { + "name": "openSUSE-SU-2013:1971", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=981220", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=981220" + }, + { + "name": "USN-1998-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1998-1" + }, + { + "name": "SUSE-SU-2013:1474", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html" + }, + { + "name": "USN-1973-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1973-1" + }, + { + "name": "USN-1992-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1992-1" + }, + { + "name": "https://github.com/torvalds/linux/commit/85dfb745ee40232876663ae206cba35f24ab2a40", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/85dfb745ee40232876663ae206cba35f24ab2a40" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=85dfb745ee40232876663ae206cba35f24ab2a40", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=85dfb745ee40232876663ae206cba35f24ab2a40" + }, + { + "name": "USN-1993-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1993-1" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.9.bz2", + "refsource": "CONFIRM", + "url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.9.bz2" + }, + { + "name": "USN-1912-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1912-1" + }, + { + "name": "USN-1972-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1972-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2438.json b/2013/2xxx/CVE-2013-2438.json index bed5abf8fea..e5dad9a1a40 100644 --- a/2013/2xxx/CVE-2013-2438.json +++ b/2013/2xxx/CVE-2013-2438.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-2438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" - }, - { - "name" : "RHSA-2013:0757", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0757.html" - }, - { - "name" : "TA13-107A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-107A" - }, - { - "name" : "oval:org.mitre.oval:def:16618", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16618" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA13-107A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-107A" + }, + { + "name": "RHSA-2013:0757", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html" + }, + { + "name": "oval:org.mitre.oval:def:16618", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16618" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2783.json b/2013/2xxx/CVE-2013-2783.json index 730488db900..f7a6b0c7230 100644 --- a/2013/2xxx/CVE-2013-2783.json +++ b/2013/2xxx/CVE-2013-2783.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DNP3 driver in IOServer drivers 1.0.19.0 allows remote attackers to cause a denial of service (infinite loop) or obtain unspecified control via crafted data to TCP port 20000." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2013-2783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-161-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-161-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DNP3 driver in IOServer drivers 1.0.19.0 allows remote attackers to cause a denial of service (infinite loop) or obtain unspecified control via crafted data to TCP port 20000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-161-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-161-01" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2882.json b/2013/2xxx/CVE-2013-2882.json index 2d1b90bcb61..e590cf70341 100644 --- a/2013/2xxx/CVE-2013-2882.json +++ b/2013/2xxx/CVE-2013-2882.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2882", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage \"type confusion.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=260106", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=260106" - }, - { - "name" : "DSA-2732", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2732" - }, - { - "name" : "RHSA-2013:1201", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1201.html" - }, - { - "name" : "oval:org.mitre.oval:def:17329", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17329" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage \"type confusion.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1201", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1201.html" + }, + { + "name": "DSA-2732", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2732" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=260106", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=260106" + }, + { + "name": "oval:org.mitre.oval:def:17329", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17329" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2895.json b/2013/2xxx/CVE-2013-2895.json index e920ccda566..2a56458c1e6 100644 --- a/2013/2xxx/CVE-2013-2895.json +++ b/2013/2xxx/CVE-2013-2895.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or obtain sensitive information from kernel memory via a crafted device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-input] 20130828 [PATCH 09/14] HID: logitech-dj: validate output report details", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-input&m=137772188314631&w=1" - }, - { - "name" : "[oss-security] 20130828 Linux HID security flaws", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/08/28/13" - }, - { - "name" : "RHSA-2013:1490", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1490.html" - }, - { - "name" : "USN-2019-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2019-1" - }, - { - "name" : "USN-2020-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2020-1" - }, - { - "name" : "USN-2021-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2021-1" - }, - { - "name" : "USN-2022-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2022-1" - }, - { - "name" : "USN-2023-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2023-1" - }, - { - "name" : "USN-2024-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2024-1" - }, - { - "name" : "USN-2038-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2038-1" - }, - { - "name" : "USN-2039-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2039-1" - }, - { - "name" : "USN-2050-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2050-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or obtain sensitive information from kernel memory via a crafted device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2024-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2024-1" + }, + { + "name": "RHSA-2013:1490", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html" + }, + { + "name": "USN-2039-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2039-1" + }, + { + "name": "USN-2022-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2022-1" + }, + { + "name": "[oss-security] 20130828 Linux HID security flaws", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/08/28/13" + }, + { + "name": "USN-2038-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2038-1" + }, + { + "name": "USN-2020-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2020-1" + }, + { + "name": "USN-2021-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2021-1" + }, + { + "name": "USN-2019-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2019-1" + }, + { + "name": "USN-2023-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2023-1" + }, + { + "name": "USN-2050-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2050-1" + }, + { + "name": "[linux-input] 20130828 [PATCH 09/14] HID: logitech-dj: validate output report details", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-input&m=137772188314631&w=1" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3424.json b/2013/3xxx/CVE-2013-3424.json index 7abdbac8216..ac5c0386421 100644 --- a/2013/3xxx/CVE-2013-3424.json +++ b/2013/3xxx/CVE-2013-3424.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3424", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Administration and View pages in Cisco Secure Access Control System (ACS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCud75177." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-3424", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130712 Cisco Secure Access Control System Admin/View Page Cross-Site Request Forgery Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3424" - }, - { - "name" : "cisco-acs-cve20133424-csrf(85625)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Administration and View pages in Cisco Secure Access Control System (ACS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCud75177." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130712 Cisco Secure Access Control System Admin/View Page Cross-Site Request Forgery Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3424" + }, + { + "name": "cisco-acs-cve20133424-csrf(85625)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85625" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3862.json b/2013/3xxx/CVE-2013-3862.json index 0c60691b601..7a834059294 100644 --- a/2013/3xxx/CVE-2013-3862.json +++ b/2013/3xxx/CVE-2013-3862.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in Microsoft Windows 7 and Server 2008 R2 SP1 allows local users to gain privileges via a crafted service description that is not properly handled by services.exe in the Service Control Manager (SCM), aka \"Service Control Manager Double Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-077", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-077" - }, - { - "name" : "TA13-253A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-253A" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in Microsoft Windows 7 and Server 2008 R2 SP1 allows local users to gain privileges via a crafted service description that is not properly handled by services.exe in the Service Control Manager (SCM), aka \"Service Control Manager Double Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-077", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-077" + }, + { + "name": "TA13-253A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-253A" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6142.json b/2013/6xxx/CVE-2013-6142.json index 47275a9df50..695a7bf07ec 100644 --- a/2013/6xxx/CVE-2013-6142.json +++ b/2013/6xxx/CVE-2013-6142.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2013-6142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6295.json b/2013/6xxx/CVE-2013-6295.json index 322a33a672a..e012d0df0ed 100644 --- a/2013/6xxx/CVE-2013-6295.json +++ b/2013/6xxx/CVE-2013-6295.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6295", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6295", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6381.json b/2013/6xxx/CVE-2013-6381.json index 7c598ecf674..b04e53b9be6 100644 --- a/2013/6xxx/CVE-2013-6381.json +++ b/2013/6xxx/CVE-2013-6381.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer size." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131122 Linux kernel CVE fixes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/11/22/5" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6fb392b1a63ae36c31f62bc3fc8630b49d602b62", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6fb392b1a63ae36c31f62bc3fc8630b49d602b62" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1033600", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1033600" - }, - { - "name" : "https://github.com/torvalds/linux/commit/6fb392b1a63ae36c31f62bc3fc8630b49d602b62", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/6fb392b1a63ae36c31f62bc3fc8630b49d602b62" - }, - { - "name" : "RHSA-2014:0159", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0159.html" - }, - { - "name" : "RHSA-2014:0284", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0284.html" - }, - { - "name" : "RHSA-2014:0285", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0285.html" - }, - { - "name" : "63890", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63890" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0159", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0159.html" + }, + { + "name": "RHSA-2014:0285", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0285.html" + }, + { + "name": "[oss-security] 20131122 Linux kernel CVE fixes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/11/22/5" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1033600", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033600" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6fb392b1a63ae36c31f62bc3fc8630b49d602b62", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6fb392b1a63ae36c31f62bc3fc8630b49d602b62" + }, + { + "name": "63890", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63890" + }, + { + "name": "RHSA-2014:0284", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0284.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/6fb392b1a63ae36c31f62bc3fc8630b49d602b62", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/6fb392b1a63ae36c31f62bc3fc8630b49d602b62" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6474.json b/2013/6xxx/CVE-2013-6474.json index 900c1f87c4f..844a5fe63aa 100644 --- a/2013/6xxx/CVE-2013-6474.json +++ b/2013/6xxx/CVE-2013-6474.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176", - "refsource" : "CONFIRM", - "url" : "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1027548", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1027548" - }, - { - "name" : "DSA-2875", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2875" - }, - { - "name" : "DSA-2876", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2876" - }, - { - "name" : "USN-2143-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2143-1" - }, - { - "name" : "USN-2144-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2144-1" - }, - { - "name" : "66163", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2144-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2144-1" + }, + { + "name": "DSA-2876", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2876" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1027548", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027548" + }, + { + "name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176", + "refsource": "CONFIRM", + "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176" + }, + { + "name": "USN-2143-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2143-1" + }, + { + "name": "DSA-2875", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2875" + }, + { + "name": "66163", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66163" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6813.json b/2013/6xxx/CVE-2013-6813.json index c9b07bdfd73..8d2097685ac 100644 --- a/2013/6xxx/CVE-2013-6813.json +++ b/2013/6xxx/CVE-2013-6813.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6813", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6813", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6961.json b/2013/6xxx/CVE-2013-6961.json index 78d1bf57840..9a9b5121ebd 100644 --- a/2013/6xxx/CVE-2013-6961.json +++ b/2013/6xxx/CVE-2013-6961.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36237." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-6961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131212 Cisco WebEx Collaboration Partner Access Console Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6961" - }, - { - "name" : "64288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64288" - }, - { - "name" : "100905", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/100905" - }, - { - "name" : "1029494", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029494" - }, - { - "name" : "cisco-webex-cve20136961-xss(89696)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36237." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-webex-cve20136961-xss(89696)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89696" + }, + { + "name": "64288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64288" + }, + { + "name": "1029494", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029494" + }, + { + "name": "20131212 Cisco WebEx Collaboration Partner Access Console Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6961" + }, + { + "name": "100905", + "refsource": "OSVDB", + "url": "http://osvdb.org/100905" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7099.json b/2013/7xxx/CVE-2013-7099.json index 95b8d7c0b45..4e240cfe74c 100644 --- a/2013/7xxx/CVE-2013-7099.json +++ b/2013/7xxx/CVE-2013-7099.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7099", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7099", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7278.json b/2013/7xxx/CVE-2013-7278.json index 9780cafaf4f..f7bf38c440b 100644 --- a/2013/7xxx/CVE-2013-7278.json +++ b/2013/7xxx/CVE-2013-7278.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to default.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/124624", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/124624" - }, - { - "name" : "64572", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64572" - }, - { - "name" : "cmsafroditi-id-sql-injection(89988)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to default.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/124624", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/124624" + }, + { + "name": "cmsafroditi-id-sql-injection(89988)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89988" + }, + { + "name": "64572", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64572" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10020.json b/2017/10xxx/CVE-2017-10020.json index a5485a62b38..9541f570ef1 100644 --- a/2017/10xxx/CVE-2017-10020.json +++ b/2017/10xxx/CVE-2017-10020.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.54" - }, - { - "version_affected" : "=", - "version_value" : "8.55" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Change Assistant). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.54" + }, + { + "version_affected": "=", + "version_value": "8.55" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99825", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99825" - }, - { - "name" : "1038932", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Change Assistant). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99825", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99825" + }, + { + "name": "1038932", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038932" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10080.json b/2017/10xxx/CVE-2017-10080.json index 0b1806c2dc2..afe35e66520 100644 --- a/2017/10xxx/CVE-2017-10080.json +++ b/2017/10xxx/CVE-2017-10080.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Agile PLM Framework", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.3.5" - }, - { - "version_affected" : "=", - "version_value" : "9.3.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Agile PLM Framework", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.3.5" + }, + { + "version_affected": "=", + "version_value": "9.3.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99669", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99669" - }, - { - "name" : "1038947", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038947" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99669", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99669" + }, + { + "name": "1038947", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038947" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10253.json b/2017/10xxx/CVE-2017-10253.json index 1cdfc78c9d9..1bcb9d17594 100644 --- a/2017/10xxx/CVE-2017-10253.json +++ b/2017/10xxx/CVE-2017-10253.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.54" - }, - { - "version_affected" : "=", - "version_value" : "8.55" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Pivot Grid). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.54" + }, + { + "version_affected": "=", + "version_value": "8.55" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99773", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99773" - }, - { - "name" : "1038932", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Pivot Grid). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038932", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038932" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + }, + { + "name": "99773", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99773" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10614.json b/2017/10xxx/CVE-2017-10614.json index 6bf8659c68e..b7f955812af 100644 --- a/2017/10xxx/CVE-2017-10614.json +++ b/2017/10xxx/CVE-2017-10614.json @@ -1,124 +1,124 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "DATE_PUBLIC" : "2017-10-11T09:00", - "ID" : "CVE-2017-10614", - "STATE" : "PUBLIC", - "TITLE" : "Junos OS: A remote unauthenticated attacker can consume large amounts of CPU and/or memory through telnetd" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Junos OS", - "version" : { - "version_data" : [ - { - "platform" : "", - "version_value" : "12.1X46 prior to 12.1X46-D45" - }, - { - "platform" : "", - "version_value" : "12.3X48 prior to 12.3X48-D30" - }, - { - "platform" : "", - "version_value" : "14.1 prior to 14.1R4-S9, 14.1R8" - }, - { - "platform" : "", - "version_value" : "14.2 prior to 14.2R6" - }, - { - "platform" : "", - "version_value" : "15.1 prior to 15.1F5, 15.1R3" - }, - { - "platform" : "", - "version_value" : "15.1X49 prior to 15.1X49-D40" - }, - { - "platform" : "", - "version_value" : "15.1X53 prior to 15.1X53-D47, 15.1X53-D232" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "configuration" : [ - { - "lang" : "eng", - "value" : "This issue only affects systems with telnet enabled, and is disabled by default." - } - ], - "credit" : [], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in telnetd service on Junos OS allows a remote attacker to cause a limited memory and/or CPU consumption denial of service attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D45; 12.3X48 prior to 12.3X48-D30; 14.1 prior to 14.1R4-S9, 14.1R8; 14.2 prior to 14.2R6; 15.1 prior to 15.1F5, 15.1R3; 15.1X49 prior to 15.1X49-D40; 15.1X53 prior to 15.1X53-D232, 15.1X53-D47." - } - ] - }, - "exploit" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "LOW", - "baseScore" : 5.3, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "resource consumption" - }, - { - "lang" : "eng", - "value" : "denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2017-10-11T09:00", + "ID": "CVE-2017-10614", + "STATE": "PUBLIC", + "TITLE": "Junos OS: A remote unauthenticated attacker can consume large amounts of CPU and/or memory through telnetd" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "platform": "", + "version_value": "12.1X46 prior to 12.1X46-D45" + }, + { + "platform": "", + "version_value": "12.3X48 prior to 12.3X48-D30" + }, + { + "platform": "", + "version_value": "14.1 prior to 14.1R4-S9, 14.1R8" + }, + { + "platform": "", + "version_value": "14.2 prior to 14.2R6" + }, + { + "platform": "", + "version_value": "15.1 prior to 15.1F5, 15.1R3" + }, + { + "platform": "", + "version_value": "15.1X49 prior to 15.1X49-D40" + }, + { + "platform": "", + "version_value": "15.1X53 prior to 15.1X53-D47, 15.1X53-D232" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10817", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10817" - } - ] - }, - "solution" : "The following software releases have been updated to resolve this specific issue: 12.1X46-D45, 12.3X48-D30, 14.1R4-S9, 14.1R8, 14.2R6, 15.1F5, 15.1R3, 15.1X49-D40, 15.1X53-D232, 15.1X53-D47, 16.1R1, and all subsequent releases.\n\nThis issue is being tracked as PR 1108483 and and is visible on the Customer Support website.\n", - "work_around" : [ - { - "lang" : "eng", - "value" : "Disable telnet services.\n\nIt is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device from trusted, administrative networks or hosts." - } - ] -} + } + }, + "configuration": [ + { + "lang": "eng", + "value": "This issue only affects systems with telnet enabled, and is disabled by default." + } + ], + "credit": [], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in telnetd service on Junos OS allows a remote attacker to cause a limited memory and/or CPU consumption denial of service attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D45; 12.3X48 prior to 12.3X48-D30; 14.1 prior to 14.1R4-S9, 14.1R8; 14.2 prior to 14.2R6; 15.1 prior to 15.1F5, 15.1R3; 15.1X49 prior to 15.1X49-D40; 15.1X53 prior to 15.1X53-D232, 15.1X53-D47." + } + ] + }, + "exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "resource consumption" + }, + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10817", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10817" + } + ] + }, + "solution": "The following software releases have been updated to resolve this specific issue: 12.1X46-D45, 12.3X48-D30, 14.1R4-S9, 14.1R8, 14.2R6, 15.1F5, 15.1R3, 15.1X49-D40, 15.1X53-D232, 15.1X53-D47, 16.1R1, and all subsequent releases.\n\nThis issue is being tracked as PR 1108483 and and is visible on the Customer Support website.\n", + "work_around": [ + { + "lang": "eng", + "value": "Disable telnet services.\n\nIt is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device from trusted, administrative networks or hosts." + } + ] +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10840.json b/2017/10xxx/CVE-2017-10840.json index 2ef7dbcd801..d996fc5c409 100644 --- a/2017/10xxx/CVE-2017-10840.json +++ b/2017/10xxx/CVE-2017-10840.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-10840", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebCalendar", - "version" : { - "version_data" : [ - { - "version_value" : "1.2.7 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "k5n.us" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-10840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebCalendar", + "version": { + "version_data": [ + { + "version_value": "1.2.7 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "k5n.us" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8", - "refsource" : "MISC", - "url" : "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8" - }, - { - "name" : "JVN#23340457", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN23340457/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#23340457", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN23340457/index.html" + }, + { + "name": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8", + "refsource": "MISC", + "url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14220.json b/2017/14xxx/CVE-2017-14220.json index 5f671036b9a..c4078ae9a4d 100644 --- a/2017/14xxx/CVE-2017-14220.json +++ b/2017/14xxx/CVE-2017-14220.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14220", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14220", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14244.json b/2017/14xxx/CVE-2017-14244.json index 8f65bf15f2b..662c9227876 100644 --- a/2017/14xxx/CVE-2017-14244.json +++ b/2017/14xxx/CVE-2017-14244.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42740", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42740/" - }, - { - "name" : "https://www.techipick.com/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypass", - "refsource" : "MISC", - "url" : "https://www.techipick.com/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypass" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.techipick.com/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypass", + "refsource": "MISC", + "url": "https://www.techipick.com/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypass" + }, + { + "name": "42740", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42740/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14765.json b/2017/14xxx/CVE-2017-14765.json index 31ce3e5310a..07c126c5f01 100644 --- a/2017/14xxx/CVE-2017-14765.json +++ b/2017/14xxx/CVE-2017-14765.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ph0rse.me/2017/09/21/GeniXCMS-1-1-4%E6%9C%80%E6%96%B0%E7%89%88%E6%9C%AC-getshell/", - "refsource" : "MISC", - "url" : "http://ph0rse.me/2017/09/21/GeniXCMS-1-1-4%E6%9C%80%E6%96%B0%E7%89%88%E6%9C%AC-getshell/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ph0rse.me/2017/09/21/GeniXCMS-1-1-4%E6%9C%80%E6%96%B0%E7%89%88%E6%9C%AC-getshell/", + "refsource": "MISC", + "url": "http://ph0rse.me/2017/09/21/GeniXCMS-1-1-4%E6%9C%80%E6%96%B0%E7%89%88%E6%9C%AC-getshell/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14853.json b/2017/14xxx/CVE-2017-14853.json index af1580fde30..a24c6fe34f0 100644 --- a/2017/14xxx/CVE-2017-14853.json +++ b/2017/14xxx/CVE-2017-14853.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14853", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14853", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14875.json b/2017/14xxx/CVE-2017-14875.json index 12d66f64f40..be4cbcbb67d 100644 --- a/2017/14xxx/CVE-2017-14875.json +++ b/2017/14xxx/CVE-2017-14875.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-03-26T00:00:00", - "ID" : "CVE-2017-14875", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the handler for the ioctl command VIDIOC_MSM_ISP_DUAL_HW_LPM_MODE in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-05-23, a heap overread vulnerability exists." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Validation of Array Index in Camera" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-03-26T00:00:00", + "ID": "CVE-2017-14875", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=755261330733bb2440907a8407ed691c99451ddc", - "refsource" : "MISC", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=755261330733bb2440907a8407ed691c99451ddc" - }, - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the handler for the ioctl command VIDIOC_MSM_ISP_DUAL_HW_LPM_MODE in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-05-23, a heap overread vulnerability exists." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Validation of Array Index in Camera" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=755261330733bb2440907a8407ed691c99451ddc", + "refsource": "MISC", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=755261330733bb2440907a8407ed691c99451ddc" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-02-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15883.json b/2017/15xxx/CVE-2017-15883.json index ca186126bf4..8c72bb82e76 100644 --- a/2017/15xxx/CVE-2017-15883.json +++ b/2017/15xxx/CVE-2017-15883.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15883", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mnemonic.no/news/2017/vulnerability-finding-sitefinity-cms/", - "refsource" : "MISC", - "url" : "https://www.mnemonic.no/news/2017/vulnerability-finding-sitefinity-cms/" - }, - { - "name" : "https://knowledgebase.progress.com/articles/Article/Sitefinity-Security-Advisory-for-cryptographic-vulnerability-CVE-2017-15883", - "refsource" : "CONFIRM", - "url" : "https://knowledgebase.progress.com/articles/Article/Sitefinity-Security-Advisory-for-cryptographic-vulnerability-CVE-2017-15883" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mnemonic.no/news/2017/vulnerability-finding-sitefinity-cms/", + "refsource": "MISC", + "url": "https://www.mnemonic.no/news/2017/vulnerability-finding-sitefinity-cms/" + }, + { + "name": "https://knowledgebase.progress.com/articles/Article/Sitefinity-Security-Advisory-for-cryptographic-vulnerability-CVE-2017-15883", + "refsource": "CONFIRM", + "url": "https://knowledgebase.progress.com/articles/Article/Sitefinity-Security-Advisory-for-cryptographic-vulnerability-CVE-2017-15883" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17116.json b/2017/17xxx/CVE-2017-17116.json index 1f49e0cdc88..595f4c4dfbf 100644 --- a/2017/17xxx/CVE-2017-17116.json +++ b/2017/17xxx/CVE-2017-17116.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17116", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17116", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17242.json b/2017/17xxx/CVE-2017-17242.json index 360b871493e..cb69f38edf2 100644 --- a/2017/17xxx/CVE-2017-17242.json +++ b/2017/17xxx/CVE-2017-17242.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17242", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17242", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9266.json b/2017/9xxx/CVE-2017-9266.json index e276c2234a2..e57a627c9df 100644 --- a/2017/9xxx/CVE-2017-9266.json +++ b/2017/9xxx/CVE-2017-9266.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9266", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9266", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9472.json b/2017/9xxx/CVE-2017-9472.json index eb19b490de7..960ea6631b9 100644 --- a/2017/9xxx/CVE-2017-9472.json +++ b/2017/9xxx/CVE-2017-9472.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9472", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9472", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapdword-ytnef-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapdword-ytnef-c/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapdword-ytnef-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapdword-ytnef-c/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9752.json b/2017/9xxx/CVE-2017-9752.json index d2eb99ad01c..5c3ad0cb852 100644 --- a/2017/9xxx/CVE-2017-9752.json +++ b/2017/9xxx/CVE-2017-9752.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9752", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during \"objdump -D\" execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21589", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21589" - }, - { - "name" : "99122", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during \"objdump -D\" execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99122", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99122" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=21589", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21589" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9946.json b/2017/9xxx/CVE-2017-9946.json index d37df21c3c3..1ae79600ad6 100644 --- a/2017/9xxx/CVE-2017-9946.json +++ b/2017/9xxx/CVE-2017-9946.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "ID" : "CVE-2017-9946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "APOGEE PXC and TALON TC BACnet Automation Controllers All versions