diff --git a/2008/0xxx/CVE-2008-0519.json b/2008/0xxx/CVE-2008-0519.json index 2186533af72..51db1ae16fe 100644 --- a/2008/0xxx/CVE-2008-0519.json +++ b/2008/0xxx/CVE-2008-0519.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in the Atapin Jokes (com_jokes) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a CatView action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5015", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5015" - }, - { - "name" : "27522", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27522" - }, - { - "name" : "ADV-2008-0361", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0361" - }, - { - "name" : "jokes-index-sql-injection(40067)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40067" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in the Atapin Jokes (com_jokes) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a CatView action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5015", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5015" + }, + { + "name": "27522", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27522" + }, + { + "name": "jokes-index-sql-injection(40067)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40067" + }, + { + "name": "ADV-2008-0361", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0361" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0524.json b/2008/0xxx/CVE-2008-0524.json index 9f94b89788d..b9840a96801 100644 --- a/2008/0xxx/CVE-2008-0524.json +++ b/2008/0xxx/CVE-2008-0524.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0524", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the management interface in multiple Yamaha RT series routers allows remote attackers to change password settings and probably other configuration settings as administrators via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0524", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN88575577.html", - "refsource" : "CONFIRM", - "url" : "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN88575577.html" - }, - { - "name" : "JVN#88575577", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2388575577/index.html" - }, - { - "name" : "27491", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27491" - }, - { - "name" : "28690", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28690" - }, - { - "name" : "yamaha-routers-http-csrf(40015)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40015" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the management interface in multiple Yamaha RT series routers allows remote attackers to change password settings and probably other configuration settings as administrators via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN88575577.html", + "refsource": "CONFIRM", + "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN88575577.html" + }, + { + "name": "28690", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28690" + }, + { + "name": "27491", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27491" + }, + { + "name": "yamaha-routers-http-csrf(40015)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40015" + }, + { + "name": "JVN#88575577", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2388575577/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0594.json b/2008/0xxx/CVE-2008-0594.json index 48e3ed07cdd..deeb5cc7211 100644 --- a/2008/0xxx/CVE-2008-0594.json +++ b/2008/0xxx/CVE-2008-0594.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-0594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080209 rPSA-2008-0051-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487826/100/0/threaded" - }, - { - "name" : "20080212 FLEA-2008-0001-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488002/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-11.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-11.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=408164", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=408164" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0051", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0051" - }, - { - "name" : "http://browser.netscape.com/releasenotes/", - "refsource" : "CONFIRM", - "url" : "http://browser.netscape.com/releasenotes/" - }, - { - "name" : "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html" - }, - { - "name" : "DSA-1484", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1484" - }, - { - "name" : "DSA-1485", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1485" - }, - { - "name" : "DSA-1489", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1489" - }, - { - "name" : "DSA-1506", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1506" - }, - { - "name" : "FEDORA-2008-1435", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html" - }, - { - "name" : "FEDORA-2008-1535", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html" - }, - { - "name" : "GLSA-200805-18", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml" - }, - { - "name" : "MDVSA-2008:048", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:048" - }, - { - "name" : "238492", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1" - }, - { - "name" : "SUSE-SA:2008:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html" - }, - { - "name" : "USN-576-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-576-1" - }, - { - "name" : "27683", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27683" - }, - { - "name" : "ADV-2008-0453", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0453/references" - }, - { - "name" : "ADV-2008-0627", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0627/references" - }, - { - "name" : "ADV-2008-1793", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1793/references" - }, - { - "name" : "1019342", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019342" - }, - { - "name" : "28864", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28864" - }, - { - "name" : "28865", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28865" - }, - { - "name" : "28877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28877" - }, - { - "name" : "28879", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28879" - }, - { - "name" : "28924", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28924" - }, - { - "name" : "28939", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28939" - }, - { - "name" : "28958", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28958" - }, - { - "name" : "29086", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29086" - }, - { - "name" : "29567", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29567" - }, - { - "name" : "30327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30327" - }, - { - "name" : "30620", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-576-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-576-1" + }, + { + "name": "http://browser.netscape.com/releasenotes/", + "refsource": "CONFIRM", + "url": "http://browser.netscape.com/releasenotes/" + }, + { + "name": "28939", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28939" + }, + { + "name": "DSA-1506", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1506" + }, + { + "name": "30620", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30620" + }, + { + "name": "28865", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28865" + }, + { + "name": "ADV-2008-0453", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0453/references" + }, + { + "name": "28877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28877" + }, + { + "name": "28879", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28879" + }, + { + "name": "29567", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29567" + }, + { + "name": "28958", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28958" + }, + { + "name": "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html" + }, + { + "name": "30327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30327" + }, + { + "name": "238492", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1" + }, + { + "name": "DSA-1489", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1489" + }, + { + "name": "20080212 FLEA-2008-0001-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488002/100/0/threaded" + }, + { + "name": "20080209 rPSA-2008-0051-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487826/100/0/threaded" + }, + { + "name": "29086", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29086" + }, + { + "name": "28864", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28864" + }, + { + "name": "DSA-1485", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1485" + }, + { + "name": "28924", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28924" + }, + { + "name": "27683", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27683" + }, + { + "name": "ADV-2008-1793", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1793/references" + }, + { + "name": "SUSE-SA:2008:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html" + }, + { + "name": "1019342", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019342" + }, + { + "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-11.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-11.html" + }, + { + "name": "FEDORA-2008-1535", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0051", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0051" + }, + { + "name": "DSA-1484", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1484" + }, + { + "name": "ADV-2008-0627", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0627/references" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=408164", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=408164" + }, + { + "name": "GLSA-200805-18", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml" + }, + { + "name": "FEDORA-2008-1435", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html" + }, + { + "name": "MDVSA-2008:048", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:048" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0786.json b/2008/0xxx/CVE-2008-0786.json index ea389e48c71..46a0d9edf3b 100644 --- a/2008/0xxx/CVE-2008-0786.json +++ b/2008/0xxx/CVE-2008-0786.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080212 Cacti 0.8.7a Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488018/100/0/threaded" - }, - { - "name" : "20080212 cacti -- Multiple security vulnerabilities have been discovered", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488013/100/0/threaded" - }, - { - "name" : "http://www.cacti.net/release_notes_0_8_7b.php", - "refsource" : "CONFIRM", - "url" : "http://www.cacti.net/release_notes_0_8_7b.php" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=432758", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=432758" - }, - { - "name" : "FEDORA-2008-1699", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00570.html" - }, - { - "name" : "FEDORA-2008-1737", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00593.html" - }, - { - "name" : "GLSA-200803-18", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200803-18.xml" - }, - { - "name" : "MDVSA-2008:052", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:052" - }, - { - "name" : "SUSE-SR:2008:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" - }, - { - "name" : "27749", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27749" - }, - { - "name" : "ADV-2008-0540", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0540" - }, - { - "name" : "1019414", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019414" - }, - { - "name" : "28872", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28872" - }, - { - "name" : "28976", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28976" - }, - { - "name" : "29242", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29242" - }, - { - "name" : "29274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29274" - }, - { - "name" : "3657", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2008-1737", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00593.html" + }, + { + "name": "29242", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29242" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=432758", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=432758" + }, + { + "name": "3657", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3657" + }, + { + "name": "SUSE-SR:2008:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" + }, + { + "name": "GLSA-200803-18", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200803-18.xml" + }, + { + "name": "28872", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28872" + }, + { + "name": "MDVSA-2008:052", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:052" + }, + { + "name": "http://www.cacti.net/release_notes_0_8_7b.php", + "refsource": "CONFIRM", + "url": "http://www.cacti.net/release_notes_0_8_7b.php" + }, + { + "name": "29274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29274" + }, + { + "name": "20080212 cacti -- Multiple security vulnerabilities have been discovered", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488013/100/0/threaded" + }, + { + "name": "ADV-2008-0540", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0540" + }, + { + "name": "27749", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27749" + }, + { + "name": "28976", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28976" + }, + { + "name": "FEDORA-2008-1699", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00570.html" + }, + { + "name": "1019414", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019414" + }, + { + "name": "20080212 Cacti 0.8.7a Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488018/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1952.json b/2008/1xxx/CVE-2008-1952.json index f2ef4c1939d..f0007b9bd6e 100644 --- a/2008/1xxx/CVE-2008-1952.json +++ b/2008/1xxx/CVE-2008-1952.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1952", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service (crash) by mapping an arbitrary amount of guest memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-1952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Xen-devel] 20080521 [PATCH] ioemu: Fix PVFB backend to limit frame buffer size", - "refsource" : "MLIST", - "url" : "http://lists.xensource.com/archives/html/xen-devel/2008-05/msg00421.html" - }, - { - "name" : "[oss-security] 20080521 New Xen ioemu: PVFB backend issue", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/05/21/9" - }, - { - "name" : "http://xenbits.xensource.com/xen-unstable.hg?rev/9044705960cb30cec385bdca7305bcf7db096721", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xensource.com/xen-unstable.hg?rev/9044705960cb30cec385bdca7305bcf7db096721" - }, - { - "name" : "RHSA-2008:0892", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2008-0892.html" - }, - { - "name" : "30646", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30646" - }, - { - "name" : "oval:org.mitre.oval:def:11189", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11189" - }, - { - "name" : "1020957", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020957" - }, - { - "name" : "32088", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32088" - }, - { - "name" : "xen-pvfb-ioemu-dos(43362)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service (crash) by mapping an arbitrary amount of guest memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32088", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32088" + }, + { + "name": "[oss-security] 20080521 New Xen ioemu: PVFB backend issue", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/05/21/9" + }, + { + "name": "http://xenbits.xensource.com/xen-unstable.hg?rev/9044705960cb30cec385bdca7305bcf7db096721", + "refsource": "CONFIRM", + "url": "http://xenbits.xensource.com/xen-unstable.hg?rev/9044705960cb30cec385bdca7305bcf7db096721" + }, + { + "name": "oval:org.mitre.oval:def:11189", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11189" + }, + { + "name": "1020957", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020957" + }, + { + "name": "[Xen-devel] 20080521 [PATCH] ioemu: Fix PVFB backend to limit frame buffer size", + "refsource": "MLIST", + "url": "http://lists.xensource.com/archives/html/xen-devel/2008-05/msg00421.html" + }, + { + "name": "xen-pvfb-ioemu-dos(43362)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43362" + }, + { + "name": "RHSA-2008:0892", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2008-0892.html" + }, + { + "name": "30646", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30646" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1979.json b/2008/1xxx/CVE-2008-1979.json index 3b8574ff42c..4c483975476 100644 --- a/2008/1xxx/CVE-2008-1979.json +++ b/2008/1xxx/CVE-2008-1979.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large integer value used in an increment to TCP port 41523, which triggers a buffer over-read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080618 CA ARCserve Backup Discovery Service Denial of Service Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493430/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/carcbackazz-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/carcbackazz-adv.txt" - }, - { - "name" : "28927", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28927" - }, - { - "name" : "ADV-2008-1354", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1354" - }, - { - "name" : "1020324", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020324" - }, - { - "name" : "29855", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29855" - }, - { - "name" : "ca-arcservebackup-casdscvc-dos(41869)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41869" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large integer value used in an increment to TCP port 41523, which triggers a buffer over-read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/carcbackazz-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/carcbackazz-adv.txt" + }, + { + "name": "20080618 CA ARCserve Backup Discovery Service Denial of Service Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493430/100/0/threaded" + }, + { + "name": "29855", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29855" + }, + { + "name": "28927", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28927" + }, + { + "name": "1020324", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020324" + }, + { + "name": "ADV-2008-1354", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1354" + }, + { + "name": "ca-arcservebackup-casdscvc-dos(41869)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41869" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3684.json b/2008/3xxx/CVE-2008-3684.json index 356feccf53d..8f69c3a0c85 100644 --- a/2008/3xxx/CVE-2008-3684.json +++ b/2008/3xxx/CVE-2008-3684.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in aws_tmxn.exe in the Admin Agent service in the server in EMC Documentum ApplicationXtender Workflow, possibly 5.40 SP1 and earlier, allows remote attackers to execute arbitrary code via crafted packet data to TCP port 2606." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-096/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-096/" - }, - { - "name" : "37070", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in aws_tmxn.exe in the Admin Agent service in the server in EMC Documentum ApplicationXtender Workflow, possibly 5.40 SP1 and earlier, allows remote attackers to execute arbitrary code via crafted packet data to TCP port 2606." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-096/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-096/" + }, + { + "name": "37070", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37070" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3879.json b/2008/3xxx/CVE-2008-3879.json index 7adf98ac775..7395f0a6b60 100644 --- a/2008/3xxx/CVE-2008-3879.json +++ b/2008/3xxx/CVE-2008-3879.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 and earlier in Ultra Shareware Ultra Office Control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument (SaveAsDocument argument) to the Save method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6319", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6319" - }, - { - "name" : "http://www.shinnai.net/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1219827906.ff.php", - "refsource" : "MISC", - "url" : "http://www.shinnai.net/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1219827906.ff.php" - }, - { - "name" : "http://www.shinnai.net/xplits/TXT_NPku7jFjRufaz85U6Lxn.html", - "refsource" : "MISC", - "url" : "http://www.shinnai.net/xplits/TXT_NPku7jFjRufaz85U6Lxn.html" - }, - { - "name" : "30863", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30863" - }, - { - "name" : "31632", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31632" - }, - { - "name" : "4201", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4201" - }, - { - "name" : "uoc-ultraofficecontrol-file-overwrite(44750)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44750" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 and earlier in Ultra Shareware Ultra Office Control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument (SaveAsDocument argument) to the Save method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6319", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6319" + }, + { + "name": "4201", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4201" + }, + { + "name": "uoc-ultraofficecontrol-file-overwrite(44750)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44750" + }, + { + "name": "31632", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31632" + }, + { + "name": "http://www.shinnai.net/xplits/TXT_NPku7jFjRufaz85U6Lxn.html", + "refsource": "MISC", + "url": "http://www.shinnai.net/xplits/TXT_NPku7jFjRufaz85U6Lxn.html" + }, + { + "name": "http://www.shinnai.net/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1219827906.ff.php", + "refsource": "MISC", + "url": "http://www.shinnai.net/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1219827906.ff.php" + }, + { + "name": "30863", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30863" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4052.json b/2008/4xxx/CVE-2008-4052.json index de2f97d1e74..75f23ff0fbf 100644 --- a/2008/4xxx/CVE-2008-4052.json +++ b/2008/4xxx/CVE-2008-4052.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity Servers 8.2-1, 8.3, and 8.3-1H1 and OpenVMS ALPHA 7.3-2, 8.2, and 8.3 allows local users to cause a denial of service (crash) or gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[alerts] 20080820 VMS732_SMGRTL-V0100, ECO Kit Release", - "refsource" : "MLIST", - "url" : "http://mail.openvms.org:8100/Lists/alerts/Message/835.html" - }, - { - "name" : "[alerts] 20080820 VMS821I_SMGRTL-V0100, ECO Kit Release", - "refsource" : "MLIST", - "url" : "http://mail.openvms.org:8100/Lists/alerts/Message/837.html" - }, - { - "name" : "[alerts] 20080820 VMS82A_SMGRTL-V0100, ECO Kit Release", - "refsource" : "MLIST", - "url" : "http://mail.openvms.org:8100/Lists/alerts/Message/836.html" - }, - { - "name" : "[alerts] 20080820 VMS831H1I_SMGRTL-V0100, ECO Kit Release", - "refsource" : "MLIST", - "url" : "http://mail.openvms.org:8100/Lists/alerts/Message/832.html" - }, - { - "name" : "[alerts] 20080820 VMS83A_SMGRTL-V0100, ECO Kit Release", - "refsource" : "MLIST", - "url" : "http://mail.openvms.org:8100/Lists/alerts/Message/834.html" - }, - { - "name" : "[alerts] 20080820 VMS83I_SMGRTL-V0100, ECO Kit Release", - "refsource" : "MLIST", - "url" : "http://mail.openvms.org:8100/Lists/alerts/Message/833.html" - }, - { - "name" : "ADV-2008-2439", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2439" - }, - { - "name" : "31581", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31581" - }, - { - "name" : "openvms-smgshr-bo(44664)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44664" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity Servers 8.2-1, 8.3, and 8.3-1H1 and OpenVMS ALPHA 7.3-2, 8.2, and 8.3 allows local users to cause a denial of service (crash) or gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[alerts] 20080820 VMS821I_SMGRTL-V0100, ECO Kit Release", + "refsource": "MLIST", + "url": "http://mail.openvms.org:8100/Lists/alerts/Message/837.html" + }, + { + "name": "[alerts] 20080820 VMS83A_SMGRTL-V0100, ECO Kit Release", + "refsource": "MLIST", + "url": "http://mail.openvms.org:8100/Lists/alerts/Message/834.html" + }, + { + "name": "openvms-smgshr-bo(44664)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44664" + }, + { + "name": "[alerts] 20080820 VMS732_SMGRTL-V0100, ECO Kit Release", + "refsource": "MLIST", + "url": "http://mail.openvms.org:8100/Lists/alerts/Message/835.html" + }, + { + "name": "ADV-2008-2439", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2439" + }, + { + "name": "[alerts] 20080820 VMS83I_SMGRTL-V0100, ECO Kit Release", + "refsource": "MLIST", + "url": "http://mail.openvms.org:8100/Lists/alerts/Message/833.html" + }, + { + "name": "[alerts] 20080820 VMS82A_SMGRTL-V0100, ECO Kit Release", + "refsource": "MLIST", + "url": "http://mail.openvms.org:8100/Lists/alerts/Message/836.html" + }, + { + "name": "31581", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31581" + }, + { + "name": "[alerts] 20080820 VMS831H1I_SMGRTL-V0100, ECO Kit Release", + "refsource": "MLIST", + "url": "http://mail.openvms.org:8100/Lists/alerts/Message/832.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4239.json b/2008/4xxx/CVE-2008-4239.json index 9041bb7f810..4528d3fce3b 100644 --- a/2008/4xxx/CVE-2008-4239.json +++ b/2008/4xxx/CVE-2008-4239.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4239", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4239", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4295.json b/2008/4xxx/CVE-2008-4295.json index b56b20ac499..35cc3f0f9d2 100644 --- a/2008/4xxx/CVE-2008-4295.json +++ b/2008/4xxx/CVE-2008-4295.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6582", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6582" - }, - { - "name" : "31420", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31420" - }, - { - "name" : "32066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32066" - }, - { - "name" : "windowsmobile-bluetooth-dos(45463)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45463" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "windowsmobile-bluetooth-dos(45463)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45463" + }, + { + "name": "32066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32066" + }, + { + "name": "31420", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31420" + }, + { + "name": "6582", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6582" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4321.json b/2008/4xxx/CVE-2008-4321.json index 6d8a4a41a23..f2988a0de0c 100644 --- a/2008/4xxx/CVE-2008-4321.json +++ b/2008/4xxx/CVE-2008-4321.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FTP servers to execute arbitrary code via a long response to the PWD command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6248", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6248" - }, - { - "name" : "6256", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6256" - }, - { - "name" : "30685", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30685" - }, - { - "name" : "6240", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6240" - }, - { - "name" : "31481", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31481" - }, - { - "name" : "4327", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4327" - }, - { - "name" : "ADV-2008-2381", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2381" - }, - { - "name" : "flashget-ftppwd-bo(44443)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FTP servers to execute arbitrary code via a long response to the PWD command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6256", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6256" + }, + { + "name": "30685", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30685" + }, + { + "name": "flashget-ftppwd-bo(44443)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44443" + }, + { + "name": "31481", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31481" + }, + { + "name": "6240", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6240" + }, + { + "name": "4327", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4327" + }, + { + "name": "ADV-2008-2381", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2381" + }, + { + "name": "6248", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6248" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2293.json b/2013/2xxx/CVE-2013-2293.json index 0d33dfe1ebe..d5349636216 100644 --- a/2013/2xxx/CVE-2013-2293.json +++ b/2013/2xxx/CVE-2013-2293.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2293", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attackers to cause a denial of service (disk I/O consumption) via a Bitcoin transaction with many inputs corresponding to many different parts of the stored block chain." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2293", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bitcointalk.org/?topic=144122", - "refsource" : "CONFIRM", - "url" : "https://bitcointalk.org/?topic=144122" - }, - { - "name" : "https://en.bitcoin.it/wiki/CVE-2013-2293", - "refsource" : "CONFIRM", - "url" : "https://en.bitcoin.it/wiki/CVE-2013-2293" - }, - { - "name" : "https://en.bitcoin.it/wiki/CVEs", - "refsource" : "CONFIRM", - "url" : "https://en.bitcoin.it/wiki/CVEs" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attackers to cause a denial of service (disk I/O consumption) via a Bitcoin transaction with many inputs corresponding to many different parts of the stored block chain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://en.bitcoin.it/wiki/CVE-2013-2293", + "refsource": "CONFIRM", + "url": "https://en.bitcoin.it/wiki/CVE-2013-2293" + }, + { + "name": "https://bitcointalk.org/?topic=144122", + "refsource": "CONFIRM", + "url": "https://bitcointalk.org/?topic=144122" + }, + { + "name": "https://en.bitcoin.it/wiki/CVEs", + "refsource": "CONFIRM", + "url": "https://en.bitcoin.it/wiki/CVEs" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2313.json b/2013/2xxx/CVE-2013-2313.json index 225e5c42702..05deacb72cc 100644 --- a/2013/2xxx/CVE-2013-2313.json +++ b/2013/2xxx/CVE-2013-2313.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to hijack web sessions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-2313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://svn.ec-cube.net/open_trac/changeset/22804", - "refsource" : "CONFIRM", - "url" : "http://svn.ec-cube.net/open_trac/changeset/22804" - }, - { - "name" : "http://svn.ec-cube.net/open_trac/changeset/22805", - "refsource" : "CONFIRM", - "url" : "http://svn.ec-cube.net/open_trac/changeset/22805" - }, - { - "name" : "http://www.ec-cube.net/info/weakness/weakness.php?id=40", - "refsource" : "CONFIRM", - "url" : "http://www.ec-cube.net/info/weakness/weakness.php?id=40" - }, - { - "name" : "JVN#00985872", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN00985872/index.html" - }, - { - "name" : "JVNDB-2013-000042", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000042" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to hijack web sessions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2013-000042", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000042" + }, + { + "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=40", + "refsource": "CONFIRM", + "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=40" + }, + { + "name": "http://svn.ec-cube.net/open_trac/changeset/22805", + "refsource": "CONFIRM", + "url": "http://svn.ec-cube.net/open_trac/changeset/22805" + }, + { + "name": "JVN#00985872", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN00985872/index.html" + }, + { + "name": "http://svn.ec-cube.net/open_trac/changeset/22804", + "refsource": "CONFIRM", + "url": "http://svn.ec-cube.net/open_trac/changeset/22804" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2382.json b/2013/2xxx/CVE-2013-2382.json index e18da6515d6..907d5d29e22 100644 --- a/2013/2xxx/CVE-2013-2382.json +++ b/2013/2xxx/CVE-2013-2382.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows local users to affect confidentiality via vectors related to BASE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-2382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows local users to affect confidentiality via vectors related to BASE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3137.json b/2013/3xxx/CVE-2013-3137.json index 3a1d9988450..d3efe460f92 100644 --- a/2013/3xxx/CVE-2013-3137.json +++ b/2013/3xxx/CVE-2013-3137.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft FrontPage 2003 SP3 does not properly parse DTDs, which allows remote attackers to obtain sensitive information via crafted XML data in a FrontPage document, aka \"XML Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-078", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-078" - }, - { - "name" : "TA13-253A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-253A" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft FrontPage 2003 SP3 does not properly parse DTDs, which allows remote attackers to obtain sensitive information via crafted XML data in a FrontPage document, aka \"XML Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-078", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-078" + }, + { + "name": "TA13-253A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-253A" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3217.json b/2013/3xxx/CVE-2013-3217.json index 40c100c1916..1f3f0c1b61e 100644 --- a/2013/3xxx/CVE-2013-3217.json +++ b/2013/3xxx/CVE-2013-3217.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3217", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3217", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3682.json b/2013/3xxx/CVE-2013-3682.json index 7e030eaaef3..680251a3aa7 100644 --- a/2013/3xxx/CVE-2013-3682.json +++ b/2013/3xxx/CVE-2013-3682.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3682", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3682", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3696.json b/2013/3xxx/CVE-2013-3696.json index 64be582d818..31a4c03b294 100644 --- a/2013/3xxx/CVE-2013-3696.json +++ b/2013/3xxx/CVE-2013-3696.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3696", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3696", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6107.json b/2013/6xxx/CVE-2013-6107.json index 020e03ad74f..56604190202 100644 --- a/2013/6xxx/CVE-2013-6107.json +++ b/2013/6xxx/CVE-2013-6107.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6107", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6107", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6260.json b/2013/6xxx/CVE-2013-6260.json index 4a382f1644b..8a38305c8cd 100644 --- a/2013/6xxx/CVE-2013-6260.json +++ b/2013/6xxx/CVE-2013-6260.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6260", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6260", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6277.json b/2013/6xxx/CVE-2013-6277.json index 51b8ef3648a..19a9fad4af9 100644 --- a/2013/6xxx/CVE-2013-6277.json +++ b/2013/6xxx/CVE-2013-6277.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6277", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6277", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6639.json b/2013/6xxx/CVE-2013-6639.json index ef9baae6edf..8f900d5a9ba 100644 --- a/2013/6xxx/CVE-2013-6639.json +++ b/2013/6xxx/CVE-2013-6639.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/v8/source/detail?r=17801", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/v8/source/detail?r=17801" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=319835", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=319835" - }, - { - "name" : "DSA-2811", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2811" - }, - { - "name" : "openSUSE-SU-2013:1927", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.html" - }, - { - "name" : "openSUSE-SU-2013:1933", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.html" - }, - { - "name" : "openSUSE-SU-2013:1960", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00122.html" - }, - { - "name" : "openSUSE-SU-2013:1962", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00124.html" - }, - { - "name" : "openSUSE-SU-2014:0092", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00063.html" - }, - { - "name" : "openSUSE-SU-2014:0065", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" - }, - { - "name" : "1029442", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029442" - }, - { - "name" : "56216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56216" - }, - { - "name" : "56217", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/v8/source/detail?r=17801", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/v8/source/detail?r=17801" + }, + { + "name": "56217", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56217" + }, + { + "name": "openSUSE-SU-2013:1962", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00124.html" + }, + { + "name": "openSUSE-SU-2014:0092", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00063.html" + }, + { + "name": "openSUSE-SU-2013:1960", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00122.html" + }, + { + "name": "openSUSE-SU-2014:0065", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=319835", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=319835" + }, + { + "name": "openSUSE-SU-2013:1933", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.html" + }, + { + "name": "DSA-2811", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2811" + }, + { + "name": "openSUSE-SU-2013:1927", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.html" + }, + { + "name": "56216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56216" + }, + { + "name": "1029442", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029442" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7097.json b/2013/7xxx/CVE-2013-7097.json index e97f6673065..4bca5498944 100644 --- a/2013/7xxx/CVE-2013-7097.json +++ b/2013/7xxx/CVE-2013-7097.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in 7 Media Web Solutions eduTrac before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the showmask parameter to installer/overview.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB23190", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23190" - }, - { - "name" : "64255", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in 7 Media Web Solutions eduTrac before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the showmask parameter to installer/overview.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64255", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64255" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23190", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23190" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7138.json b/2013/7xxx/CVE-2013-7138.json index 332e70d44e2..745b788706a 100644 --- a/2013/7xxx/CVE-2013-7138.json +++ b/2013/7xxx/CVE-2013-7138.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB23191", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23191" - }, - { - "name" : "64717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64717" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64717" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23191", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23191" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7398.json b/2013/7xxx/CVE-2013-7398.json index 9b55da7fff1..152b283845e 100644 --- a/2013/7xxx/CVE-2013-7398.json +++ b/2013/7xxx/CVE-2013-7398.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140825 Re: CVE Request: Multiple issues in com.ning:async-http-client", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/08/26/1" - }, - { - "name" : "https://github.com/AsyncHttpClient/async-http-client/issues/197", - "refsource" : "CONFIRM", - "url" : "https://github.com/AsyncHttpClient/async-http-client/issues/197" - }, - { - "name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20", - "refsource" : "CONFIRM", - "url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20" - }, - { - "name" : "RHSA-2015:1176", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1176.html" - }, - { - "name" : "RHSA-2015:1551", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1551.html" - }, - { - "name" : "RHSA-2015:0850", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0850.html" - }, - { - "name" : "RHSA-2015:0851", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0851.html" - }, - { - "name" : "69317", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69317" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69317", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69317" + }, + { + "name": "RHSA-2015:0850", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html" + }, + { + "name": "RHSA-2015:1176", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1176.html" + }, + { + "name": "https://github.com/AsyncHttpClient/async-http-client/issues/197", + "refsource": "CONFIRM", + "url": "https://github.com/AsyncHttpClient/async-http-client/issues/197" + }, + { + "name": "RHSA-2015:0851", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html" + }, + { + "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20", + "refsource": "CONFIRM", + "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20" + }, + { + "name": "[oss-security] 20140825 Re: CVE Request: Multiple issues in com.ning:async-http-client", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/08/26/1" + }, + { + "name": "RHSA-2015:1551", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1551.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10246.json b/2017/10xxx/CVE-2017-10246.json index 1f4d841c03e..b60306d2706 100644 --- a/2017/10xxx/CVE-2017-10246.json +++ b/2017/10xxx/CVE-2017-10246.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Application Object Library", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: iHelp). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data as well as unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data as well as unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Object Library", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42340", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42340/" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99625" - }, - { - "name" : "1038926", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038926" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: iHelp). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data as well as unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data as well as unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99625" + }, + { + "name": "42340", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42340/" + }, + { + "name": "1038926", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038926" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10418.json b/2017/10xxx/CVE-2017-10418.json index a9086b4ab19..b4e576c7539 100644 --- a/2017/10xxx/CVE-2017-10418.json +++ b/2017/10xxx/CVE-2017-10418.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.56" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PeopleSoft CDA). The supported version that is affected is 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.56" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101462", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101462" - }, - { - "name" : "1039598", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039598" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PeopleSoft CDA). The supported version that is affected is 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101462", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101462" + }, + { + "name": "1039598", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039598" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10813.json b/2017/10xxx/CVE-2017-10813.json index 412364cc677..b1d75647fbd 100644 --- a/2017/10xxx/CVE-2017-10813.json +++ b/2017/10xxx/CVE-2017-10813.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-10813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-10813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.corega.jp/support/security/20170908_wlr300nm.htm", - "refsource" : "MISC", - "url" : "http://www.corega.jp/support/security/20170908_wlr300nm.htm" - }, - { - "name" : "JVN#00719891", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN00719891/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.corega.jp/support/security/20170908_wlr300nm.htm", + "refsource": "MISC", + "url": "http://www.corega.jp/support/security/20170908_wlr300nm.htm" + }, + { + "name": "JVN#00719891", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN00719891/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10842.json b/2017/10xxx/CVE-2017-10842.json index a1f762e15a6..283df43b81d 100644 --- a/2017/10xxx/CVE-2017-10842.json +++ b/2017/10xxx/CVE-2017-10842.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-10842", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "baserCMS", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.14 and earlier" - }, - { - "version_value" : "4.0.5 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "baserCMS Users Community" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-10842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "baserCMS", + "version": { + "version_data": [ + { + "version_value": "3.0.14 and earlier" + }, + { + "version_value": "4.0.5 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "baserCMS Users Community" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://basercms.net/security/JVN78151490", - "refsource" : "MISC", - "url" : "https://basercms.net/security/JVN78151490" - }, - { - "name" : "JVN#78151490", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN78151490/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://basercms.net/security/JVN78151490", + "refsource": "MISC", + "url": "https://basercms.net/security/JVN78151490" + }, + { + "name": "JVN#78151490", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN78151490/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10977.json b/2017/10xxx/CVE-2017-10977.json index ce4ab7d1277..99995d2d532 100644 --- a/2017/10xxx/CVE-2017-10977.json +++ b/2017/10xxx/CVE-2017-10977.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10977", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10977", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14294.json b/2017/14xxx/CVE-2017-14294.json index 9e382eb99a7..487ade1e636 100644 --- a/2017/14xxx/CVE-2017-14294.json +++ b/2017/14xxx/CVE-2017-14294.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000566e.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14294", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000566e.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14294", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14294" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14660.json b/2017/14xxx/CVE-2017-14660.json index 15aa33a3efa..a7173015f83 100644 --- a/2017/14xxx/CVE-2017-14660.json +++ b/2017/14xxx/CVE-2017-14660.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14660", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-14660", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14865.json b/2017/14xxx/CVE-2017-14865.json index 8ede4cfae9b..85d149fe687 100644 --- a/2017/14xxx/CVE-2017-14865.json +++ b/2017/14xxx/CVE-2017-14865.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14865", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1494778", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1494778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1494778", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494778" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17301.json b/2017/17xxx/CVE-2017-17301.json index 3dd815a282d..f718a816cb5 100644 --- a/2017/17xxx/CVE-2017-17301.json +++ b/2017/17xxx/CVE-2017-17301.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-17301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "AR120-S,AR1200,AR1200-S,AR150,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR3600,AR510,CloudEngine 12800,CloudEngine 5800,CloudEngine 6800,CloudEngine 7800,DP300,SMC2.0,SRG1300,SRG2300,SRG3300,TE30,TE60,VP9660,ViewPoint 8660,eSpace IAD,eSpace U1981,eSpace USM", - "version" : { - "version_data" : [ - { - "version_value" : "AR120-SV200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1200V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR1200-SV200R005C32, V200R006C10, V200R007C00, V200R008C20, AR150V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR160V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR200V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR200-SV200R005C32, V200R006C10, V200R007C00, V200R008C20, AR2200V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR2200-SV200R005C32, V200R006C10, V200R007C00, V200R008C20, AR3200V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510V200R005C32, V200R006C10, V200R007C00, V200R008C20, CloudEngine 12800V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 5800V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 6800V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 7800V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, DP300V500R002C00, SMC2.0V100R003C10, V100R005C00, V500R002C00, SRG1300V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG2300V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG3300V200R005C32, V200R006C10, V200R007C00, V200R008C20, TE30V100R001C10, TE60V100R003C00, V500R002C00, VP9660V200R001C02, V200R001C30, V500R002C00, ViewPoint 8660V100R008C02, V100R008C03, eSpace IADV300R002C01, eSpace U1981V200R003C20, V200R003C30, eSpace USMV100R001C01, V300R001C00" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1200 V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR160 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR2200 V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR2200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR3200 V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R005C32, V200R006C10, V200R007C00, V200R008C20, CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 5800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 6800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 7800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, DP300 V500R002C00, SMC2.0 V100R003C10, V100R005C00, V500R002C00, SRG1300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG2300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG3300 V200R005C32, V200R006C10, V200R007C00, V200R008C20, TE30 V100R001C10, TE60 V100R003C00, V500R002C00, VP9660 V200R001C02, V200R001C30, V500R002C00, ViewPoint 8660 V100R008C02, V100R008C03, eSpace IAD V300R002C01, eSpace U1981 V200R003C20, V200R003C30, eSpace USM V100R001C01, V300R001C00 have a weak cryptography vulnerability. Due to not properly some values in the certificates, an unauthenticated remote attacker could forges a specific RSA certificate and exploits the vulnerability to pass identity authentication and logs into the target device to obtain permissions configured for the specific user name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "weak cryptography" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-17301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AR120-S,AR1200,AR1200-S,AR150,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR3600,AR510,CloudEngine 12800,CloudEngine 5800,CloudEngine 6800,CloudEngine 7800,DP300,SMC2.0,SRG1300,SRG2300,SRG3300,TE30,TE60,VP9660,ViewPoint 8660,eSpace IAD,eSpace U1981,eSpace USM", + "version": { + "version_data": [ + { + "version_value": "AR120-SV200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1200V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR1200-SV200R005C32, V200R006C10, V200R007C00, V200R008C20, AR150V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR160V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR200V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR200-SV200R005C32, V200R006C10, V200R007C00, V200R008C20, AR2200V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR2200-SV200R005C32, V200R006C10, V200R007C00, V200R008C20, AR3200V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510V200R005C32, V200R006C10, V200R007C00, V200R008C20, CloudEngine 12800V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 5800V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 6800V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 7800V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, DP300V500R002C00, SMC2.0V100R003C10, V100R005C00, V500R002C00, SRG1300V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG2300V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG3300V200R005C32, V200R006C10, V200R007C00, V200R008C20, TE30V100R001C10, TE60V100R003C00, V500R002C00, VP9660V200R001C02, V200R001C30, V500R002C00, ViewPoint 8660V100R008C02, V100R008C03, eSpace IADV300R002C01, eSpace U1981V200R003C20, V200R003C30, eSpace USMV100R001C01, V300R001C00" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171222-01-cryptography-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171222-01-cryptography-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1200 V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR160 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR2200 V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR2200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR3200 V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R005C32, V200R006C10, V200R007C00, V200R008C20, CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 5800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 6800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 7800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, DP300 V500R002C00, SMC2.0 V100R003C10, V100R005C00, V500R002C00, SRG1300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG2300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG3300 V200R005C32, V200R006C10, V200R007C00, V200R008C20, TE30 V100R001C10, TE60 V100R003C00, V500R002C00, VP9660 V200R001C02, V200R001C30, V500R002C00, ViewPoint 8660 V100R008C02, V100R008C03, eSpace IAD V300R002C01, eSpace U1981 V200R003C20, V200R003C30, eSpace USM V100R001C01, V300R001C00 have a weak cryptography vulnerability. Due to not properly some values in the certificates, an unauthenticated remote attacker could forges a specific RSA certificate and exploits the vulnerability to pass identity authentication and logs into the target device to obtain permissions configured for the specific user name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "weak cryptography" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171222-01-cryptography-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171222-01-cryptography-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17336.json b/2017/17xxx/CVE-2017-17336.json index b69d3fcd3f8..f609280c243 100644 --- a/2017/17xxx/CVE-2017-17336.json +++ b/2017/17xxx/CVE-2017-17336.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17336", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17336", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17661.json b/2017/17xxx/CVE-2017-17661.json index 57267e09f6e..59209037519 100644 --- a/2017/17xxx/CVE-2017-17661.json +++ b/2017/17xxx/CVE-2017-17661.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17661", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17661", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17768.json b/2017/17xxx/CVE-2017-17768.json index df5e817f0d1..6258a3bc741 100644 --- a/2017/17xxx/CVE-2017-17768.json +++ b/2017/17xxx/CVE-2017-17768.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17768", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17768", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9349.json b/2017/9xxx/CVE-2017-9349.json index b5e9b8dbbab..802470a24d5 100644 --- a/2017/9xxx/CVE-2017-9349.json +++ b/2017/9xxx/CVE-2017-9349.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1329", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1329" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13685", - "refsource" : "MISC", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13685" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cb1b6494c44c9e939d9e2554de6b812de395e3f9", - "refsource" : "MISC", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cb1b6494c44c9e939d9e2554de6b812de395e3f9" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2017-27.html", - "refsource" : "MISC", - "url" : "https://www.wireshark.org/security/wnpa-sec-2017-27.html" - }, - { - "name" : "98803", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98803" - }, - { - "name" : "1038612", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038612" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cb1b6494c44c9e939d9e2554de6b812de395e3f9", + "refsource": "MISC", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cb1b6494c44c9e939d9e2554de6b812de395e3f9" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2017-27.html", + "refsource": "MISC", + "url": "https://www.wireshark.org/security/wnpa-sec-2017-27.html" + }, + { + "name": "98803", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98803" + }, + { + "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1329", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1329" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13685", + "refsource": "MISC", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13685" + }, + { + "name": "1038612", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038612" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9987.json b/2017/9xxx/CVE-2017-9987.json index 3f442b81fcc..0cd49730747 100644 --- a/2017/9xxx/CVE-2017-9987.json +++ b/2017/9xxx/CVE-2017-9987.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a heap-based buffer overflow in the function hpel_motion in mpegvideo_motion.c in libav 12.1. A crafted input can lead to a remote denial of service attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.libav.org/show_bug.cgi?id=1067", - "refsource" : "MISC", - "url" : "https://bugzilla.libav.org/show_bug.cgi?id=1067" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a heap-based buffer overflow in the function hpel_motion in mpegvideo_motion.c in libav 12.1. A crafted input can lead to a remote denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.libav.org/show_bug.cgi?id=1067", + "refsource": "MISC", + "url": "https://bugzilla.libav.org/show_bug.cgi?id=1067" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0257.json b/2018/0xxx/CVE-2018-0257.json index fb2c36ce174..522eb9daa37 100644 --- a/2018/0xxx/CVE-2018-0257.json +++ b/2018/0xxx/CVE-2018-0257.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco cBR Series Converged Broadband Routers", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco cBR Series Converged Broadband Routers" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco IOS XE Software running on Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, adjacent attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the incorrect handling of certain DHCP packets. An attacker could exploit this vulnerability by sending certain DHCP packets to a specific segment of an affected device. A successful exploit could allow the attacker to increase CPU usage on the affected device and cause a DoS condition. Cisco Bug IDs: CSCvg73687." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco cBR Series Converged Broadband Routers", + "version": { + "version_data": [ + { + "version_value": "Cisco cBR Series Converged Broadband Routers" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-cbr8", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-cbr8" - }, - { - "name" : "103948", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103948" - }, - { - "name" : "1040716", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040716" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco IOS XE Software running on Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, adjacent attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the incorrect handling of certain DHCP packets. An attacker could exploit this vulnerability by sending certain DHCP packets to a specific segment of an affected device. A successful exploit could allow the attacker to increase CPU usage on the affected device and cause a DoS condition. Cisco Bug IDs: CSCvg73687." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040716", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040716" + }, + { + "name": "103948", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103948" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-cbr8", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-cbr8" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0296.json b/2018/0xxx/CVE-2018-0296.json index 32d2cca5fec..a4c59bd0e6a 100644 --- a/2018/0xxx/CVE-2018-0296.json +++ b/2018/0xxx/CVE-2018-0296.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Adaptive Security Appliance unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Adaptive Security Appliance unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Adaptive Security Appliance unknown", + "version": { + "version_data": [ + { + "version_value": "Cisco Adaptive Security Appliance unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44956", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44956/" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01" - }, - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd" - }, - { - "name" : "104612", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104612" - }, - { - "name" : "1041076", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104612", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104612" + }, + { + "name": "44956", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44956/" + }, + { + "name": "1041076", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041076" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0637.json b/2018/0xxx/CVE-2018-0637.json index c5e3700498a..160ff0828b1 100644 --- a/2018/0xxx/CVE-2018-0637.json +++ b/2018/0xxx/CVE-2018-0637.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0637", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HC100RC", - "version" : { - "version_data" : [ - { - "version_value" : "Ver1.0.1 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "NEC Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HC100RC", + "version": { + "version_data": [ + { + "version_value": "Ver1.0.1 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jpn.nec.com/security-info/secinfo/nv18-011.html", - "refsource" : "MISC", - "url" : "https://jpn.nec.com/security-info/secinfo/nv18-011.html" - }, - { - "name" : "JVN#84825660", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN84825660/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#84825660", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN84825660/index.html" + }, + { + "name": "https://jpn.nec.com/security-info/secinfo/nv18-011.html", + "refsource": "MISC", + "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0991.json b/2018/0xxx/CVE-2018-0991.json index 3993422d6ae..8568a90b1c4 100644 --- a/2018/0xxx/CVE-2018-0991.json +++ b/2018/0xxx/CVE-2018-0991.json @@ -1,133 +1,133 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-0991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer 11", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1511 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1511 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "Windows 8.1 for x64-based systems" - }, - { - "version_value" : "Windows RT 8.1" - }, - { - "version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows Server 2012 R2" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "Internet Explorer 10", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2012" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability.\" This affects Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0870, CVE-2018-0997, CVE-2018-1018, CVE-2018-1020." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-0991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1511 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1511 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "Internet Explorer 10", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2012" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0991", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0991" - }, - { - "name" : "103614", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103614" - }, - { - "name" : "1040653", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040653" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability.\" This affects Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0870, CVE-2018-0997, CVE-2018-1018, CVE-2018-1020." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103614", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103614" + }, + { + "name": "1040653", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040653" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0991", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0991" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000079.json b/2018/1000xxx/CVE-2018-1000079.json index 8302b483b01..4b01d89a3a3 100644 --- a/2018/1000xxx/CVE-2018-1000079.json +++ b/2018/1000xxx/CVE-2018-1000079.json @@ -1,109 +1,109 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2/18/2018 8:11:09", - "ID" : "CVE-2018-1000079", - "REQUESTER" : "craig.ingram@salesforce.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RubyGems", - "version" : { - "version_data" : [ - { - "version_value" : "Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422" - } - ] - } - } - ] - }, - "vendor_name" : "RubyGems" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory Traversal" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2/18/2018 8:11:09", + "ID": "CVE-2018-1000079", + "REQUESTER": "craig.ingram@salesforce.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html" - }, - { - "name" : "http://blog.rubygems.org/2018/02/15/2.7.6-released.html", - "refsource" : "MISC", - "url" : "http://blog.rubygems.org/2018/02/15/2.7.6-released.html" - }, - { - "name" : "https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099", - "refsource" : "MISC", - "url" : "https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099" - }, - { - "name" : "https://github.com/rubygems/rubygems/commit/f83f911e19e27cbac1ccce7471d96642241dd759", - "refsource" : "MISC", - "url" : "https://github.com/rubygems/rubygems/commit/f83f911e19e27cbac1ccce7471d96642241dd759" - }, - { - "name" : "DSA-4219", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4219" - }, - { - "name" : "DSA-4259", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4259" - }, - { - "name" : "RHSA-2018:3729", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3729" - }, - { - "name" : "RHSA-2018:3730", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3730" - }, - { - "name" : "RHSA-2018:3731", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3731" - }, - { - "name" : "USN-3621-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3621-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4219", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4219" + }, + { + "name": "USN-3621-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3621-1/" + }, + { + "name": "RHSA-2018:3729", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3729" + }, + { + "name": "https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099", + "refsource": "MISC", + "url": "https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099" + }, + { + "name": "RHSA-2018:3730", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3730" + }, + { + "name": "RHSA-2018:3731", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3731" + }, + { + "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html" + }, + { + "name": "DSA-4259", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4259" + }, + { + "name": "https://github.com/rubygems/rubygems/commit/f83f911e19e27cbac1ccce7471d96642241dd759", + "refsource": "MISC", + "url": "https://github.com/rubygems/rubygems/commit/f83f911e19e27cbac1ccce7471d96642241dd759" + }, + { + "name": "http://blog.rubygems.org/2018/02/15/2.7.6-released.html", + "refsource": "MISC", + "url": "http://blog.rubygems.org/2018/02/15/2.7.6-released.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000209.json b/2018/1000xxx/CVE-2018-1000209.json index cbf62c4565c..3efff77a289 100644 --- a/2018/1000xxx/CVE-2018-1000209.json +++ b/2018/1000xxx/CVE-2018-1000209.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-07-10T20:50:24.884609", - "DATE_REQUESTED" : "2018-07-09T23:35:29", - "ID" : "CVE-2018-1000209", - "REQUESTER" : "engineering@sensu.io", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sensu Core", - "version" : { - "version_data" : [ - { - "version_value" : "Before version 1.4.2-3" - } - ] - } - } - ] - }, - "vendor_name" : "Sensu, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a Insecure Permissions vulnerability in Sensu Core on Windows platforms that can result in Unprivileged users may execute code in context of Sensu service account. This attack appear to be exploitable via Unprivileged user may place an arbitrary DLL in the c:\\opt\\sensu\\embedded\\bin directory in order to exploit standard Windows DLL load order behavior. This vulnerability appears to have been fixed in 1.4.2-3 and later." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insecure Permissions" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-07-10T20:50:24.884609", + "DATE_REQUESTED": "2018-07-09T23:35:29", + "ID": "CVE-2018-1000209", + "REQUESTER": "engineering@sensu.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.sensu.io/sensu-core/1.4/changelog/#core-v1-4-2", - "refsource" : "CONFIRM", - "url" : "https://docs.sensu.io/sensu-core/1.4/changelog/#core-v1-4-2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a Insecure Permissions vulnerability in Sensu Core on Windows platforms that can result in Unprivileged users may execute code in context of Sensu service account. This attack appear to be exploitable via Unprivileged user may place an arbitrary DLL in the c:\\opt\\sensu\\embedded\\bin directory in order to exploit standard Windows DLL load order behavior. This vulnerability appears to have been fixed in 1.4.2-3 and later." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://docs.sensu.io/sensu-core/1.4/changelog/#core-v1-4-2", + "refsource": "CONFIRM", + "url": "https://docs.sensu.io/sensu-core/1.4/changelog/#core-v1-4-2" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19444.json b/2018/19xxx/CVE-2018-19444.json index 765f93d220b..9c8552914a5 100644 --- a/2018/19xxx/CVE-2018-19444.json +++ b/2018/19xxx/CVE-2018-19444.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19444", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19444", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19519.json b/2018/19xxx/CVE-2018-19519.json index e682b7e15bd..00b29d7fffe 100644 --- a/2018/19xxx/CVE-2018-19519.json +++ b/2018/19xxx/CVE-2018-19519.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/zyingp/temp/blob/master/tcpdump.md", - "refsource" : "MISC", - "url" : "https://github.com/zyingp/temp/blob/master/tcpdump.md" - }, - { - "name" : "106098", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106098", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106098" + }, + { + "name": "https://github.com/zyingp/temp/blob/master/tcpdump.md", + "refsource": "MISC", + "url": "https://github.com/zyingp/temp/blob/master/tcpdump.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19585.json b/2018/19xxx/CVE-2018-19585.json index 00793b60250..ce591eb0784 100644 --- a/2018/19xxx/CVE-2018-19585.json +++ b/2018/19xxx/CVE-2018-19585.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19585", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19585", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19678.json b/2018/19xxx/CVE-2018-19678.json index db78a37794e..dd6f804010c 100644 --- a/2018/19xxx/CVE-2018-19678.json +++ b/2018/19xxx/CVE-2018-19678.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19678", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19678", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1523.json b/2018/1xxx/CVE-2018-1523.json index cef99706ad8..332508d01a8 100644 --- a/2018/1xxx/CVE-2018-1523.json +++ b/2018/1xxx/CVE-2018-1523.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-07-06T00:00:00", - "ID" : "CVE-2018-1523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Quality Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141804." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-07-06T00:00:00", + "ID": "CVE-2018-1523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Quality Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716607", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716607" - }, - { - "name" : "ibm-rqm-cve20181523-xss(141804)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/141804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141804." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-rqm-cve20181523-xss(141804)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141804" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10716607", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716607" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4037.json b/2018/4xxx/CVE-2018-4037.json index 93983a67724..b013cd5c798 100644 --- a/2018/4xxx/CVE-2018-4037.json +++ b/2018/4xxx/CVE-2018-4037.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2018-4037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Clean My Mac", - "version" : { - "version_data" : [ - { - "version_value" : "Clean My Mac X 4.04" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access can use this vulnerability to modify the file system as root." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2018-4037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Clean My Mac", + "version": { + "version_data": [ + { + "version_value": "Clean My Mac X 4.04" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0710", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0710" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access can use this vulnerability to modify the file system as root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0710", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0710" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4100.json b/2018/4xxx/CVE-2018-4100.json index 575523adf17..6b8afca2f1d 100644 --- a/2018/4xxx/CVE-2018-4100.json +++ b/2018/4xxx/CVE-2018-4100.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. watchOS before 4.2.2 is affected. The issue involves the \"LinkPresentation\" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208463", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208463" - }, - { - "name" : "https://support.apple.com/HT208464", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208464" - }, - { - "name" : "https://support.apple.com/HT208465", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208465" - }, - { - "name" : "102772", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102772" - }, - { - "name" : "1040265", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040265" - }, - { - "name" : "1040267", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040267" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. watchOS before 4.2.2 is affected. The issue involves the \"LinkPresentation\" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208465", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208465" + }, + { + "name": "1040265", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040265" + }, + { + "name": "102772", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102772" + }, + { + "name": "https://support.apple.com/HT208464", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208464" + }, + { + "name": "1040267", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040267" + }, + { + "name": "https://support.apple.com/HT208463", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208463" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4487.json b/2018/4xxx/CVE-2018-4487.json index 40110ef9f55..642b4cbfd8a 100644 --- a/2018/4xxx/CVE-2018-4487.json +++ b/2018/4xxx/CVE-2018-4487.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4487", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4487", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4605.json b/2018/4xxx/CVE-2018-4605.json index b5c74927b94..021d436bf3e 100644 --- a/2018/4xxx/CVE-2018-4605.json +++ b/2018/4xxx/CVE-2018-4605.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4605", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4605", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file