diff --git a/2008/0xxx/CVE-2008-0123.json b/2008/0xxx/CVE-2008-0123.json index 4b051e8e7d6..c7aa0241b99 100644 --- a/2008/0xxx/CVE-2008-0123.json +++ b/2008/0xxx/CVE-2008-0123.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080111 Cross site scripting (XSS) in Moodle 1.8.3", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/486198/100/0/threaded" - }, - { - "name" : "20080111 Cross site scripting (XSS) in Moodle 1.8.3", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0202.html" - }, - { - "name" : "http://int21.de/cve/CVE-2008-0123-moodle.html", - "refsource" : "MISC", - "url" : "http://int21.de/cve/CVE-2008-0123-moodle.html" - }, - { - "name" : "SUSE-SR:2008:003", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html" - }, - { - "name" : "27259", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27259" - }, - { - "name" : "ADV-2008-0164", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0164" - }, - { - "name" : "28838", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28838" - }, - { - "name" : "moodle-install-xss(39630)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39630" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080111 Cross site scripting (XSS) in Moodle 1.8.3", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/486198/100/0/threaded" + }, + { + "name": "http://int21.de/cve/CVE-2008-0123-moodle.html", + "refsource": "MISC", + "url": "http://int21.de/cve/CVE-2008-0123-moodle.html" + }, + { + "name": "27259", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27259" + }, + { + "name": "moodle-install-xss(39630)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39630" + }, + { + "name": "20080111 Cross site scripting (XSS) in Moodle 1.8.3", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0202.html" + }, + { + "name": "ADV-2008-0164", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0164" + }, + { + "name": "28838", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28838" + }, + { + "name": "SUSE-SR:2008:003", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0544.json b/2008/0xxx/CVE-2008-0544.json index 751e4779aa6..6b68e06a3be 100644 --- a/2008/0xxx/CVE-2008-0544.json +++ b/2008/0xxx/CVE-2008-0544.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted IFF ILBM file. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080213 rPSA-2008-0061-1 SDL_image", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488079/100/0/threaded" - }, - { - "name" : "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?r1=3341&r2=3521", - "refsource" : "CONFIRM", - "url" : "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?r1=3341&r2=3521" - }, - { - "name" : "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?revision=3521&view=markup", - "refsource" : "CONFIRM", - "url" : "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?revision=3521&view=markup" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=207933", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=207933" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0061", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0061" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2206", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2206" - }, - { - "name" : "DSA-1493", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1493" - }, - { - "name" : "FEDORA-2008-1208", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00008.html" - }, - { - "name" : "FEDORA-2008-1231", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00039.html" - }, - { - "name" : "GLSA-200802-01", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200802-01.xml" - }, - { - "name" : "MDVSA-2008:040", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:040" - }, - { - "name" : "USN-595-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-595-1" - }, - { - "name" : "27435", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27435" - }, - { - "name" : "ADV-2008-0266", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0266" - }, - { - "name" : "28640", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28640" - }, - { - "name" : "28850", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28850" - }, - { - "name" : "28830", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28830" - }, - { - "name" : "28752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28752" - }, - { - "name" : "28869", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28869" - }, - { - "name" : "29542", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29542" - }, - { - "name" : "sdlimage-imgloadlbmrw-bo(39899)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39899" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted IFF ILBM file. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27435", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27435" + }, + { + "name": "28869", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28869" + }, + { + "name": "28850", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28850" + }, + { + "name": "FEDORA-2008-1208", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00008.html" + }, + { + "name": "28752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28752" + }, + { + "name": "sdlimage-imgloadlbmrw-bo(39899)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39899" + }, + { + "name": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?r1=3341&r2=3521", + "refsource": "CONFIRM", + "url": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?r1=3341&r2=3521" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2206", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2206" + }, + { + "name": "FEDORA-2008-1231", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00039.html" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=207933", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=207933" + }, + { + "name": "29542", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29542" + }, + { + "name": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?revision=3521&view=markup", + "refsource": "CONFIRM", + "url": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?revision=3521&view=markup" + }, + { + "name": "DSA-1493", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1493" + }, + { + "name": "28640", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28640" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0061", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0061" + }, + { + "name": "20080213 rPSA-2008-0061-1 SDL_image", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488079/100/0/threaded" + }, + { + "name": "28830", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28830" + }, + { + "name": "GLSA-200802-01", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200802-01.xml" + }, + { + "name": "USN-595-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-595-1" + }, + { + "name": "ADV-2008-0266", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0266" + }, + { + "name": "MDVSA-2008:040", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:040" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0655.json b/2008/0xxx/CVE-2008-0655.json index b761512c6c0..bb58cd25eda 100644 --- a/2008/0xxx/CVE-2008-0655.json +++ b/2008/0xxx/CVE-2008-0655.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kb.adobe.com/selfservice/viewContent.do?externalId=kb403079&sliceId=1", - "refsource" : "CONFIRM", - "url" : "http://kb.adobe.com/selfservice/viewContent.do?externalId=kb403079&sliceId=1" - }, - { - "name" : "http://blogs.adobe.com/acroread/2008/02/adobe_reader_812_for_linux_and.html", - "refsource" : "CONFIRM", - "url" : "http://blogs.adobe.com/acroread/2008/02/adobe_reader_812_for_linux_and.html" - }, - { - "name" : "http://www.adobe.com/support/security/advisories/apsa08-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/advisories/apsa08-01.html" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb08-13.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb08-13.html" - }, - { - "name" : "GLSA-200803-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200803-01.xml" - }, - { - "name" : "RHSA-2008:0144", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0144.html" - }, - { - "name" : "239286", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1" - }, - { - "name" : "SUSE-SA:2008:009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00007.html" - }, - { - "name" : "TA08-043A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-043A.html" - }, - { - "name" : "27641", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27641" - }, - { - "name" : "oval:org.mitre.oval:def:10299", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10299" - }, - { - "name" : "ADV-2008-0425", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0425" - }, - { - "name" : "ADV-2008-1966", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1966/references" - }, - { - "name" : "1019346", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019346" - }, - { - "name" : "28802", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28802" - }, - { - "name" : "28851", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28851" - }, - { - "name" : "28983", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28983" - }, - { - "name" : "29065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29065" - }, - { - "name" : "29205", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29205" - }, - { - "name" : "30840", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2008:009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00007.html" + }, + { + "name": "1019346", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019346" + }, + { + "name": "TA08-043A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-043A.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb08-13.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb08-13.html" + }, + { + "name": "ADV-2008-1966", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1966/references" + }, + { + "name": "28851", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28851" + }, + { + "name": "http://blogs.adobe.com/acroread/2008/02/adobe_reader_812_for_linux_and.html", + "refsource": "CONFIRM", + "url": "http://blogs.adobe.com/acroread/2008/02/adobe_reader_812_for_linux_and.html" + }, + { + "name": "http://kb.adobe.com/selfservice/viewContent.do?externalId=kb403079&sliceId=1", + "refsource": "CONFIRM", + "url": "http://kb.adobe.com/selfservice/viewContent.do?externalId=kb403079&sliceId=1" + }, + { + "name": "http://www.adobe.com/support/security/advisories/apsa08-01.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/advisories/apsa08-01.html" + }, + { + "name": "28983", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28983" + }, + { + "name": "239286", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1" + }, + { + "name": "oval:org.mitre.oval:def:10299", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10299" + }, + { + "name": "GLSA-200803-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200803-01.xml" + }, + { + "name": "29065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29065" + }, + { + "name": "30840", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30840" + }, + { + "name": "29205", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29205" + }, + { + "name": "27641", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27641" + }, + { + "name": "ADV-2008-0425", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0425" + }, + { + "name": "28802", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28802" + }, + { + "name": "RHSA-2008:0144", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0144.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0809.json b/2008/0xxx/CVE-2008-0809.json index f9181c898e8..77e09ca2666 100644 --- a/2008/0xxx/CVE-2008-0809.json +++ b/2008/0xxx/CVE-2008-0809.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ikiwiki.info/security/#index27h2", - "refsource" : "CONFIRM", - "url" : "http://ikiwiki.info/security/#index27h2" - }, - { - "name" : "DSA-1523", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1523" - }, - { - "name" : "27760", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27760" - }, - { - "name" : "28911", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28911" - }, - { - "name" : "29369", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29369" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ikiwiki.info/security/#index27h2", + "refsource": "CONFIRM", + "url": "http://ikiwiki.info/security/#index27h2" + }, + { + "name": "29369", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29369" + }, + { + "name": "28911", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28911" + }, + { + "name": "27760", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27760" + }, + { + "name": "DSA-1523", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1523" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0890.json b/2008/0xxx/CVE-2008-0890.json index 56a41f7e0f8..df1cf1c3561 100644 --- a/2008/0xxx/CVE-2008-0890.json +++ b/2008/0xxx/CVE-2008-0890.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat Directory Server 7.1 before SP4 uses insecure permissions for certain directories, which allows local users to modify JAR files and execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-0890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2008:0173", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0173.html" - }, - { - "name" : "28204", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28204" - }, - { - "name" : "1019577", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019577" - }, - { - "name" : "29350", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29350" - }, - { - "name" : "rhds-jars-insecure-permissions(41152)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat Directory Server 7.1 before SP4 uses insecure permissions for certain directories, which allows local users to modify JAR files and execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29350", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29350" + }, + { + "name": "rhds-jars-insecure-permissions(41152)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41152" + }, + { + "name": "28204", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28204" + }, + { + "name": "1019577", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019577" + }, + { + "name": "RHSA-2008:0173", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0173.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1022.json b/2008/1xxx/CVE-2008-1022.json index cdcd59c2dab..4c528112164 100644 --- a/2008/1xxx/CVE-2008-1022.json +++ b/2008/1xxx/CVE-2008-1022.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted VR movie with an obji atom of zero size." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080403 ZDI-08-019: Apple QuickTime Malformed VR obji Atom Parsing Memory Corruption Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490461/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-019", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-019" - }, - { - "name" : "http://support.apple.com/kb/HT1241", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT1241" - }, - { - "name" : "TA08-094A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-094A.html" - }, - { - "name" : "28583", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28583" - }, - { - "name" : "ADV-2008-1078", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1078" - }, - { - "name" : "1019766", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019766" - }, - { - "name" : "29650", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29650" - }, - { - "name" : "quicktime-obji-atoms-bo(41613)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41613" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted VR movie with an obji atom of zero size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT1241", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT1241" + }, + { + "name": "TA08-094A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-094A.html" + }, + { + "name": "ADV-2008-1078", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1078" + }, + { + "name": "28583", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28583" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-019", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-019" + }, + { + "name": "1019766", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019766" + }, + { + "name": "29650", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29650" + }, + { + "name": "quicktime-obji-atoms-bo(41613)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41613" + }, + { + "name": "20080403 ZDI-08-019: Apple QuickTime Malformed VR obji Atom Parsing Memory Corruption Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490461/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1481.json b/2008/1xxx/CVE-2008-1481.json index 3748d2e8763..0f38aaebe92 100644 --- a/2008/1xxx/CVE-2008-1481.json +++ b/2008/1xxx/CVE-2008-1481.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the board parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/bid/28294/exploit", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/bid/28294/exploit" - }, - { - "name" : "28294", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28294" - }, - { - "name" : "webspell-board-xss(41417)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the board parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "webspell-board-xss(41417)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41417" + }, + { + "name": "28294", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28294" + }, + { + "name": "http://www.securityfocus.com/bid/28294/exploit", + "refsource": "MISC", + "url": "http://www.securityfocus.com/bid/28294/exploit" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1666.json b/2008/1xxx/CVE-2008-1666.json index 70be374f101..5080369d067 100644 --- a/2008/1xxx/CVE-2008-1666.json +++ b/2008/1xxx/CVE-2008-1666.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1666", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Oracle for OpenView (OfO) 8.1.7, 9.1.01, 9.2, 9.2.0, 10g, and 10gR2 has unknown impact and attack vectors, possibly related to the July 2008 Oracle Critical Patch Update." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "ADV-2008-2115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2115" - }, - { - "name" : "31113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Oracle for OpenView (OfO) 8.1.7, 9.1.01, 9.2, 9.2.0, 10g, and 10gR2 has unknown impact and attack vectors, possibly related to the July 2008 Oracle Critical Patch Update." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-2115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2115" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "31113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31113" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1804.json b/2008/1xxx/CVE-2008-1804.json index 84e9e98f451..ec931445e79 100644 --- a/2008/1xxx/CVE-2008-1804.json +++ b/2008/1xxx/CVE-2008-1804.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080521 Multiple Vendor Snort IP Fragment TTL Evasion Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=701" - }, - { - "name" : "http://cvs.snort.org/viewcvs.cgi/snort/ChangeLog?rev=1.534.2.11", - "refsource" : "CONFIRM", - "url" : "http://cvs.snort.org/viewcvs.cgi/snort/ChangeLog?rev=1.534.2.11" - }, - { - "name" : "http://cvs.snort.org/viewcvs.cgi/snort/src/preprocessors/spp_frag3.c.diff?r1=text&tr1=1.46.2.4&r2=text&tr2=1.46.2.5&diff_format=h", - "refsource" : "CONFIRM", - "url" : "http://cvs.snort.org/viewcvs.cgi/snort/src/preprocessors/spp_frag3.c.diff?r1=text&tr1=1.46.2.4&r2=text&tr2=1.46.2.5&diff_format=h" - }, - { - "name" : "http://www.ipcop.org/index.php?name=News&file=article&sid=40", - "refsource" : "CONFIRM", - "url" : "http://www.ipcop.org/index.php?name=News&file=article&sid=40" - }, - { - "name" : "FEDORA-2008-4986", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00156.html" - }, - { - "name" : "FEDORA-2008-5001", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00167.html" - }, - { - "name" : "FEDORA-2008-5045", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00198.html" - }, - { - "name" : "29327", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29327" - }, - { - "name" : "ADV-2008-1602", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1602" - }, - { - "name" : "1020081", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020081" - }, - { - "name" : "30348", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30348" - }, - { - "name" : "31204", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31204" - }, - { - "name" : "30563", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30563" - }, - { - "name" : "snort-ttl-security-bypass(42584)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42584" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "snort-ttl-security-bypass(42584)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42584" + }, + { + "name": "http://cvs.snort.org/viewcvs.cgi/snort/src/preprocessors/spp_frag3.c.diff?r1=text&tr1=1.46.2.4&r2=text&tr2=1.46.2.5&diff_format=h", + "refsource": "CONFIRM", + "url": "http://cvs.snort.org/viewcvs.cgi/snort/src/preprocessors/spp_frag3.c.diff?r1=text&tr1=1.46.2.4&r2=text&tr2=1.46.2.5&diff_format=h" + }, + { + "name": "FEDORA-2008-4986", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00156.html" + }, + { + "name": "1020081", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020081" + }, + { + "name": "ADV-2008-1602", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1602" + }, + { + "name": "FEDORA-2008-5001", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00167.html" + }, + { + "name": "30348", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30348" + }, + { + "name": "http://www.ipcop.org/index.php?name=News&file=article&sid=40", + "refsource": "CONFIRM", + "url": "http://www.ipcop.org/index.php?name=News&file=article&sid=40" + }, + { + "name": "29327", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29327" + }, + { + "name": "20080521 Multiple Vendor Snort IP Fragment TTL Evasion Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=701" + }, + { + "name": "http://cvs.snort.org/viewcvs.cgi/snort/ChangeLog?rev=1.534.2.11", + "refsource": "CONFIRM", + "url": "http://cvs.snort.org/viewcvs.cgi/snort/ChangeLog?rev=1.534.2.11" + }, + { + "name": "FEDORA-2008-5045", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00198.html" + }, + { + "name": "31204", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31204" + }, + { + "name": "30563", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30563" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1953.json b/2008/1xxx/CVE-2008-1953.json index f8d0cd1dfd2..dd2d7a91849 100644 --- a/2008/1xxx/CVE-2008-1953.json +++ b/2008/1xxx/CVE-2008-1953.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Sitedesigner before 1.1.5 search template in Magnolia Enterprise Edition allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jira.magnolia.info/browse/MGNLSD-175", - "refsource" : "CONFIRM", - "url" : "http://jira.magnolia.info/browse/MGNLSD-175" - }, - { - "name" : "28897", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28897" - }, - { - "name" : "29918", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29918" - }, - { - "name" : "magnolia-search-template-xss(41962)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41962" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Sitedesigner before 1.1.5 search template in Magnolia Enterprise Edition allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "magnolia-search-template-xss(41962)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41962" + }, + { + "name": "28897", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28897" + }, + { + "name": "http://jira.magnolia.info/browse/MGNLSD-175", + "refsource": "CONFIRM", + "url": "http://jira.magnolia.info/browse/MGNLSD-175" + }, + { + "name": "29918", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29918" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4127.json b/2008/4xxx/CVE-2008-4127.json index 615514ca50a..2c98a4d878d 100644 --- a/2008/4xxx/CVE-2008-4127.json +++ b/2008/4xxx/CVE-2008-4127.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allows remote attackers to cause a denial of service (failure of subsequent image rendering) via a crafted PNG file, related to an infinite loop in the CDwnTaskExec::ThreadExec function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080917 Microsoft Internet Explorer DoS in Rendering Malicious PNG Files.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496483/100/0/threaded" - }, - { - "name" : "31215", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31215" - }, - { - "name" : "4273", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4273" - }, - { - "name" : "ie-png-dos(45225)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45225" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allows remote attackers to cause a denial of service (failure of subsequent image rendering) via a crafted PNG file, related to an infinite loop in the CDwnTaskExec::ThreadExec function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ie-png-dos(45225)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45225" + }, + { + "name": "20080917 Microsoft Internet Explorer DoS in Rendering Malicious PNG Files.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496483/100/0/threaded" + }, + { + "name": "31215", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31215" + }, + { + "name": "4273", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4273" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4151.json b/2008/4xxx/CVE-2008-4151.json index cf351e8b55a..2a16c2f49d2 100644 --- a/2008/4xxx/CVE-2008-4151.json +++ b/2008/4xxx/CVE-2008-4151.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in collect.php in CYASK 3.x allows remote attackers to read arbitrary files via a .. (dot dot) in the neturl parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080918 cyask 3.x Local File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496511/100/0/threaded" - }, - { - "name" : "6487", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6487" - }, - { - "name" : "31237", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31237" - }, - { - "name" : "4297", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4297" - }, - { - "name" : "cyask-collect-file-include(45238)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45238" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in collect.php in CYASK 3.x allows remote attackers to read arbitrary files via a .. (dot dot) in the neturl parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cyask-collect-file-include(45238)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45238" + }, + { + "name": "20080918 cyask 3.x Local File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496511/100/0/threaded" + }, + { + "name": "4297", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4297" + }, + { + "name": "6487", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6487" + }, + { + "name": "31237", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31237" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4399.json b/2008/4xxx/CVE-2008-4399.json index ea51e1dde80..1fba51647c0 100644 --- a/2008/4xxx/CVE-2008-4399.json +++ b/2008/4xxx/CVE-2008-4399.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4399", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to \"insufficient validation.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4399", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081009 CA ARCserve Backup Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497218" - }, - { - "name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143", - "refsource" : "CONFIRM", - "url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143" - }, - { - "name" : "31684", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31684" - }, - { - "name" : "ADV-2008-2777", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2777" - }, - { - "name" : "1021032", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021032" - }, - { - "name" : "32220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32220" - }, - { - "name" : "ca-arcservebackup-database-engine-dos(45776)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45776" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to \"insufficient validation.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31684", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31684" + }, + { + "name": "ca-arcservebackup-database-engine-dos(45776)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45776" + }, + { + "name": "ADV-2008-2777", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2777" + }, + { + "name": "1021032", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021032" + }, + { + "name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143", + "refsource": "CONFIRM", + "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143" + }, + { + "name": "32220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32220" + }, + { + "name": "20081009 CA ARCserve Backup Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497218" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4494.json b/2008/4xxx/CVE-2008-4494.json index 553f4267d57..a262166cade 100644 --- a/2008/4xxx/CVE-2008-4494.json +++ b/2008/4xxx/CVE-2008-4494.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in completed-advance.php in TorrentTrader Classic 1.08 and 1.04 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6698", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6698" - }, - { - "name" : "31626", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31626" - }, - { - "name" : "32118", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32118" - }, - { - "name" : "4375", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4375" - }, - { - "name" : "torrenttrader-id-sql-injection(45728)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45728" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in completed-advance.php in TorrentTrader Classic 1.08 and 1.04 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31626", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31626" + }, + { + "name": "4375", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4375" + }, + { + "name": "6698", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6698" + }, + { + "name": "32118", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32118" + }, + { + "name": "torrenttrader-id-sql-injection(45728)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45728" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4564.json b/2008/4xxx/CVE-2008-4564.json index 36b4c2c4e2b..28be08f7c2c 100644 --- a/2008/4xxx/CVE-2008-4564.json +++ b/2008/4xxx/CVE-2008-4564.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090317 Autonomy KeyView Word Perfect File Parsing Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=774" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21377573", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21377573" - }, - { - "name" : "http://www.symantec.com/avcenter/security/Content/2009.03.17a.html", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/avcenter/security/Content/2009.03.17a.html" - }, - { - "name" : "https://customers.autonomy.com/support/secure/docs/Updates/Keyview/Filter%20SDK/10.4/kv_update_nti40_10.4.zip.readme.html", - "refsource" : "CONFIRM", - "url" : "https://customers.autonomy.com/support/secure/docs/Updates/Keyview/Filter%20SDK/10.4/kv_update_nti40_10.4.zip.readme.html" - }, - { - "name" : "VU#276563", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/276563" - }, - { - "name" : "34086", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34086" - }, - { - "name" : "52713", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52713" - }, - { - "name" : "1021856", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021856" - }, - { - "name" : "1021857", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021857" - }, - { - "name" : "1021859", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021859" - }, - { - "name" : "34307", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34307" - }, - { - "name" : "34303", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34303" - }, - { - "name" : "34318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34318" - }, - { - "name" : "34355", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34355" - }, - { - "name" : "ADV-2009-0744", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0744" - }, - { - "name" : "ADV-2009-0756", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0756" - }, - { - "name" : "ADV-2009-0757", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0757" - }, - { - "name" : "autonomy-keyview-wp6sr-bo(49284)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49284" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/avcenter/security/Content/2009.03.17a.html", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/avcenter/security/Content/2009.03.17a.html" + }, + { + "name": "ADV-2009-0744", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0744" + }, + { + "name": "34303", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34303" + }, + { + "name": "1021859", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021859" + }, + { + "name": "34307", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34307" + }, + { + "name": "autonomy-keyview-wp6sr-bo(49284)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49284" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21377573", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21377573" + }, + { + "name": "34318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34318" + }, + { + "name": "1021856", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021856" + }, + { + "name": "1021857", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021857" + }, + { + "name": "VU#276563", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/276563" + }, + { + "name": "ADV-2009-0756", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0756" + }, + { + "name": "https://customers.autonomy.com/support/secure/docs/Updates/Keyview/Filter%20SDK/10.4/kv_update_nti40_10.4.zip.readme.html", + "refsource": "CONFIRM", + "url": "https://customers.autonomy.com/support/secure/docs/Updates/Keyview/Filter%20SDK/10.4/kv_update_nti40_10.4.zip.readme.html" + }, + { + "name": "34355", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34355" + }, + { + "name": "52713", + "refsource": "OSVDB", + "url": "http://osvdb.org/52713" + }, + { + "name": "20090317 Autonomy KeyView Word Perfect File Parsing Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=774" + }, + { + "name": "34086", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34086" + }, + { + "name": "ADV-2009-0757", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0757" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4719.json b/2008/4xxx/CVE-2008-4719.json index 1d0f6b318a4..8e47a630547 100644 --- a/2008/4xxx/CVE-2008-4719.json +++ b/2008/4xxx/CVE-2008-4719.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in cms/classes/openengine/filepool.php in openEngine 2.0 beta2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter, a different vector than CVE-2008-4329." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6585", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6585" - }, - { - "name" : "31423", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31423" - }, - { - "name" : "4478", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4478" - }, - { - "name" : "openengine-filepool-file-include(45482)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in cms/classes/openengine/filepool.php in openEngine 2.0 beta2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter, a different vector than CVE-2008-4329." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31423", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31423" + }, + { + "name": "6585", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6585" + }, + { + "name": "openengine-filepool-file-include(45482)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45482" + }, + { + "name": "4478", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4478" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4906.json b/2008/4xxx/CVE-2008-4906.json index e147bc7b0b2..4a9b09ceacd 100644 --- a/2008/4xxx/CVE-2008-4906.json +++ b/2008/4xxx/CVE-2008-4906.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_menu) plugin 0.42 for e107 allows remote attackers to execute arbitrary SQL commands via the l_id parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6885", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6885" - }, - { - "name" : "http://z0rlu.blogspot.com/2008/10/e107-plugin-lyricsmenu-lyricssongphp.html", - "refsource" : "MISC", - "url" : "http://z0rlu.blogspot.com/2008/10/e107-plugin-lyricsmenu-lyricssongphp.html" - }, - { - "name" : "32004", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32004" - }, - { - "name" : "32477", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32477" - }, - { - "name" : "4551", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4551" - }, - { - "name" : "lyrics-lyricssong-sql-injection(46236)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46236" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_menu) plugin 0.42 for e107 allows remote attackers to execute arbitrary SQL commands via the l_id parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6885", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6885" + }, + { + "name": "32004", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32004" + }, + { + "name": "lyrics-lyricssong-sql-injection(46236)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46236" + }, + { + "name": "4551", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4551" + }, + { + "name": "32477", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32477" + }, + { + "name": "http://z0rlu.blogspot.com/2008/10/e107-plugin-lyricsmenu-lyricssongphp.html", + "refsource": "MISC", + "url": "http://z0rlu.blogspot.com/2008/10/e107-plugin-lyricsmenu-lyricssongphp.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5921.json b/2008/5xxx/CVE-2008-5921.json index 7b2d62dc0dd..4ea46a4b751 100644 --- a/2008/5xxx/CVE-2008-5921.json +++ b/2008/5xxx/CVE-2008-5921.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in albums.php in Umer Inc Songs Portal allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7439", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7439" - }, - { - "name" : "32802", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32802" - }, - { - "name" : "4924", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4924" - }, - { - "name" : "songsportal-albums-sql-injection(47300)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in albums.php in Umer Inc Songs Portal allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7439", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7439" + }, + { + "name": "32802", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32802" + }, + { + "name": "4924", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4924" + }, + { + "name": "songsportal-albums-sql-injection(47300)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47300" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2344.json b/2013/2xxx/CVE-2013-2344.json index 47cc2515cb9..da59532f3ba 100644 --- a/2013/2xxx/CVE-2013-2344.json +++ b/2013/2xxx/CVE-2013-2344.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1866." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-2344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02895", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422" - }, - { - "name" : "SSRT101217", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422" - }, - { - "name" : "SSRT101253", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1866." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMU02895", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422" + }, + { + "name": "SSRT101217", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422" + }, + { + "name": "SSRT101253", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2694.json b/2013/2xxx/CVE-2013-2694.json index c5041bc281e..a571e6e3b67 100644 --- a/2013/2xxx/CVE-2013-2694.json +++ b/2013/2xxx/CVE-2013-2694.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2694", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in invite.php in the WP Symposium plugin 13.04 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the u parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2013-2694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "59045", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59045" - }, - { - "name" : "92274", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/92274" - }, - { - "name" : "52925", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52925" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in invite.php in the WP Symposium plugin 13.04 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the u parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59045", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59045" + }, + { + "name": "92274", + "refsource": "OSVDB", + "url": "http://osvdb.org/92274" + }, + { + "name": "52925", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52925" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2725.json b/2013/2xxx/CVE-2013-2725.json index 18437950116..b393314581d 100644 --- a/2013/2xxx/CVE-2013-2725.json +++ b/2013/2xxx/CVE-2013-2725.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-2725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-15.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-15.html" - }, - { - "name" : "GLSA-201308-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml" - }, - { - "name" : "RHSA-2013:0826", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0826.html" - }, - { - "name" : "SUSE-SU-2013:0809", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html" - }, - { - "name" : "oval:org.mitre.oval:def:16675", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16675" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-15.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-15.html" + }, + { + "name": "SUSE-SU-2013:0809", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html" + }, + { + "name": "RHSA-2013:0826", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0826.html" + }, + { + "name": "oval:org.mitre.oval:def:16675", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16675" + }, + { + "name": "GLSA-201308-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-03.xml" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3583.json b/2013/3xxx/CVE-2013-3583.json index 11a25b5b974..476c8e0a57f 100644 --- a/2013/3xxx/CVE-2013-3583.json +++ b/2013/3xxx/CVE-2013-3583.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in saveProperties.html in Corporater EPM Suite allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-3583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#595142", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/595142" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in saveProperties.html in Corporater EPM Suite allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#595142", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/595142" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3587.json b/2013/3xxx/CVE-2013-3587.json index f7faaf7dbaf..e674af7639f 100644 --- a/2013/3xxx/CVE-2013-3587.json +++ b/2013/3xxx/CVE-2013-3587.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3587", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3587", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3737.json b/2013/3xxx/CVE-2013-3737.json index 83c76cb2f4c..a6c3ad152f6 100644 --- a/2013/3xxx/CVE-2013-3737.json +++ b/2013/3xxx/CVE-2013-3737.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and caches via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[rt-announce] 20130612 Security vulnerability in RT::Extension::MobileUI", - "refsource" : "MLIST", - "url" : "http://lists.bestpractical.com/pipermail/rt-announce/2013-June/000230.html" - }, - { - "name" : "94280", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/94280" - }, - { - "name" : "53799", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53799" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and caches via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94280", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/94280" + }, + { + "name": "[rt-announce] 20130612 Security vulnerability in RT::Extension::MobileUI", + "refsource": "MLIST", + "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-June/000230.html" + }, + { + "name": "53799", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53799" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3918.json b/2013/3xxx/CVE-2013-3918.json index 4bd665bbda7..a6bfe69f532 100644 --- a/2013/3xxx/CVE-2013-3918.json +++ b/2013/3xxx/CVE-2013-3918.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka \"InformationCardSigninHelper Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.fireeye.com/blog/technical/2013/11/new-ie-zero-day-found-in-watering-hole-attack.html", - "refsource" : "MISC", - "url" : "http://www.fireeye.com/blog/technical/2013/11/new-ie-zero-day-found-in-watering-hole-attack.html" - }, - { - "name" : "https://isc.sans.edu/forums/diary/16985", - "refsource" : "MISC", - "url" : "https://isc.sans.edu/forums/diary/16985" - }, - { - "name" : "http://www.darkreading.com/vulnerability/new-ie-vulnerability-found-in-the-wild-s/240163814/", - "refsource" : "MISC", - "url" : "http://www.darkreading.com/vulnerability/new-ie-vulnerability-found-in-the-wild-s/240163814/" - }, - { - "name" : "http://blogs.technet.com/b/msrc/archive/2013/11/11/activex-control-issue-being-addressed-in-update-tuesday.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/b/msrc/archive/2013/11/11/activex-control-issue-being-addressed-in-update-tuesday.aspx" - }, - { - "name" : "MS13-090", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-090" - }, - { - "name" : "TA13-317A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-317A" - }, - { - "name" : "oval:org.mitre.oval:def:19089", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19089" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka \"InformationCardSigninHelper Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA13-317A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-317A" + }, + { + "name": "http://www.darkreading.com/vulnerability/new-ie-vulnerability-found-in-the-wild-s/240163814/", + "refsource": "MISC", + "url": "http://www.darkreading.com/vulnerability/new-ie-vulnerability-found-in-the-wild-s/240163814/" + }, + { + "name": "MS13-090", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-090" + }, + { + "name": "http://www.fireeye.com/blog/technical/2013/11/new-ie-zero-day-found-in-watering-hole-attack.html", + "refsource": "MISC", + "url": "http://www.fireeye.com/blog/technical/2013/11/new-ie-zero-day-found-in-watering-hole-attack.html" + }, + { + "name": "oval:org.mitre.oval:def:19089", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19089" + }, + { + "name": "https://isc.sans.edu/forums/diary/16985", + "refsource": "MISC", + "url": "https://isc.sans.edu/forums/diary/16985" + }, + { + "name": "http://blogs.technet.com/b/msrc/archive/2013/11/11/activex-control-issue-being-addressed-in-update-tuesday.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/b/msrc/archive/2013/11/11/activex-control-issue-being-addressed-in-update-tuesday.aspx" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4488.json b/2013/4xxx/CVE-2013-4488.json index 3b7cf9c8ca6..42bdbf8412a 100644 --- a/2013/4xxx/CVE-2013-4488.json +++ b/2013/4xxx/CVE-2013-4488.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[libgadu-devel] 20130602 Re: How to Report a Security Bug in libgadu", - "refsource" : "MLIST", - "url" : "http://www.mail-archive.com/libgadu-devel@lists.ziew.org/msg01017.html" - }, - { - "name" : "[oss-security] 20131031 Re: CVE Request", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/10/31/5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1025718", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1025718" - }, - { - "name" : "FEDORA-2013-23260", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/pipermail/package-announce/2013-December/125143.html" - }, - { - "name" : "GLSA-201508-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201508-02" - }, - { - "name" : "MDVSA-2014:185", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:185" - }, - { - "name" : "63473", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201508-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201508-02" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1025718", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1025718" + }, + { + "name": "63473", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63473" + }, + { + "name": "[oss-security] 20131031 Re: CVE Request", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/10/31/5" + }, + { + "name": "[libgadu-devel] 20130602 Re: How to Report a Security Bug in libgadu", + "refsource": "MLIST", + "url": "http://www.mail-archive.com/libgadu-devel@lists.ziew.org/msg01017.html" + }, + { + "name": "MDVSA-2014:185", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:185" + }, + { + "name": "FEDORA-2013-23260", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/pipermail/package-announce/2013-December/125143.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4583.json b/2013/4xxx/CVE-2013-4583.json index dd7d11d51a0..fecac2b6477 100644 --- a/2013/4xxx/CVE-2013-4583.json +++ b/2013/4xxx/CVE-2013-4583.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4583", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4583", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4616.json b/2013/4xxx/CVE-2013-4616.json index e70d15d8cd0..f192d84daa2 100644 --- a/2013/4xxx/CVE-2013-4616.json +++ b/2013/4xxx/CVE-2013-4616.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack that leverages the insufficient number of possible passphrases." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[owasp-mobile-security-project] 20130617 Cracking iOS personal hotspots using a Scrabble crossword game word list", - "refsource" : "MLIST", - "url" : "http://lists.owasp.org/pipermail/owasp-mobile-security-project/2013-June/000640.html" - }, - { - "name" : "http://www1.cs.fau.de/filepool/projects/hotspot/hotspot.pdf", - "refsource" : "MISC", - "url" : "http://www1.cs.fau.de/filepool/projects/hotspot/hotspot.pdf" - }, - { - "name" : "http://www1.cs.fau.de/hotspot", - "refsource" : "MISC", - "url" : "http://www1.cs.fau.de/hotspot" - }, - { - "name" : "http://support.apple.com/kb/HT5934", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5934" - }, - { - "name" : "APPLE-SA-2013-09-18-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" - }, - { - "name" : "1029054", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029054" - }, - { - "name" : "54886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack that leverages the insufficient number of possible passphrases." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[owasp-mobile-security-project] 20130617 Cracking iOS personal hotspots using a Scrabble crossword game word list", + "refsource": "MLIST", + "url": "http://lists.owasp.org/pipermail/owasp-mobile-security-project/2013-June/000640.html" + }, + { + "name": "1029054", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029054" + }, + { + "name": "http://www1.cs.fau.de/hotspot", + "refsource": "MISC", + "url": "http://www1.cs.fau.de/hotspot" + }, + { + "name": "54886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54886" + }, + { + "name": "http://support.apple.com/kb/HT5934", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5934" + }, + { + "name": "http://www1.cs.fau.de/filepool/projects/hotspot/hotspot.pdf", + "refsource": "MISC", + "url": "http://www1.cs.fau.de/filepool/projects/hotspot/hotspot.pdf" + }, + { + "name": "APPLE-SA-2013-09-18-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6150.json b/2013/6xxx/CVE-2013-6150.json index 03bd587c40f..27e2f13a6ca 100644 --- a/2013/6xxx/CVE-2013-6150.json +++ b/2013/6xxx/CVE-2013-6150.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6150", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6150", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6305.json b/2013/6xxx/CVE-2013-6305.json index e99c252e50a..70a5ae1f8a9 100644 --- a/2013/6xxx/CVE-2013-6305.json +++ b/2013/6xxx/CVE-2013-6305.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build 229073 uses the same credentials encryption key across different customers' installations, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging knowledge of this key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-6305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1020528", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1020528" - }, - { - "name" : "102262", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102262" - }, - { - "name" : "ibm-platform-symphony-cve20136305-encryption(88536)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88536" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build 229073 uses the same credentials encryption key across different customers' installations, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging knowledge of this key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102262", + "refsource": "OSVDB", + "url": "http://osvdb.org/102262" + }, + { + "name": "ibm-platform-symphony-cve20136305-encryption(88536)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88536" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1020528", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1020528" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6448.json b/2013/6xxx/CVE-2013-6448.json index 7212ab31ef2..2bf4de2de8b 100644 --- a/2013/6xxx/CVE-2013-6448.json +++ b/2013/6xxx/CVE-2013-6448.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1044794", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1044794" - }, - { - "name" : "https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5", - "refsource" : "CONFIRM", - "url" : "https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5" - }, - { - "name" : "RHSA-2014:0045", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0045.html" - }, - { - "name" : "1029652", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029652" - }, - { - "name" : "56572", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029652", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029652" + }, + { + "name": "https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5", + "refsource": "CONFIRM", + "url": "https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1044794", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1044794" + }, + { + "name": "56572", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56572" + }, + { + "name": "RHSA-2014:0045", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0045.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6461.json b/2013/6xxx/CVE-2013-6461.json index ffb1bf66840..dbb515ca09d 100644 --- a/2013/6xxx/CVE-2013-6461.json +++ b/2013/6xxx/CVE-2013-6461.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6461", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6461", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6488.json b/2013/6xxx/CVE-2013-6488.json index 7cb4c43fbda..7e8b011c530 100644 --- a/2013/6xxx/CVE-2013-6488.json +++ b/2013/6xxx/CVE-2013-6488.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6488", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-0328. Reason: This candidate is a reservation duplicate of CVE-2013-0328. Notes: All CVE users should reference CVE-2013-0328 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6488", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-0328. Reason: This candidate is a reservation duplicate of CVE-2013-0328. Notes: All CVE users should reference CVE-2013-0328 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7084.json b/2013/7xxx/CVE-2013-7084.json index d932a431472..53277b46cb8 100644 --- a/2013/7xxx/CVE-2013-7084.json +++ b/2013/7xxx/CVE-2013-7084.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7084", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7084", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7376.json b/2013/7xxx/CVE-2013-7376.json index 4ad5f6aac04..454a383ed9e 100644 --- a/2013/7xxx/CVE-2013-7376.json +++ b/2013/7xxx/CVE-2013-7376.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130703 Multiple Vulnerabilities in OpenX", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2013/Jul/27" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23155", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23155" - }, - { - "name" : "94778", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/94778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94778", + "refsource": "OSVDB", + "url": "http://osvdb.org/94778" + }, + { + "name": "20130703 Multiple Vulnerabilities in OpenX", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2013/Jul/27" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23155", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23155" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10565.json b/2017/10xxx/CVE-2017-10565.json index 4cbc95d9708..4cb47efc449 100644 --- a/2017/10xxx/CVE-2017-10565.json +++ b/2017/10xxx/CVE-2017-10565.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10565", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10565", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10591.json b/2017/10xxx/CVE-2017-10591.json index 00779621b54..6e64c87b36f 100644 --- a/2017/10xxx/CVE-2017-10591.json +++ b/2017/10xxx/CVE-2017-10591.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10591", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10591", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10609.json b/2017/10xxx/CVE-2017-10609.json index 395381d9c75..31448660b16 100644 --- a/2017/10xxx/CVE-2017-10609.json +++ b/2017/10xxx/CVE-2017-10609.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10609", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10609", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10844.json b/2017/10xxx/CVE-2017-10844.json index 425fe83e9fd..386e4378dbd 100644 --- a/2017/10xxx/CVE-2017-10844.json +++ b/2017/10xxx/CVE-2017-10844.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-10844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-10844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://basercms.net/security/JVN78151490", - "refsource" : "MISC", - "url" : "https://basercms.net/security/JVN78151490" - }, - { - "name" : "JVN#78151490", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN78151490/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://basercms.net/security/JVN78151490", + "refsource": "MISC", + "url": "https://basercms.net/security/JVN78151490" + }, + { + "name": "JVN#78151490", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN78151490/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10911.json b/2017/10xxx/CVE-2017-10911.json index 71d1c6631c8..84f15593b13 100644 --- a/2017/10xxx/CVE-2017-10911.json +++ b/2017/10xxx/CVE-2017-10911.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=089bc0143f489bd3a4578bdff5f4ca68fb26f341", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=089bc0143f489bd3a4578bdff5f4ca68fb26f341" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8" - }, - { - "name" : "https://github.com/torvalds/linux/commit/089bc0143f489bd3a4578bdff5f4ca68fb26f341", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/089bc0143f489bd3a4578bdff5f4ca68fb26f341" - }, - { - "name" : "https://xenbits.xen.org/xsa/advisory-216.html", - "refsource" : "CONFIRM", - "url" : "https://xenbits.xen.org/xsa/advisory-216.html" - }, - { - "name" : "DSA-3927", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3927" - }, - { - "name" : "DSA-3945", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3945" - }, - { - "name" : "DSA-3920", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3920" - }, - { - "name" : "GLSA-201708-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201708-03" - }, - { - "name" : "99162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99162" - }, - { - "name" : "1038720", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038720" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://xenbits.xen.org/xsa/advisory-216.html", + "refsource": "CONFIRM", + "url": "https://xenbits.xen.org/xsa/advisory-216.html" + }, + { + "name": "DSA-3927", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3927" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=089bc0143f489bd3a4578bdff5f4ca68fb26f341", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=089bc0143f489bd3a4578bdff5f4ca68fb26f341" + }, + { + "name": "DSA-3920", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3920" + }, + { + "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" + }, + { + "name": "GLSA-201708-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201708-03" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8" + }, + { + "name": "99162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99162" + }, + { + "name": "1038720", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038720" + }, + { + "name": "https://github.com/torvalds/linux/commit/089bc0143f489bd3a4578bdff5f4ca68fb26f341", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/089bc0143f489bd3a4578bdff5f4ca68fb26f341" + }, + { + "name": "DSA-3945", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3945" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10954.json b/2017/10xxx/CVE-2017-10954.json index f79a335eeeb..404cbd832aa 100644 --- a/2017/10xxx/CVE-2017-10954.json +++ b/2017/10xxx/CVE-2017-10954.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-10954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Bitdefender Internet Security", - "version" : { - "version_data" : [ - { - "version_value" : "Internet Security 2018 prior to build 7.72918" - } - ] - } - } - ] - }, - "vendor_name" : "Bitdefender" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security Internet Security 2018 prior to build 7.72918. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within pdf.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-4361." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-190-Integer Overflow or Wraparound" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-10954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bitdefender Internet Security", + "version": { + "version_data": [ + { + "version_value": "Internet Security 2018 prior to build 7.72918" + } + ] + } + } + ] + }, + "vendor_name": "Bitdefender" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-717", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-717" - }, - { - "name" : "100676", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100676" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security Internet Security 2018 prior to build 7.72918. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within pdf.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-4361." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190-Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-717", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-717" + }, + { + "name": "100676", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100676" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13576.json b/2017/13xxx/CVE-2017-13576.json index 25a716f677d..5dea2f64244 100644 --- a/2017/13xxx/CVE-2017-13576.json +++ b/2017/13xxx/CVE-2017-13576.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13576", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13576", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13779.json b/2017/13xxx/CVE-2017-13779.json index 07454096341..d78b3cbcde7 100644 --- a/2017/13xxx/CVE-2017-13779.json +++ b/2017/13xxx/CVE-2017-13779.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13779", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the \"C:\\GST Offline Tool\" directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript code. For example, a local user could create VBScript code for a TCP reverse shell, and use that later for Remote Command Execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tink2hack.blogspot.in/2017/09/writeup-of-cve-2017-13779-remote.html", - "refsource" : "MISC", - "url" : "https://tink2hack.blogspot.in/2017/09/writeup-of-cve-2017-13779-remote.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the \"C:\\GST Offline Tool\" directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript code. For example, a local user could create VBScript code for a TCP reverse shell, and use that later for Remote Command Execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tink2hack.blogspot.in/2017/09/writeup-of-cve-2017-13779-remote.html", + "refsource": "MISC", + "url": "https://tink2hack.blogspot.in/2017/09/writeup-of-cve-2017-13779-remote.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13862.json b/2017/13xxx/CVE-2017-13862.json index 7a5a0503210..0df9ec1ae26 100644 --- a/2017/13xxx/CVE-2017-13862.json +++ b/2017/13xxx/CVE-2017-13862.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-13862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-13862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208325", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208325" - }, - { - "name" : "https://support.apple.com/HT208327", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208327" - }, - { - "name" : "https://support.apple.com/HT208331", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208331" - }, - { - "name" : "https://support.apple.com/HT208334", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208334" - }, - { - "name" : "102100", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102100" - }, - { - "name" : "1039952", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039952" - }, - { - "name" : "1039953", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039953" - }, - { - "name" : "1039966", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208331", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208331" + }, + { + "name": "https://support.apple.com/HT208327", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208327" + }, + { + "name": "https://support.apple.com/HT208325", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208325" + }, + { + "name": "1039966", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039966" + }, + { + "name": "1039953", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039953" + }, + { + "name": "https://support.apple.com/HT208334", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208334" + }, + { + "name": "1039952", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039952" + }, + { + "name": "102100", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102100" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13944.json b/2017/13xxx/CVE-2017-13944.json index 23bc2dfc062..1f637c29f7e 100644 --- a/2017/13xxx/CVE-2017-13944.json +++ b/2017/13xxx/CVE-2017-13944.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13944", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13944", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17064.json b/2017/17xxx/CVE-2017-17064.json index 4142176ea62..adbd724ae23 100644 --- a/2017/17xxx/CVE-2017-17064.json +++ b/2017/17xxx/CVE-2017-17064.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17064", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17064", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17380.json b/2017/17xxx/CVE-2017-17380.json index ba409c3362d..ab5672aaa4d 100644 --- a/2017/17xxx/CVE-2017-17380.json +++ b/2017/17xxx/CVE-2017-17380.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17380", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17380", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17974.json b/2017/17xxx/CVE-2017-17974.json index 21edca51a8e..47935970861 100644 --- a/2017/17xxx/CVE-2017-17974.json +++ b/2017/17xxx/CVE-2017-17974.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPserv 00002, and Script 02.*) and ISC2000 devices allows remote attackers to obtain sensitive information via a request for isc/get_sid_js.aspx or isc/get_sid.aspx, as demonstrated by obtaining administrative access by subsequently using the credential information for the Supervisor/Administrator account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://misteralfa-hack.blogspot.cl/2017/12/ba-system-improper-access-control.html", - "refsource" : "MISC", - "url" : "http://misteralfa-hack.blogspot.cl/2017/12/ba-system-improper-access-control.html" - }, - { - "name" : "https://github.com/ezelf/baCK_system", - "refsource" : "MISC", - "url" : "https://github.com/ezelf/baCK_system" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPserv 00002, and Script 02.*) and ISC2000 devices allows remote attackers to obtain sensitive information via a request for isc/get_sid_js.aspx or isc/get_sid.aspx, as demonstrated by obtaining administrative access by subsequently using the credential information for the Supervisor/Administrator account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://misteralfa-hack.blogspot.cl/2017/12/ba-system-improper-access-control.html", + "refsource": "MISC", + "url": "http://misteralfa-hack.blogspot.cl/2017/12/ba-system-improper-access-control.html" + }, + { + "name": "https://github.com/ezelf/baCK_system", + "refsource": "MISC", + "url": "https://github.com/ezelf/baCK_system" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9072.json b/2017/9xxx/CVE-2017-9072.json index 8f8868618fe..050893c530f 100644 --- a/2017/9xxx/CVE-2017-9072.json +++ b/2017/9xxx/CVE-2017-9072.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Two CalendarXP products have XSS in common parts of HTML files. CalendarXP FlatCalendarXP through 9.9.290 has XSS in iflateng.htm and nflateng.htm. CalendarXP PopCalendarXP through 9.8.308 has XSS in ipopeng.htm and npopeng.htm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/victorwon/calendarxp/issues/2", - "refsource" : "MISC", - "url" : "https://github.com/victorwon/calendarxp/issues/2" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102632", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Two CalendarXP products have XSS in common parts of HTML files. CalendarXP FlatCalendarXP through 9.9.290 has XSS in iflateng.htm and nflateng.htm. CalendarXP PopCalendarXP through 9.8.308 has XSS in ipopeng.htm and npopeng.htm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102632", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102632" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "https://github.com/victorwon/calendarxp/issues/2", + "refsource": "MISC", + "url": "https://github.com/victorwon/calendarxp/issues/2" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9104.json b/2017/9xxx/CVE-2017-9104.json index 59e96d5d1d5..1bfd91e12e1 100644 --- a/2017/9xxx/CVE-2017-9104.json +++ b/2017/9xxx/CVE-2017-9104.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9104", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9104", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9182.json b/2017/9xxx/CVE-2017-9182.json index b24c429dc29..f88cbefb0e4 100644 --- a/2017/9xxx/CVE-2017-9182.json +++ b/2017/9xxx/CVE-2017-9182.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (use-after-free and invalid heap read), related to the GET_COLOR function in color.c:16:11." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/" - }, - { - "name" : "98678", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98678" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (use-after-free and invalid heap read), related to the GET_COLOR function in color.c:16:11." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98678", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98678" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9444.json b/2017/9xxx/CVE-2017-9444.json index 211d9944160..6d9132f5744 100644 --- a/2017/9xxx/CVE-2017-9444.json +++ b/2017/9xxx/CVE-2017-9444.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BigTree CMS through 4.2.18 has CSRF related to the core\\admin\\modules\\users\\profile\\update.php script (modify user information), the index.php/admin/developer/packages/delete/ URI (remove packages), the index.php/admin/developer/upgrade/ignore/?versions= URI, and the index.php/admin/developer/upgrade/set-ftp-directory/ URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/bigtreecms/BigTree-CMS/issues/293", - "refsource" : "MISC", - "url" : "https://github.com/bigtreecms/BigTree-CMS/issues/293" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BigTree CMS through 4.2.18 has CSRF related to the core\\admin\\modules\\users\\profile\\update.php script (modify user information), the index.php/admin/developer/packages/delete/ URI (remove packages), the index.php/admin/developer/upgrade/ignore/?versions= URI, and the index.php/admin/developer/upgrade/set-ftp-directory/ URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bigtreecms/BigTree-CMS/issues/293", + "refsource": "MISC", + "url": "https://github.com/bigtreecms/BigTree-CMS/issues/293" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9483.json b/2017/9xxx/CVE-2017-9483.json index 02b3c700b51..e65d18ffa43 100644 --- a/2017/9xxx/CVE-2017-9483.json +++ b/2017/9xxx/CVE-2017-9483.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9483", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows Network Processor (NP) Linux users to obtain root access to the Application Processor (AP) Linux system via shell metacharacters in commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-26.arbitrary-command-execution.txt", - "refsource" : "MISC", - "url" : "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-26.arbitrary-command-execution.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows Network Processor (NP) Linux users to obtain root access to the Application Processor (AP) Linux system via shell metacharacters in commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-26.arbitrary-command-execution.txt", + "refsource": "MISC", + "url": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-26.arbitrary-command-execution.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0006.json b/2018/0xxx/CVE-2018-0006.json index 47138699604..10c2bcca7da 100644 --- a/2018/0xxx/CVE-2018-0006.json +++ b/2018/0xxx/CVE-2018-0006.json @@ -1,133 +1,133 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "DATE_PUBLIC" : "2018-01-10T17:00:00.000Z", - "ID" : "CVE-2018-0006", - "STATE" : "PUBLIC", - "TITLE" : "Junos OS: bbe-smgd process denial of service while processing VLAN authentication requests/rejects" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Junos OS", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "15.1", - "version_value" : "15.1R6-S2, 15.1R7" - }, - { - "affected" : "<", - "version_name" : "16.1", - "version_value" : "16.1R5-S1, 16.1R6" - }, - { - "affected" : "<", - "version_name" : "16.2", - "version_value" : "16.2R2-S2, 16.2R3" - }, - { - "affected" : "<", - "version_name" : "17.1", - "version_value" : "17.1R2-S5, 17.1R3" - }, - { - "affected" : "<", - "version_name" : "17.2", - "version_value" : "17.2R2" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A high rate of VLAN authentication attempts sent from an adjacent host on the local broadcast domain can trigger high memory utilization by the BBE subscriber management daemon (bbe-smgd), and lead to a denial of service condition. The issue was caused by attempting to process an unbounded number of pending VLAN authentication requests, leading to excessive memory allocation. This issue only affects devices configured for DHCPv4/v6 over AE auto-sensed VLANs, utilized in Broadband Edge (BBE) deployments. Other configurations are unaffected by this issue. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R6-S2, 15.1R7; 16.1 versions prior to 16.1R5-S1, 16.1R6; 16.2 versions prior to 16.2R2-S2, 16.2R3; 17.1 versions prior to 17.1R2-S5, 17.1R3; 17.2 versions prior to 17.2R2." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." - } - ], - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "ADJACENT_NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 6.5, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2018-01-10T17:00:00.000Z", + "ID": "CVE-2018-0006", + "STATE": "PUBLIC", + "TITLE": "Junos OS: bbe-smgd process denial of service while processing VLAN authentication requests/rejects" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "15.1", + "version_value": "15.1R6-S2, 15.1R7" + }, + { + "affected": "<", + "version_name": "16.1", + "version_value": "16.1R5-S1, 16.1R6" + }, + { + "affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S2, 16.2R3" + }, + { + "affected": "<", + "version_name": "17.1", + "version_value": "17.1R2-S5, 17.1R3" + }, + { + "affected": "<", + "version_name": "17.2", + "version_value": "17.2R2" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10834", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10834" - }, - { - "name" : "1040184", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040184" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "The following software releases have been updated to resolve this specific issue: 15.1R6-S2, 15.1R7, 16.1R5-S1, 16.1R6, 16.2R2-S2, 16.2R3, 17.1R2-S5*, 17.1R3*, 17.2R2, 17.3R1, 17.4R1, and all subsequent releases. \n\n*pending release" - } - ], - "source" : { - "advisory" : "JSA10834", - "defect" : [ - "1284213", - "1268129" - ], - "discovery" : "USER" - }, - "work_around" : [ - { - "lang" : "eng", - "value" : "Since this issue is specific to auto-sense or dynamic VLANs, utilizing a static VLAN model will mitigate this issue." - } - ] -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A high rate of VLAN authentication attempts sent from an adjacent host on the local broadcast domain can trigger high memory utilization by the BBE subscriber management daemon (bbe-smgd), and lead to a denial of service condition. The issue was caused by attempting to process an unbounded number of pending VLAN authentication requests, leading to excessive memory allocation. This issue only affects devices configured for DHCPv4/v6 over AE auto-sensed VLANs, utilized in Broadband Edge (BBE) deployments. Other configurations are unaffected by this issue. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R6-S2, 15.1R7; 16.1 versions prior to 16.1R5-S1, 16.1R6; 16.2 versions prior to 16.2R2-S2, 16.2R3; 17.1 versions prior to 17.1R2-S5, 17.1R3; 17.2 versions prior to 17.2R2." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040184", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040184" + }, + { + "name": "https://kb.juniper.net/JSA10834", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10834" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 15.1R6-S2, 15.1R7, 16.1R5-S1, 16.1R6, 16.2R2-S2, 16.2R3, 17.1R2-S5*, 17.1R3*, 17.2R2, 17.3R1, 17.4R1, and all subsequent releases. \n\n*pending release" + } + ], + "source": { + "advisory": "JSA10834", + "defect": [ + "1284213", + "1268129" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "Since this issue is specific to auto-sense or dynamic VLANs, utilizing a static VLAN model will mitigate this issue." + } + ] +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0127.json b/2018/0xxx/CVE-2018-0127.json index 62ff9deedf7..94589d96f9d 100644 --- a/2018/0xxx/CVE-2018-0127.json +++ b/2018/0xxx/CVE-2018-0127.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco RV132W and RV134W Wireless VPN Routers", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco RV132W and RV134W Wireless VPN Routers" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to the absence of user authentication requirements for certain pages that are part of the web interface and contain confidential information for an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device and examining the HTTP response to the request. A successful exploit could allow the attacker to view configuration parameters, including the administrator password, for the affected device. Cisco Bug IDs: CSCvg92739, CSCvh60172." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco RV132W and RV134W Wireless VPN Routers", + "version": { + "version_data": [ + { + "version_value": "Cisco RV132W and RV134W Wireless VPN Routers" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x_2", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x_2" - }, - { - "name" : "102969", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102969" - }, - { - "name" : "1040345", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to the absence of user authentication requirements for certain pages that are part of the web interface and contain confidential information for an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device and examining the HTTP response to the request. A successful exploit could allow the attacker to view configuration parameters, including the administrator password, for the affected device. Cisco Bug IDs: CSCvg92739, CSCvh60172." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040345", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040345" + }, + { + "name": "102969", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102969" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x_2", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x_2" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0675.json b/2018/0xxx/CVE-2018-0675.json index fe5235ecd0e..4a24bb22894 100644 --- a/2018/0xxx/CVE-2018-0675.json +++ b/2018/0xxx/CVE-2018-0675.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "AttacheCase", - "version" : { - "version_data" : [ - { - "version_value" : "ver.3.3.0.0 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "HiBARA Software" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AttacheCase", + "version": { + "version_data": [ + { + "version_value": "ver.3.3.0.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "HiBARA Software" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hibara.org/software/attachecase/?lang=en", - "refsource" : "CONFIRM", - "url" : "https://hibara.org/software/attachecase/?lang=en" - }, - { - "name" : "JVN#02037158", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN02037158/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#02037158", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN02037158/index.html" + }, + { + "name": "https://hibara.org/software/attachecase/?lang=en", + "refsource": "CONFIRM", + "url": "https://hibara.org/software/attachecase/?lang=en" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0715.json b/2018/0xxx/CVE-2018-0715.json index 77a2af2aae7..3cec3ccbbf5 100644 --- a/2018/0xxx/CVE-2018-0715.json +++ b/2018/0xxx/CVE-2018-0715.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@qnapsecurity.com.tw", - "DATE_PUBLIC" : "2018-08-23T00:00:00", - "ID" : "CVE-2018-0715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Photo Station", - "version" : { - "version_data" : [ - { - "version_value" : "versions 5.7.0 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "QNAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "security@qnap.com", + "DATE_PUBLIC": "2018-08-23T00:00:00", + "ID": "CVE-2018-0715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Photo Station", + "version": { + "version_data": [ + { + "version_value": "versions 5.7.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "QNAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45348", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45348/" - }, - { - "name" : "https://www.qnap.com/zh-tw/security-advisory/nas-201808-23", - "refsource" : "CONFIRM", - "url" : "https://www.qnap.com/zh-tw/security-advisory/nas-201808-23" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201808-23", + "refsource": "CONFIRM", + "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201808-23" + }, + { + "name": "45348", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45348/" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18826.json b/2018/18xxx/CVE-2018-18826.json index 1f755bc23df..7d680f4cb6e 100644 --- a/2018/18xxx/CVE-2018-18826.json +++ b/2018/18xxx/CVE-2018-18826.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18826", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There exists a heap-based buffer overflow in vc1_decode_p_mb_intfi in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18826", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.libav.org/show_bug.cgi?id=1135", - "refsource" : "MISC", - "url" : "https://bugzilla.libav.org/show_bug.cgi?id=1135" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There exists a heap-based buffer overflow in vc1_decode_p_mb_intfi in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.libav.org/show_bug.cgi?id=1135", + "refsource": "MISC", + "url": "https://bugzilla.libav.org/show_bug.cgi?id=1135" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19005.json b/2018/19xxx/CVE-2018-19005.json index 886d4227b7e..153b5b4eb6f 100644 --- a/2018/19xxx/CVE-2018-19005.json +++ b/2018/19xxx/CVE-2018-19005.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2018-19005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cscape", - "version" : { - "version_data" : [ - { - "version_value" : "Cscape Version 9.80.75.3 SP3 and prior." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cscape, Version 9.80.75.3 SP3 and prior. An improper input validation vulnerability has been identified that may be exploited by processing specially crafted POC files lacking user input validation. This may allow an attacker to read confidential information and remotely execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER INPUT VALIDATION CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2018-19005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cscape", + "version": { + "version_data": [ + { + "version_value": "Cscape Version 9.80.75.3 SP3 and prior." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-354-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-354-01" - }, - { - "name" : "106275", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cscape, Version 9.80.75.3 SP3 and prior. An improper input validation vulnerability has been identified that may be exploited by processing specially crafted POC files lacking user input validation. This may allow an attacker to read confidential information and remotely execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER INPUT VALIDATION CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106275", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106275" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-354-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-354-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19020.json b/2018/19xxx/CVE-2018-19020.json index b05490eb828..42021d49729 100644 --- a/2018/19xxx/CVE-2018-19020.json +++ b/2018/19xxx/CVE-2018-19020.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2019-01-17T00:00:00", - "ID" : "CVE-2018-19020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CX-Supervisor", - "version" : { - "version_data" : [ - { - "version_value" : "Versions 3.42 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When CX-Supervisor (Versions 3.42 and prior) processes project files and tampers with the value of an offset, an attacker can force the application to read a value outside of an array." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OUT-OF-BOUNDS READ CWE-125" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2019-01-17T00:00:00", + "ID": "CVE-2018-19020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CX-Supervisor", + "version": { + "version_data": [ + { + "version_value": "Versions 3.42 and prior" + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When CX-Supervisor (Versions 3.42 and prior) processes project files and tampers with the value of an offset, an attacker can force the application to read a value outside of an array." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OUT-OF-BOUNDS READ CWE-125" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19437.json b/2018/19xxx/CVE-2018-19437.json index fa03d45aeee..9355445c92b 100644 --- a/2018/19xxx/CVE-2018-19437.json +++ b/2018/19xxx/CVE-2018-19437.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is used for arbitrary cookie values that are set and not empty." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wwwws1234/ucms/blob/master/Vertical%20crossing%20power.md", - "refsource" : "MISC", - "url" : "https://github.com/wwwws1234/ucms/blob/master/Vertical%20crossing%20power.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is used for arbitrary cookie values that are set and not empty." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wwwws1234/ucms/blob/master/Vertical%20crossing%20power.md", + "refsource": "MISC", + "url": "https://github.com/wwwws1234/ucms/blob/master/Vertical%20crossing%20power.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19575.json b/2018/19xxx/CVE-2018-19575.json index e1ece3f2def..a3541409e33 100644 --- a/2018/19xxx/CVE-2018-19575.json +++ b/2018/19xxx/CVE-2018-19575.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19575", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19575", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19783.json b/2018/19xxx/CVE-2018-19783.json index 1182c45ab58..76428062c88 100644 --- a/2018/19xxx/CVE-2018-19783.json +++ b/2018/19xxx/CVE-2018-19783.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19783", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19783", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1212.json b/2018/1xxx/CVE-2018-1212.json index e6480140880..fbcbd626f66 100644 --- a/2018/1xxx/CVE-2018-1212.json +++ b/2018/1xxx/CVE-2018-1212.json @@ -1,101 +1,101 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Security_Alert@emc.com", - "DATE_PUBLIC" : "2018-06-26T05:00:00.000Z", - "ID" : "CVE-2018-1212", - "STATE" : "PUBLIC", - "TITLE" : "Authenticated remote code execution in iDRAC 6" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "iDRAC6 (Monolithic)", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "2.91" - } - ] - } - }, - { - "product_name" : "iDRAC6 (Modular)", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "3.85" - } - ] - } - } - ] - }, - "vendor_name" : "Dell EMC" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Dell EMC would like to thank Arseniy for reporting this issue to us. " - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 8.8, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authenticated remote code execution command injection vulnerability. " - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-06-26T05:00:00.000Z", + "ID": "CVE-2018-1212", + "STATE": "PUBLIC", + "TITLE": "Authenticated remote code execution in iDRAC 6" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iDRAC6 (Monolithic)", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "2.91" + } + ] + } + }, + { + "product_name": "iDRAC6 (Modular)", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "3.85" + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494", - "refsource" : "CONFIRM", - "url" : "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Dell EMC would like to thank Arseniy for reporting this issue to us. " + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authenticated remote code execution command injection vulnerability. " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494", + "refsource": "CONFIRM", + "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1400.json b/2018/1xxx/CVE-2018-1400.json index 23e293976d4..da661ed4a6e 100644 --- a/2018/1xxx/CVE-2018-1400.json +++ b/2018/1xxx/CVE-2018-1400.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1400", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1400", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1474.json b/2018/1xxx/CVE-2018-1474.json index dd0502804eb..18ba3a3f288 100644 --- a/2018/1xxx/CVE-2018-1474.json +++ b/2018/1xxx/CVE-2018-1474.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-12-10T00:00:00", - "ID" : "CVE-2018-1474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BigFix Platform", - "version" : { - "version_data" : [ - { - "version_value" : "9.5.9" - }, - { - "version_value" : "9.2.0" - }, - { - "version_value" : "9.2.14" - }, - { - "version_value" : "9.5.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-force ID: 140692." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "N", - "S" : "C", - "SCORE" : "6.100", - "UI" : "R" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-12-10T00:00:00", + "ID": "CVE-2018-1474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BigFix Platform", + "version": { + "version_data": [ + { + "version_value": "9.5.9" + }, + { + "version_value": "9.2.0" + }, + { + "version_value": "9.2.14" + }, + { + "version_value": "9.5.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605" - }, - { - "name" : "ibm-bigfix-cve20181474-response-splitting(140692)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140692" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-force ID: 140692." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "N", + "S": "C", + "SCORE": "6.100", + "UI": "R" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10733605", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10733605" + }, + { + "name": "ibm-bigfix-cve20181474-response-splitting(140692)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140692" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1756.json b/2018/1xxx/CVE-2018-1756.json index cfcff070e2d..9867ab3c502 100644 --- a/2018/1xxx/CVE-2018-1756.json +++ b/2018/1xxx/CVE-2018-1756.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-08-27T00:00:00", - "ID" : "CVE-2018-1756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Identity Governance and Intelligence", - "version" : { - "version_data" : [ - { - "version_value" : "5.2.3.2" - }, - { - "version_value" : "5.2.4" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM X-Force ID: 148599." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "H", - "I" : "N", - "PR" : "N", - "S" : "U", - "SCORE" : "7.500", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-08-27T00:00:00", + "ID": "CVE-2018-1756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Identity Governance and Intelligence", + "version": { + "version_data": [ + { + "version_value": "5.2.3.2" + }, + { + "version_value": "5.2.4" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45392", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45392/" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10728883", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10728883" - }, - { - "name" : "ibm-sig-cve20181756-sql-injection(148599)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148599" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM X-Force ID: 148599." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "H", + "I": "N", + "PR": "N", + "S": "U", + "SCORE": "7.500", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-sig-cve20181756-sql-injection(148599)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148599" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10728883", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10728883" + }, + { + "name": "45392", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45392/" + } + ] + } +} \ No newline at end of file