From 584121c3fbe60c4711dc7bfea435e0f3481a732b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:01:46 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2008/0xxx/CVE-2008-0398.json | 150 ++++++------- 2008/0xxx/CVE-2008-0976.json | 180 +++++++-------- 2008/1xxx/CVE-2008-1041.json | 140 ++++++------ 2008/1xxx/CVE-2008-1172.json | 140 ++++++------ 2008/1xxx/CVE-2008-1206.json | 170 +++++++-------- 2008/1xxx/CVE-2008-1438.json | 200 ++++++++--------- 2008/1xxx/CVE-2008-1525.json | 140 ++++++------ 2008/3xxx/CVE-2008-3371.json | 200 ++++++++--------- 2008/3xxx/CVE-2008-3411.json | 160 +++++++------- 2008/3xxx/CVE-2008-3862.json | 200 ++++++++--------- 2008/4xxx/CVE-2008-4088.json | 170 +++++++-------- 2008/4xxx/CVE-2008-4099.json | 150 ++++++------- 2008/4xxx/CVE-2008-4188.json | 150 ++++++------- 2008/4xxx/CVE-2008-4195.json | 270 +++++++++++------------ 2008/4xxx/CVE-2008-4352.json | 140 ++++++------ 2008/4xxx/CVE-2008-4957.json | 160 +++++++------- 2013/2xxx/CVE-2013-2161.json | 160 +++++++------- 2013/2xxx/CVE-2013-2197.json | 150 ++++++------- 2013/2xxx/CVE-2013-2884.json | 160 +++++++------- 2013/2xxx/CVE-2013-2929.json | 340 ++++++++++++++--------------- 2013/3xxx/CVE-2013-3044.json | 130 +++++------ 2013/3xxx/CVE-2013-3278.json | 120 +++++----- 2013/3xxx/CVE-2013-3835.json | 120 +++++----- 2013/6xxx/CVE-2013-6131.json | 34 +-- 2013/6xxx/CVE-2013-6545.json | 34 +-- 2013/6xxx/CVE-2013-6600.json | 34 +-- 2013/6xxx/CVE-2013-6835.json | 170 +++++++-------- 2013/6xxx/CVE-2013-6976.json | 160 +++++++------- 2013/7xxx/CVE-2013-7053.json | 34 +-- 2013/7xxx/CVE-2013-7349.json | 180 +++++++-------- 2017/10xxx/CVE-2017-10007.json | 166 +++++++------- 2017/10xxx/CVE-2017-10192.json | 190 ++++++++-------- 2017/10xxx/CVE-2017-10786.json | 34 +-- 2017/10xxx/CVE-2017-10914.json | 170 +++++++-------- 2017/10xxx/CVE-2017-10985.json | 150 ++++++------- 2017/14xxx/CVE-2017-14631.json | 120 +++++----- 2017/17xxx/CVE-2017-17045.json | 190 ++++++++-------- 2017/17xxx/CVE-2017-17071.json | 34 +-- 2017/17xxx/CVE-2017-17645.json | 130 +++++------ 2017/9xxx/CVE-2017-9097.json | 140 ++++++------ 2017/9xxx/CVE-2017-9391.json | 34 +-- 2017/9xxx/CVE-2017-9425.json | 140 ++++++------ 2017/9xxx/CVE-2017-9696.json | 122 +++++------ 2017/9xxx/CVE-2017-9698.json | 122 +++++------ 2017/9xxx/CVE-2017-9705.json | 122 +++++------ 2018/0xxx/CVE-2018-0286.json | 140 ++++++------ 2018/0xxx/CVE-2018-0440.json | 164 +++++++------- 2018/0xxx/CVE-2018-0474.json | 178 +++++++-------- 2018/0xxx/CVE-2018-0578.json | 130 +++++------ 2018/1000xxx/CVE-2018-1000524.json | 136 ++++++------ 2018/1000xxx/CVE-2018-1000635.json | 136 ++++++------ 2018/1000xxx/CVE-2018-1000812.json | 146 ++++++------- 2018/19xxx/CVE-2018-19104.json | 120 +++++----- 2018/19xxx/CVE-2018-19316.json | 34 +-- 2018/19xxx/CVE-2018-19723.json | 130 +++++------ 2018/19xxx/CVE-2018-19825.json | 34 +-- 2018/19xxx/CVE-2018-19973.json | 34 +-- 2018/1xxx/CVE-2018-1393.json | 182 +++++++-------- 2018/1xxx/CVE-2018-1783.json | 130 +++++------ 2018/1xxx/CVE-2018-1793.json | 200 ++++++++--------- 2018/4xxx/CVE-2018-4145.json | 34 +-- 2018/4xxx/CVE-2018-4455.json | 34 +-- 2018/4xxx/CVE-2018-4864.json | 34 +-- 63 files changed, 4203 insertions(+), 4203 deletions(-) diff --git a/2008/0xxx/CVE-2008-0398.json b/2008/0xxx/CVE-2008-0398.json index cd72ed4efb3..1f6eca3a046 100644 --- a/2008/0xxx/CVE-2008-0398.json +++ b/2008/0xxx/CVE-2008-0398.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in aflog 1.01, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment form." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4958", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4958" - }, - { - "name" : "27398", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27398" - }, - { - "name" : "ADV-2008-0255", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0255" - }, - { - "name" : "28594", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in aflog 1.01, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0255", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0255" + }, + { + "name": "28594", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28594" + }, + { + "name": "4958", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4958" + }, + { + "name": "27398", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27398" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0976.json b/2008/0xxx/CVE-2008-0976.json index e6ef27eed3e..cbcac74e7c1 100644 --- a/2008/0xxx/CVE-2008-0976.json +++ b/2008/0xxx/CVE-2008-0976.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed packet, as demonstrated by a packet of type (1) 0x2722 or (2) 0x272a." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080222 Multiple vulnerabilities in Double-Take 5.0.0.2865", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488632/100/0/threaded" - }, - { - "name" : "http://aluigi.org/poc/doubletakedown.zip", - "refsource" : "MISC", - "url" : "http://aluigi.org/poc/doubletakedown.zip" - }, - { - "name" : "http://aluigi.altervista.org/adv/doubletakedown-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/doubletakedown-adv.txt" - }, - { - "name" : "27951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27951" - }, - { - "name" : "ADV-2008-0666", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0666" - }, - { - "name" : "29075", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29075" - }, - { - "name" : "3698", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed packet, as demonstrated by a packet of type (1) 0x2722 or (2) 0x272a." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0666", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0666" + }, + { + "name": "http://aluigi.altervista.org/adv/doubletakedown-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/doubletakedown-adv.txt" + }, + { + "name": "3698", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3698" + }, + { + "name": "27951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27951" + }, + { + "name": "http://aluigi.org/poc/doubletakedown.zip", + "refsource": "MISC", + "url": "http://aluigi.org/poc/doubletakedown.zip" + }, + { + "name": "29075", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29075" + }, + { + "name": "20080222 Multiple vulnerabilities in Double-Take 5.0.0.2865", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488632/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1041.json b/2008/1xxx/CVE-2008-1041.json index 1a9232e8bfd..9dece408a08 100644 --- a/2008/1xxx/CVE-2008-1041.json +++ b/2008/1xxx/CVE-2008-1041.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in mwhois.php in Matt Wilson Matt's Whois (MWhois) allows remote attackers to inject arbitrary web script or HTML via the domain parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.packetstormsecurity.org/0802-exploits/mattswhois-xss.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.org/0802-exploits/mattswhois-xss.txt" - }, - { - "name" : "27974", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27974" - }, - { - "name" : "29093", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in mwhois.php in Matt Wilson Matt's Whois (MWhois) allows remote attackers to inject arbitrary web script or HTML via the domain parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.packetstormsecurity.org/0802-exploits/mattswhois-xss.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.org/0802-exploits/mattswhois-xss.txt" + }, + { + "name": "27974", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27974" + }, + { + "name": "29093", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29093" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1172.json b/2008/1xxx/CVE-2008-1172.json index 3652f48704d..fb8615370c8 100644 --- a/2008/1xxx/CVE-2008-1172.json +++ b/2008/1xxx/CVE-2008-1172.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerabilities in account-inbox.php in TorrentTrader Classic 1.08 allow remote attackers to perform certain actions as other users, as demonstrated by sending messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080303 Cross-site Scripting and CSRF in TorrentTrader Classic v1.08", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489039/100/0/threaded" - }, - { - "name" : "3713", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3713" - }, - { - "name" : "torrenttraderclassic-accountinbox-csrf(40981)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerabilities in account-inbox.php in TorrentTrader Classic 1.08 allow remote attackers to perform certain actions as other users, as demonstrated by sending messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080303 Cross-site Scripting and CSRF in TorrentTrader Classic v1.08", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489039/100/0/threaded" + }, + { + "name": "torrenttraderclassic-accountinbox-csrf(40981)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40981" + }, + { + "name": "3713", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3713" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1206.json b/2008/1xxx/CVE-2008-1206.json index d2fde1c5714..f350b12f7e6 100644 --- a/2008/1xxx/CVE-2008-1206.json +++ b/2008/1xxx/CVE-2008-1206.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the log_message function in lks.c in Linux Kiss Server 1.2, when background (daemon) mode is disabled, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in an invalid command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080305 Vulnerability in Linux Kiss Server v1.2", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=120468901813326&w=2" - }, - { - "name" : "http://www.vashnukad.com/", - "refsource" : "MISC", - "url" : "http://www.vashnukad.com/" - }, - { - "name" : "28099", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28099" - }, - { - "name" : "ADV-2008-0785", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0785" - }, - { - "name" : "29219", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29219" - }, - { - "name" : "linuxkissserver-logmessage-format-string(41018)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the log_message function in lks.c in Linux Kiss Server 1.2, when background (daemon) mode is disabled, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in an invalid command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "linuxkissserver-logmessage-format-string(41018)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41018" + }, + { + "name": "28099", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28099" + }, + { + "name": "http://www.vashnukad.com/", + "refsource": "MISC", + "url": "http://www.vashnukad.com/" + }, + { + "name": "ADV-2008-0785", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0785" + }, + { + "name": "29219", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29219" + }, + { + "name": "20080305 Vulnerability in Linux Kiss Server v1.2", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=120468901813326&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1438.json b/2008/1xxx/CVE-2008-1438.json index ebee751eb4c..888b3b40825 100644 --- a/2008/1xxx/CVE-2008-1438.json +++ b/2008/1xxx/CVE-2008-1438.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with \"crafted data structures\" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-1438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02336", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121129490723574&w=2" - }, - { - "name" : "SSRT080071", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121129490723574&w=2" - }, - { - "name" : "MS08-029", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029" - }, - { - "name" : "TA08-134A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-134A.html" - }, - { - "name" : "29073", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29073" - }, - { - "name" : "oval:org.mitre.oval:def:14375", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14375" - }, - { - "name" : "ADV-2008-1506", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1506/references" - }, - { - "name" : "1020016", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020016" - }, - { - "name" : "30172", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with \"crafted data structures\" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30172", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30172" + }, + { + "name": "29073", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29073" + }, + { + "name": "1020016", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020016" + }, + { + "name": "oval:org.mitre.oval:def:14375", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14375" + }, + { + "name": "ADV-2008-1506", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1506/references" + }, + { + "name": "SSRT080071", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121129490723574&w=2" + }, + { + "name": "TA08-134A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html" + }, + { + "name": "HPSBST02336", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121129490723574&w=2" + }, + { + "name": "MS08-029", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1525.json b/2008/1xxx/CVE-2008-1525.json index 279cff5661b..99fd99fab2f 100644 --- a/2008/1xxx/CVE-2008-1525.json +++ b/2008/1xxx/CVE-2008-1525.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1525", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default SNMP configuration on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), has a Trusted Host value of 0.0.0.0, which allows remote attackers to send SNMP requests from any source IP address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1525", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080301 The Router Hacking Challenge is Over!", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489009/100/0/threaded" - }, - { - "name" : "http://www.gnucitizen.org/projects/router-hacking-challenge/", - "refsource" : "MISC", - "url" : "http://www.gnucitizen.org/projects/router-hacking-challenge/" - }, - { - "name" : "http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf", - "refsource" : "MISC", - "url" : "http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default SNMP configuration on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), has a Trusted Host value of 0.0.0.0, which allows remote attackers to send SNMP requests from any source IP address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080301 The Router Hacking Challenge is Over!", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded" + }, + { + "name": "http://www.gnucitizen.org/projects/router-hacking-challenge/", + "refsource": "MISC", + "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/" + }, + { + "name": "http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf", + "refsource": "MISC", + "url": "http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3371.json b/2008/3xxx/CVE-2008-3371.json index 85af2bed410..82be805c618 100644 --- a/2008/3xxx/CVE-2008-3371.json +++ b/2008/3xxx/CVE-2008-3371.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6148", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6148" - }, - { - "name" : "6451", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6451" - }, - { - "name" : "9095", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/9095" - }, - { - "name" : "http://www.packetstormsecurity.org/0907-exploits/talkback-lfiexec.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.org/0907-exploits/talkback-lfiexec.txt" - }, - { - "name" : "http://www.scripts.oldguy.us/talkback/release-notes.html", - "refsource" : "CONFIRM", - "url" : "http://www.scripts.oldguy.us/talkback/release-notes.html" - }, - { - "name" : "30393", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30393" - }, - { - "name" : "ADV-2008-2211", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2211/references" - }, - { - "name" : "4067", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4067" - }, - { - "name" : "talkback-help-file-include(44018)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6451", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6451" + }, + { + "name": "ADV-2008-2211", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2211/references" + }, + { + "name": "9095", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/9095" + }, + { + "name": "talkback-help-file-include(44018)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44018" + }, + { + "name": "http://www.packetstormsecurity.org/0907-exploits/talkback-lfiexec.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.org/0907-exploits/talkback-lfiexec.txt" + }, + { + "name": "4067", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4067" + }, + { + "name": "6148", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6148" + }, + { + "name": "30393", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30393" + }, + { + "name": "http://www.scripts.oldguy.us/talkback/release-notes.html", + "refsource": "CONFIRM", + "url": "http://www.scripts.oldguy.us/talkback/release-notes.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3411.json b/2008/3xxx/CVE-2008-3411.json index 0a37312bda5..a207a30198b 100644 --- a/2008/3xxx/CVE-2008-3411.json +++ b/2008/3xxx/CVE-2008-3411.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 software does not require authentication for (1) etc/config/System.html, (2) etc/config/Network.html, (3) etc/config/Security.html, (4) cgi-bin/sysconf.cgi, and (5) cgi-bin/route.cgi, which allows remote attackers to change the modem's configuration via direct requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080728 Security Bypass Vulnerabilities AXESSTEL", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494815/100/0/threaded" - }, - { - "name" : "30404", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30404" - }, - { - "name" : "31285", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31285" - }, - { - "name" : "4089", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4089" - }, - { - "name" : "axesstel-axwd800-multiple-auth-bypass(44044)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44044" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 software does not require authentication for (1) etc/config/System.html, (2) etc/config/Network.html, (3) etc/config/Security.html, (4) cgi-bin/sysconf.cgi, and (5) cgi-bin/route.cgi, which allows remote attackers to change the modem's configuration via direct requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080728 Security Bypass Vulnerabilities AXESSTEL", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494815/100/0/threaded" + }, + { + "name": "4089", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4089" + }, + { + "name": "axesstel-axwd800-multiple-auth-bypass(44044)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44044" + }, + { + "name": "31285", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31285" + }, + { + "name": "30404", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30404" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3862.json b/2008/3xxx/CVE-2008-3862.json index 201b02bd196..18a0bdbe9b1 100644 --- a/2008/3xxx/CVE-2008-3862.json +++ b/2008/3xxx/CVE-2008-3862.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to \"parsing CGI requests.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2008-3862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081022 Secunia Research: Trend Micro OfficeScan CGI Parsing Buffer Overflows", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497650/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2008-40/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2008-40/" - }, - { - "name" : "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt", - "refsource" : "CONFIRM", - "url" : "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt" - }, - { - "name" : "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txt", - "refsource" : "CONFIRM", - "url" : "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txt" - }, - { - "name" : "31859", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31859" - }, - { - "name" : "ADV-2008-2892", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2892" - }, - { - "name" : "1021093", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021093" - }, - { - "name" : "32005", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32005" - }, - { - "name" : "4489", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4489" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to \"parsing CGI requests.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txt", + "refsource": "CONFIRM", + "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txt" + }, + { + "name": "32005", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32005" + }, + { + "name": "4489", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4489" + }, + { + "name": "http://secunia.com/secunia_research/2008-40/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2008-40/" + }, + { + "name": "ADV-2008-2892", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2892" + }, + { + "name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt", + "refsource": "CONFIRM", + "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt" + }, + { + "name": "1021093", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021093" + }, + { + "name": "31859", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31859" + }, + { + "name": "20081022 Secunia Research: Trend Micro OfficeScan CGI Parsing Buffer Overflows", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497650/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4088.json b/2008/4xxx/CVE-2008-4088.json index 8e4d4410f5a..53403f959a6 100644 --- a/2008/4xxx/CVE-2008-4088.json +++ b/2008/4xxx/CVE-2008-4088.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6338", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6338" - }, - { - "name" : "30942", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30942" - }, - { - "name" : "31114", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31114" - }, - { - "name" : "31112", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31112" - }, - { - "name" : "4255", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4255" - }, - { - "name" : "myphpnuke-print-sql-injection(45084)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "myphpnuke-print-sql-injection(45084)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45084" + }, + { + "name": "31112", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31112" + }, + { + "name": "4255", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4255" + }, + { + "name": "6338", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6338" + }, + { + "name": "31114", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31114" + }, + { + "name": "30942", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30942" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4099.json b/2008/4xxx/CVE-2008-4099.json index 6d1421379b6..9534c24f710 100644 --- a/2008/4xxx/CVE-2008-4099.json +++ b/2008/4xxx/CVE-2008-4099.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-4099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080911 Re: CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/11/1" - }, - { - "name" : "[oss-security] 20080915 Re: CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/16/4" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490217", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490217" - }, - { - "name" : "http://packages.debian.org/changelogs/pool/main/p/python-dns/python-dns_2.3.3-1/changelog", - "refsource" : "CONFIRM", - "url" : "http://packages.debian.org/changelogs/pool/main/p/python-dns/python-dns_2.3.3-1/changelog" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packages.debian.org/changelogs/pool/main/p/python-dns/python-dns_2.3.3-1/changelog", + "refsource": "CONFIRM", + "url": "http://packages.debian.org/changelogs/pool/main/p/python-dns/python-dns_2.3.3-1/changelog" + }, + { + "name": "[oss-security] 20080911 Re: CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/11/1" + }, + { + "name": "[oss-security] 20080915 Re: CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/16/4" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490217", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490217" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4188.json b/2008/4xxx/CVE-2008-4188.json index 823078286c6..1d8ed811f53 100644 --- a/2008/4xxx/CVE-2008-4188.json +++ b/2008/4xxx/CVE-2008-4188.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the TYPO3 Secure Directory (kw_secdir) extension before 1.0.2 allows remote attackers to execute arbitrary code via unknown vectors related to \"injection of control characters.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/extensions/repository/view/kw_secdir/1.0.2/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/kw_secdir/1.0.2/" - }, - { - "name" : "31253", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31253" - }, - { - "name" : "31897", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31897" - }, - { - "name" : "kwsecdir-unspecified-code-execution(45260)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the TYPO3 Secure Directory (kw_secdir) extension before 1.0.2 allows remote attackers to execute arbitrary code via unknown vectors related to \"injection of control characters.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31253", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31253" + }, + { + "name": "31897", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31897" + }, + { + "name": "kwsecdir-unspecified-code-execution(45260)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45260" + }, + { + "name": "http://typo3.org/extensions/repository/view/kw_secdir/1.0.2/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/kw_secdir/1.0.2/" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4195.json b/2008/4xxx/CVE-2008-4195.json index 76727da1d34..928cc2d76f1 100644 --- a/2008/4xxx/CVE-2008-4195.json +++ b/2008/4xxx/CVE-2008-4195.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 9.52 does not properly restrict the ability of a framed web page to change the address associated with a different frame, which allows remote attackers to trigger the display of an arbitrary address in a frame via unspecified use of web script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080919 CVE request: Opera < 9.52 multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/19/2" - }, - { - "name" : "[oss-security] 20080923 Re: CVE request: Opera < 9.52 multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/24/4" - }, - { - "name" : "http://www.opera.com/docs/changelogs/freebsd/952/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/freebsd/952/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/linux/952/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/linux/952/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/mac/952/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/952/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/solaris/952/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/solaris/952/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/952/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/952/" - }, - { - "name" : "http://www.opera.com/support/search/view/893/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/search/view/893/" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=235298", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=235298" - }, - { - "name" : "GLSA-200811-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200811-01.xml" - }, - { - "name" : "30768", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30768" - }, - { - "name" : "1020718", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020718" - }, - { - "name" : "32538", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32538" - }, - { - "name" : "31549", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31549" - }, - { - "name" : "ADV-2008-2416", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2416" - }, - { - "name" : "opera-frameaddress-spoofing(44549)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44549" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 9.52 does not properly restrict the ability of a framed web page to change the address associated with a different frame, which allows remote attackers to trigger the display of an arbitrary address in a frame via unspecified use of web script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-2416", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2416" + }, + { + "name": "opera-frameaddress-spoofing(44549)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44549" + }, + { + "name": "32538", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32538" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/952/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/952/" + }, + { + "name": "http://www.opera.com/docs/changelogs/solaris/952/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/solaris/952/" + }, + { + "name": "http://www.opera.com/support/search/view/893/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/search/view/893/" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=235298", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=235298" + }, + { + "name": "1020718", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020718" + }, + { + "name": "30768", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30768" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/952/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/952/" + }, + { + "name": "http://www.opera.com/docs/changelogs/linux/952/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/linux/952/" + }, + { + "name": "[oss-security] 20080923 Re: CVE request: Opera < 9.52 multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/24/4" + }, + { + "name": "[oss-security] 20080919 CVE request: Opera < 9.52 multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/19/2" + }, + { + "name": "31549", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31549" + }, + { + "name": "http://www.opera.com/docs/changelogs/freebsd/952/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/freebsd/952/" + }, + { + "name": "GLSA-200811-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200811-01.xml" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4352.json b/2008/4xxx/CVE-2008-4352.json index 2da316facc4..c7c680af829 100644 --- a/2008/4xxx/CVE-2008-4352.json +++ b/2008/4xxx/CVE-2008-4352.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4352", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in inc/pages/viewprofile.php in phpSmartCom 0.2 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a viewprofile action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6452", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6452" - }, - { - "name" : "31167", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31167" - }, - { - "name" : "phpsmartcom-index-sql-injection(45126)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in inc/pages/viewprofile.php in phpSmartCom 0.2 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a viewprofile action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6452", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6452" + }, + { + "name": "phpsmartcom-index-sql-injection(45126)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45126" + }, + { + "name": "31167", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31167" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4957.json b/2008/4xxx/CVE-2008-4957.json index b58cf9ff775..a78befb7454 100644 --- a/2008/4xxx/CVE-2008-4957.json +++ b/2008/4xxx/CVE-2008-4957.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4957", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "find_flags in Kitware GCC-XML (gccxml) 0.9.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.cxx temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4957", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2" - }, - { - "name" : "http://bugs.debian.org/496391", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/496391" - }, - { - "name" : "http://dev.gentoo.org/~rbu/security/debiantemp/gccxml", - "refsource" : "MISC", - "url" : "http://dev.gentoo.org/~rbu/security/debiantemp/gccxml" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770", - "refsource" : "MISC", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770" - }, - { - "name" : "gccxml-findflags-symlink(46408)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "find_flags in Kitware GCC-XML (gccxml) 0.9.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.cxx temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/496391", + "refsource": "MISC", + "url": "http://bugs.debian.org/496391" + }, + { + "name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=235770", + "refsource": "MISC", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770" + }, + { + "name": "http://dev.gentoo.org/~rbu/security/debiantemp/gccxml", + "refsource": "MISC", + "url": "http://dev.gentoo.org/~rbu/security/debiantemp/gccxml" + }, + { + "name": "gccxml-findflags-symlink(46408)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46408" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2161.json b/2013/2xxx/CVE-2013-2161.json index 961140e821a..1fd471c4224 100644 --- a/2013/2xxx/CVE-2013-2161.json +++ b/2013/2xxx/CVE-2013-2161.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130613 [OSSA 2013-016] Unchecked user input in Swift XML responses (CVE-2013-2161)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/06/13/4" - }, - { - "name" : "https://bugs.launchpad.net/swift/+bug/1183884", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/swift/+bug/1183884" - }, - { - "name" : "DSA-2737", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2737" - }, - { - "name" : "RHSA-2013:0993", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0993.html" - }, - { - "name" : "openSUSE-SU-2013:1146", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-07/msg00021.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2737", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2737" + }, + { + "name": "openSUSE-SU-2013:1146", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00021.html" + }, + { + "name": "https://bugs.launchpad.net/swift/+bug/1183884", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/swift/+bug/1183884" + }, + { + "name": "RHSA-2013:0993", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0993.html" + }, + { + "name": "[oss-security] 20130613 [OSSA 2013-016] Unchecked user input in Swift XML responses (CVE-2013-2161)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/06/13/4" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2197.json b/2013/2xxx/CVE-2013-2197.json index 587b3561ffa..0e1ea92ef66 100644 --- a/2013/2xxx/CVE-2013-2197.json +++ b/2013/2xxx/CVE-2013-2197.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal, when using the login delay option, allows remote attackers to cause a denial of service (CPU consumption) via a large number of failed login attempts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130620 Re: CVE request for Drupal contributed module", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/06/20/3" - }, - { - "name" : "https://drupal.org/node/2023585", - "refsource" : "MISC", - "url" : "https://drupal.org/node/2023585" - }, - { - "name" : "https://drupal.org/node/2023503", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/2023503" - }, - { - "name" : "https://drupal.org/node/2023507", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/2023507" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal, when using the login delay option, allows remote attackers to cause a denial of service (CPU consumption) via a large number of failed login attempts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://drupal.org/node/2023585", + "refsource": "MISC", + "url": "https://drupal.org/node/2023585" + }, + { + "name": "[oss-security] 20130620 Re: CVE request for Drupal contributed module", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/06/20/3" + }, + { + "name": "https://drupal.org/node/2023507", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/2023507" + }, + { + "name": "https://drupal.org/node/2023503", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/2023503" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2884.json b/2013/2xxx/CVE-2013-2884.json index 5879ad1c5cb..3e6425d3777 100644 --- a/2013/2xxx/CVE-2013-2884.json +++ b/2013/2xxx/CVE-2013-2884.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the DOM implementation in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper tracking of which document owns an Attr object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=248950", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=248950" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=152938&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=152938&view=revision" - }, - { - "name" : "DSA-2732", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2732" - }, - { - "name" : "oval:org.mitre.oval:def:17597", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the DOM implementation in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper tracking of which document owns an Attr object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=248950", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=248950" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=152938&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=152938&view=revision" + }, + { + "name": "DSA-2732", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2732" + }, + { + "name": "oval:org.mitre.oval:def:17597", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17597" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2929.json b/2013/2xxx/CVE-2013-2929.json index cef1f8fbfb4..069d0c70db0 100644 --- a/2013/2xxx/CVE-2013-2929.json +++ b/2013/2xxx/CVE-2013-2929.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d049f74f2dbe71354d43d393ac3a188947811348", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d049f74f2dbe71354d43d393ac3a188947811348" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1028148", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1028148" - }, - { - "name" : "https://github.com/torvalds/linux/commit/d049f74f2dbe71354d43d393ac3a188947811348", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/d049f74f2dbe71354d43d393ac3a188947811348" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.54", - "refsource" : "CONFIRM", - "url" : "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.54" - }, - { - "name" : "RHSA-2014:0159", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0159.html" - }, - { - "name" : "RHSA-2014:0100", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0100.html" - }, - { - "name" : "RHSA-2014:0285", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0285.html" - }, - { - "name" : "RHSA-2018:1252", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1252" - }, - { - "name" : "SUSE-SU-2015:0481", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html" - }, - { - "name" : "openSUSE-SU-2015:0566", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" - }, - { - "name" : "USN-2070-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2070-1" - }, - { - "name" : "USN-2075-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2075-1" - }, - { - "name" : "USN-2109-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2109-1" - }, - { - "name" : "USN-2110-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2110-1" - }, - { - "name" : "USN-2111-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2111-1" - }, - { - "name" : "USN-2112-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2112-1" - }, - { - "name" : "USN-2114-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2114-1" - }, - { - "name" : "USN-2115-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2115-1" - }, - { - "name" : "USN-2116-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2116-1" - }, - { - "name" : "USN-2128-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2128-1" - }, - { - "name" : "USN-2129-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2129-1" - }, - { - "name" : "64111", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64111" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0159", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0159.html" + }, + { + "name": "64111", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64111" + }, + { + "name": "RHSA-2014:0285", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0285.html" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.54", + "refsource": "CONFIRM", + "url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.54" + }, + { + "name": "USN-2110-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2110-1" + }, + { + "name": "USN-2129-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2129-1" + }, + { + "name": "USN-2115-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2115-1" + }, + { + "name": "USN-2128-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2128-1" + }, + { + "name": "USN-2116-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2116-1" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d049f74f2dbe71354d43d393ac3a188947811348", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d049f74f2dbe71354d43d393ac3a188947811348" + }, + { + "name": "USN-2114-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2114-1" + }, + { + "name": "USN-2070-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2070-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1028148", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1028148" + }, + { + "name": "USN-2112-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2112-1" + }, + { + "name": "SUSE-SU-2015:0481", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html" + }, + { + "name": "openSUSE-SU-2015:0566", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" + }, + { + "name": "USN-2109-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2109-1" + }, + { + "name": "RHSA-2018:1252", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1252" + }, + { + "name": "USN-2111-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2111-1" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.2" + }, + { + "name": "RHSA-2014:0100", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0100.html" + }, + { + "name": "USN-2075-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2075-1" + }, + { + "name": "https://github.com/torvalds/linux/commit/d049f74f2dbe71354d43d393ac3a188947811348", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/d049f74f2dbe71354d43d393ac3a188947811348" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3044.json b/2013/3xxx/CVE-2013-3044.json index 99591cd061a..67f1f062aab 100644 --- a/2013/3xxx/CVE-2013-3044.json +++ b/2013/3xxx/CVE-2013-3044.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of chat messages, or compose anonymous chat messages, by leveraging meeting-attendance privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-3044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21654355", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21654355" - }, - { - "name" : "sametime-ems-cve20133044-spoof-anon(84815)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84815" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of chat messages, or compose anonymous chat messages, by leveraging meeting-attendance privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21654355", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21654355" + }, + { + "name": "sametime-ems-cve20133044-spoof-anon(84815)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84815" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3278.json b/2013/3xxx/CVE-2013-3278.json index bcc51e40a59..a1f6f620277 100644 --- a/2013/3xxx/CVE-2013-3278.json +++ b/2013/3xxx/CVE-2013-3278.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configuration file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2013-3278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130926 ESA-2013-060: EMC VPLEX Information Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-09/0135.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configuration file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130926 ESA-2013-060: EMC VPLEX Information Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0135.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3835.json b/2013/3xxx/CVE-2013-3835.json index da0bda3f1b8..dfc5cf2e07f 100644 --- a/2013/3xxx/CVE-2013-3835.json +++ b/2013/3xxx/CVE-2013-3835.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Integration Broker." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-3835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Integration Broker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6131.json b/2013/6xxx/CVE-2013-6131.json index 8514e571fbf..1f6e78817dc 100644 --- a/2013/6xxx/CVE-2013-6131.json +++ b/2013/6xxx/CVE-2013-6131.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6131", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6131", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6545.json b/2013/6xxx/CVE-2013-6545.json index 712868d3265..5d553799d65 100644 --- a/2013/6xxx/CVE-2013-6545.json +++ b/2013/6xxx/CVE-2013-6545.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6545", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6545", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6600.json b/2013/6xxx/CVE-2013-6600.json index 9ca19e02445..fff27d5c96d 100644 --- a/2013/6xxx/CVE-2013-6600.json +++ b/2013/6xxx/CVE-2013-6600.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6600", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6600", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6835.json b/2013/6xxx/CVE-2013-6835.json index 9c80d041520..66a4ea45fb1 100644 --- a/2013/6xxx/CVE-2013-6835.json +++ b/2013/6xxx/CVE-2013-6835.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140310 [CVE-2013-6835] - iOS 7.0.6 Safari/Facetime-Audio Privacy issue", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2014/Mar/63" - }, - { - "name" : "20140311 [CVE-2013-6835] - iOS 7.0.6 Safari/Facetime-Audio Privacy issue", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Mar/92" - }, - { - "name" : "http://support.apple.com/kb/HT6162", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6162" - }, - { - "name" : "http://support.apple.com/kb/HT6441", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6441" - }, - { - "name" : "APPLE-SA-2014-09-17-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" - }, - { - "name" : "66108", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66108" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140310 [CVE-2013-6835] - iOS 7.0.6 Safari/Facetime-Audio Privacy issue", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2014/Mar/63" + }, + { + "name": "http://support.apple.com/kb/HT6441", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6441" + }, + { + "name": "66108", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66108" + }, + { + "name": "APPLE-SA-2014-09-17-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" + }, + { + "name": "http://support.apple.com/kb/HT6162", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6162" + }, + { + "name": "20140311 [CVE-2013-6835] - iOS 7.0.6 Safari/Facetime-Audio Privacy issue", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Mar/92" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6976.json b/2013/6xxx/CVE-2013-6976.json index e6241a70c2e..292823fd7ef 100644 --- a/2013/6xxx/CVE-2013-6976.json +++ b/2013/6xxx/CVE-2013-6976.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-6976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "30362", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/30362/" - }, - { - "name" : "http://www.nerdbox.it/cisco-epc3925-csrf-vulnerability/", - "refsource" : "MISC", - "url" : "http://www.nerdbox.it/cisco-epc3925-csrf-vulnerability/" - }, - { - "name" : "http://packetstormsecurity.com/files/124449/Cisco-EPC3925-Cross-Site-Request-Forgery.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/124449/Cisco-EPC3925-Cross-Site-Request-Forgery.html" - }, - { - "name" : "64341", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64341" - }, - { - "name" : "101097", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64341", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64341" + }, + { + "name": "http://www.nerdbox.it/cisco-epc3925-csrf-vulnerability/", + "refsource": "MISC", + "url": "http://www.nerdbox.it/cisco-epc3925-csrf-vulnerability/" + }, + { + "name": "http://packetstormsecurity.com/files/124449/Cisco-EPC3925-Cross-Site-Request-Forgery.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/124449/Cisco-EPC3925-Cross-Site-Request-Forgery.html" + }, + { + "name": "30362", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/30362/" + }, + { + "name": "101097", + "refsource": "OSVDB", + "url": "http://osvdb.org/101097" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7053.json b/2013/7xxx/CVE-2013-7053.json index 0b0cc02ded9..394a6b2459a 100644 --- a/2013/7xxx/CVE-2013-7053.json +++ b/2013/7xxx/CVE-2013-7053.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7053", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7053", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7349.json b/2013/7xxx/CVE-2013-7349.json index 6fe08ed632c..3fe98c6e863 100644 --- a/2013/7xxx/CVE-2013-7349.json +++ b/2013/7xxx/CVE-2013-7349.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.php, or (3) user_email parameter to users/password.php or (4) users/register.php. NOTE: these issues were SPLIT from CVE-2013-5640 due to differences in researchers and disclosure dates." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "28684", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/28684" - }, - { - "name" : "http://packetstormsecurity.com/files/122771", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/122771" - }, - { - "name" : "http://packetstormsecurity.com/files/123482", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/123482" - }, - { - "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5153.php", - "refsource" : "MISC", - "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5153.php" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23171", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23171" - }, - { - "name" : "https://www.netsparker.com/critical-xss-sql-injection-vulnerabilities-gnew/", - "refsource" : "MISC", - "url" : "https://www.netsparker.com/critical-xss-sql-injection-vulnerabilities-gnew/" - }, - { - "name" : "62817", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62817" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.php, or (3) user_email parameter to users/password.php or (4) users/register.php. NOTE: these issues were SPLIT from CVE-2013-5640 due to differences in researchers and disclosure dates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.netsparker.com/critical-xss-sql-injection-vulnerabilities-gnew/", + "refsource": "MISC", + "url": "https://www.netsparker.com/critical-xss-sql-injection-vulnerabilities-gnew/" + }, + { + "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5153.php", + "refsource": "MISC", + "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5153.php" + }, + { + "name": "http://packetstormsecurity.com/files/122771", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/122771" + }, + { + "name": "http://packetstormsecurity.com/files/123482", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/123482" + }, + { + "name": "28684", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/28684" + }, + { + "name": "62817", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62817" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23171", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23171" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10007.json b/2017/10xxx/CVE-2017-10007.json index fa6af9752c3..d0bd09b1c64 100644 --- a/2017/10xxx/CVE-2017-10007.json +++ b/2017/10xxx/CVE-2017-10007.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Private Banking", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "2.0.0" - }, - { - "version_affected" : "=", - "version_value" : "2.0.1" - }, - { - "version_affected" : "=", - "version_value" : "2.2.0" - }, - { - "version_affected" : "=", - "version_value" : "12.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Private Banking", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.0" + }, + { + "version_affected": "=", + "version_value": "2.0.1" + }, + { + "version_affected": "=", + "version_value": "2.2.0" + }, + { + "version_affected": "=", + "version_value": "12.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99812", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99812" - }, - { - "name" : "1038934", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038934" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038934", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038934" + }, + { + "name": "99812", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99812" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10192.json b/2017/10xxx/CVE-2017-10192.json index 6344882a56c..eb934f7640d 100644 --- a/2017/10xxx/CVE-2017-10192.json +++ b/2017/10xxx/CVE-2017-10192.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "iStore", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.1" - }, - { - "version_affected" : "=", - "version_value" : "12.1.2" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Shopping Cart). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iStore accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iStore", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.1" + }, + { + "version_affected": "=", + "version_value": "12.1.2" + }, + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99713", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99713" - }, - { - "name" : "1038926", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038926" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Shopping Cart). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iStore accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038926", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038926" + }, + { + "name": "99713", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99713" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10786.json b/2017/10xxx/CVE-2017-10786.json index 67bb94c407c..6df28c082c3 100644 --- a/2017/10xxx/CVE-2017-10786.json +++ b/2017/10xxx/CVE-2017-10786.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10786", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10786", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10914.json b/2017/10xxx/CVE-2017-10914.json index f3cb3ea5275..ca24bc5b383 100644 --- a/2017/10xxx/CVE-2017-10914.json +++ b/2017/10xxx/CVE-2017-10914.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://xenbits.xen.org/xsa/advisory-218.html", - "refsource" : "CONFIRM", - "url" : "https://xenbits.xen.org/xsa/advisory-218.html" - }, - { - "name" : "DSA-3969", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3969" - }, - { - "name" : "GLSA-201708-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201708-03" - }, - { - "name" : "GLSA-201710-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-17" - }, - { - "name" : "99411", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99411" - }, - { - "name" : "1038722", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038722" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038722", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038722" + }, + { + "name": "GLSA-201708-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201708-03" + }, + { + "name": "DSA-3969", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3969" + }, + { + "name": "99411", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99411" + }, + { + "name": "https://xenbits.xen.org/xsa/advisory-218.html", + "refsource": "CONFIRM", + "url": "https://xenbits.xen.org/xsa/advisory-218.html" + }, + { + "name": "GLSA-201710-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-17" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10985.json b/2017/10xxx/CVE-2017-10985.json index 3b9f1a0b737..7488477e003 100644 --- a/2017/10xxx/CVE-2017-10985.json +++ b/2017/10xxx/CVE-2017-10985.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows \"Infinite loop and memory exhaustion with 'concat' attributes\" and a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://freeradius.org/security/fuzzer-2017.html", - "refsource" : "CONFIRM", - "url" : "http://freeradius.org/security/fuzzer-2017.html" - }, - { - "name" : "DSA-3930", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3930" - }, - { - "name" : "RHSA-2017:2389", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2389" - }, - { - "name" : "99968", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows \"Infinite loop and memory exhaustion with 'concat' attributes\" and a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3930", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3930" + }, + { + "name": "RHSA-2017:2389", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2389" + }, + { + "name": "99968", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99968" + }, + { + "name": "http://freeradius.org/security/fuzzer-2017.html", + "refsource": "CONFIRM", + "url": "http://freeradius.org/security/fuzzer-2017.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14631.json b/2017/14xxx/CVE-2017-14631.json index 8dc6214bff4..1c55a2ccf21 100644 --- a/2017/14xxx/CVE-2017-14631.json +++ b/2017/14xxx/CVE-2017-14631.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an integer signedness error leading to a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/pts/sam2p/issues/14", - "refsource" : "MISC", - "url" : "https://github.com/pts/sam2p/issues/14" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an integer signedness error leading to a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/pts/sam2p/issues/14", + "refsource": "MISC", + "url": "https://github.com/pts/sam2p/issues/14" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17045.json b/2017/17xxx/CVE-2017-17045.json index fddfe4811a0..2fb235a254f 100644 --- a/2017/17xxx/CVE-2017-17045.json +++ b/2017/17xxx/CVE-2017-17045.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180105 [SECURITY] [DLA 1230-1] xen security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00003.html" - }, - { - "name" : "[debian-lts-announce] 20181030 [SECURITY] [DLA 1559-1] xen security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html" - }, - { - "name" : "https://xenbits.xen.org/xsa/advisory-247.html", - "refsource" : "CONFIRM", - "url" : "https://xenbits.xen.org/xsa/advisory-247.html" - }, - { - "name" : "https://support.citrix.com/article/CTX230138", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX230138" - }, - { - "name" : "GLSA-201801-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201801-14" - }, - { - "name" : "102013", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102013" - }, - { - "name" : "102129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102129" - }, - { - "name" : "1039879", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039879" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102013", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102013" + }, + { + "name": "[debian-lts-announce] 20181030 [SECURITY] [DLA 1559-1] xen security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html" + }, + { + "name": "1039879", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039879" + }, + { + "name": "102129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102129" + }, + { + "name": "[debian-lts-announce] 20180105 [SECURITY] [DLA 1230-1] xen security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00003.html" + }, + { + "name": "https://xenbits.xen.org/xsa/advisory-247.html", + "refsource": "CONFIRM", + "url": "https://xenbits.xen.org/xsa/advisory-247.html" + }, + { + "name": "GLSA-201801-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201801-14" + }, + { + "name": "https://support.citrix.com/article/CTX230138", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX230138" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17071.json b/2017/17xxx/CVE-2017-17071.json index aabb188f3c9..6af581ded3e 100644 --- a/2017/17xxx/CVE-2017-17071.json +++ b/2017/17xxx/CVE-2017-17071.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17071", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17071", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17645.json b/2017/17xxx/CVE-2017-17645.json index 18fb87a88c3..c384cb0d29b 100644 --- a/2017/17xxx/CVE-2017-17645.json +++ b/2017/17xxx/CVE-2017-17645.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43336", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43336/" - }, - { - "name" : "https://packetstormsecurity.com/files/145445/Bus-Booking-Script-1.0-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/145445/Bus-Booking-Script-1.0-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/145445/Bus-Booking-Script-1.0-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/145445/Bus-Booking-Script-1.0-SQL-Injection.html" + }, + { + "name": "43336", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43336/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9097.json b/2017/9xxx/CVE-2017-9097.json index 64080e070f8..bf46fa573fc 100644 --- a/2017/9xxx/CVE-2017-9097.json +++ b/2017/9xxx/CVE-2017-9097.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://misteralfa-hack.blogspot.cl/2017/05/apps-industrial-ot-over-server-anti-web.html", - "refsource" : "MISC", - "url" : "http://misteralfa-hack.blogspot.cl/2017/05/apps-industrial-ot-over-server-anti-web.html" - }, - { - "name" : "https://github.com/ezelf/industrial_Tools/tree/master/scadas_server_antiweb/LFI", - "refsource" : "MISC", - "url" : "https://github.com/ezelf/industrial_Tools/tree/master/scadas_server_antiweb/LFI" - }, - { - "name" : "https://www.netbiter.com/docs/default-source/netbiter-english/software/hms-security-advisory-2017-05-24-001-ws100-ws200-ec150-ec250.zip", - "refsource" : "MISC", - "url" : "https://www.netbiter.com/docs/default-source/netbiter-english/software/hms-security-advisory-2017-05-24-001-ws100-ws200-ec150-ec250.zip" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ezelf/industrial_Tools/tree/master/scadas_server_antiweb/LFI", + "refsource": "MISC", + "url": "https://github.com/ezelf/industrial_Tools/tree/master/scadas_server_antiweb/LFI" + }, + { + "name": "http://misteralfa-hack.blogspot.cl/2017/05/apps-industrial-ot-over-server-anti-web.html", + "refsource": "MISC", + "url": "http://misteralfa-hack.blogspot.cl/2017/05/apps-industrial-ot-over-server-anti-web.html" + }, + { + "name": "https://www.netbiter.com/docs/default-source/netbiter-english/software/hms-security-advisory-2017-05-24-001-ws100-ws200-ec150-ec250.zip", + "refsource": "MISC", + "url": "https://www.netbiter.com/docs/default-source/netbiter-english/software/hms-security-advisory-2017-05-24-001-ws100-ws200-ec150-ec250.zip" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9391.json b/2017/9xxx/CVE-2017-9391.json index 239b8d6f36e..0526d516f15 100644 --- a/2017/9xxx/CVE-2017-9391.json +++ b/2017/9xxx/CVE-2017-9391.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9391", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9391", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9425.json b/2017/9xxx/CVE-2017-9425.json index 7e124cbbe2c..4391d35a675 100644 --- a/2017/9xxx/CVE-2017-9425.json +++ b/2017/9xxx/CVE-2017-9425.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42098", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42098/" - }, - { - "name" : "http://touhidshaikh.com/blog/poc/facetag-ext-piwigo-stored-xss/", - "refsource" : "MISC", - "url" : "http://touhidshaikh.com/blog/poc/facetag-ext-piwigo-stored-xss/" - }, - { - "name" : "https://www.youtube.com/watch?v=_ha7XBT_Omo", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=_ha7XBT_Omo" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://touhidshaikh.com/blog/poc/facetag-ext-piwigo-stored-xss/", + "refsource": "MISC", + "url": "http://touhidshaikh.com/blog/poc/facetag-ext-piwigo-stored-xss/" + }, + { + "name": "https://www.youtube.com/watch?v=_ha7XBT_Omo", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=_ha7XBT_Omo" + }, + { + "name": "42098", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42098/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9696.json b/2017/9xxx/CVE-2017-9696.json index 5ef2513e43a..f72b92392a0 100644 --- a/2017/9xxx/CVE-2017-9696.json +++ b/2017/9xxx/CVE-2017-9696.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-11-01T00:00:00", - "ID" : "CVE-2017-9696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer over-read is possible in camera driver function msm_isp_stop_stats_stream. Variable stream_cfg_cmd->num_streams is from userspace, and it is not checked against \"MSM_ISP_STATS_MAX\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Over-read in Camera" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-11-01T00:00:00", + "ID": "CVE-2017-9696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-11-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer over-read is possible in camera driver function msm_isp_stop_stats_stream. Variable stream_cfg_cmd->num_streams is from userspace, and it is not checked against \"MSM_ISP_STATS_MAX\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Over-read in Camera" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9698.json b/2017/9xxx/CVE-2017-9698.json index 415f8481709..f9aed6c2d42 100644 --- a/2017/9xxx/CVE-2017-9698.json +++ b/2017/9xxx/CVE-2017-9698.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-12-04T00:00:00", - "ID" : "CVE-2017-9698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improperly specified offset/size values for a submission command could cause a math operation to overflow and could result in an access to arbitrary memory. The combined pointer will overflow and possibly pass further checks intended to avoid accessing unintended memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer Overflow to Buffer Overflow in Graphics" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-12-04T00:00:00", + "ID": "CVE-2017-9698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-12-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-12-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improperly specified offset/size values for a submission command could cause a math operation to overflow and could result in an access to arbitrary memory. The combined pointer will overflow and possibly pass further checks intended to avoid accessing unintended memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow to Buffer Overflow in Graphics" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-12-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9705.json b/2017/9xxx/CVE-2017-9705.json index 720be020dac..6b314d467db 100644 --- a/2017/9xxx/CVE-2017-9705.json +++ b/2017/9xxx/CVE-2017-9705.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-01-02T00:00:00", - "ID" : "CVE-2017-9705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, concurrent rx notifications and read() operations in the G-Link PKT driver can result in a double free condition due to missing locking resulting in list_del() and list_add() overlapping and corrupting the next and previous pointers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Double Free in Core" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-01-02T00:00:00", + "ID": "CVE-2017-9705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, concurrent rx notifications and read() operations in the G-Link PKT driver can result in a double free condition due to missing locking resulting in list_del() and list_add() overlapping and corrupting the next and previous pointers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Double Free in Core" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0286.json b/2018/0xxx/CVE-2018-0286.json index 3bf5645b2e4..ff30195f6e7 100644 --- a/2018/0xxx/CVE-2018-0286.json +++ b/2018/0xxx/CVE-2018-0286.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS XR", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS XR" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf process. An attacker could exploit this vulnerability by sending malicious requests to the affected software. An exploit could allow the attacker to cause the targeted process to restart, resulting in a DoS condition on the affected system. Cisco Bug IDs: CSCvg95792." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XR", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS XR" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-iosxr", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-iosxr" - }, - { - "name" : "104083", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104083" - }, - { - "name" : "1040827", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040827" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf process. An attacker could exploit this vulnerability by sending malicious requests to the affected software. An exploit could allow the attacker to cause the targeted process to restart, resulting in a DoS condition on the affected system. Cisco Bug IDs: CSCvg95792." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104083", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104083" + }, + { + "name": "1040827", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040827" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-iosxr", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-iosxr" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0440.json b/2018/0xxx/CVE-2018-0440.json index d818c630167..3875ae2aaa1 100644 --- a/2018/0xxx/CVE-2018-0440.json +++ b/2018/0xxx/CVE-2018-0440.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-09-05T16:00:00-0500", - "ID" : "CVE-2018-0440", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Data Center Network Manager Privilege Escalation to Underlying Operating System Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Data Center Network Manager ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web interface of Cisco Data Center Network Manager could allow an authenticated application administrator to execute commands on the underlying operating system with root-level privileges. The vulnerability is due to incomplete input validation of user input within an HTTP request. An attacker could exploit this vulnerability by authenticating to the application and then sending a crafted HTTP request to the targeted application. A successful exploit could allow the authenticated attacker to issue commands on the underlying operating system as the root user." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "7.2", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-264" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-09-05T16:00:00-0500", + "ID": "CVE-2018-0440", + "STATE": "PUBLIC", + "TITLE": "Cisco Data Center Network Manager Privilege Escalation to Underlying Operating System Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Data Center Network Manager ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180905 Cisco Data Center Network Manager Privilege Escalation to Underlying Operating System Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cdcnm-escalation" - }, - { - "name" : "1041682", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041682" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20180905-cdcnm-escalation", - "defect" : [ - [ - "CSCvi47733" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web interface of Cisco Data Center Network Manager could allow an authenticated application administrator to execute commands on the underlying operating system with root-level privileges. The vulnerability is due to incomplete input validation of user input within an HTTP request. An attacker could exploit this vulnerability by authenticating to the application and then sending a crafted HTTP request to the targeted application. A successful exploit could allow the authenticated attacker to issue commands on the underlying operating system as the root user." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.2", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180905 Cisco Data Center Network Manager Privilege Escalation to Underlying Operating System Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cdcnm-escalation" + }, + { + "name": "1041682", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041682" + } + ] + }, + "source": { + "advisory": "cisco-sa-20180905-cdcnm-escalation", + "defect": [ + [ + "CSCvi47733" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0474.json b/2018/0xxx/CVE-2018-0474.json index 3648393688f..9fae628f259 100644 --- a/2018/0xxx/CVE-2018-0474.json +++ b/2018/0xxx/CVE-2018-0474.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2019-01-09T16:00:00-0800", - "ID" : "CVE-2018-0474", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Unified Communications Manager Digest Credentials Disclosure Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Unified Communications Manager ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. The vulnerability is due to the incorrect inclusion of saved passwords in configuration pages. An attacker could exploit this vulnerability by logging in to the Cisco Unified Communications Manager web-based management interface and viewing the source code for the configuration page. A successful exploit could allow the attacker to recover passwords and expose those accounts to further attack." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "4.3", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-01-09T16:00:00-0800", + "ID": "CVE-2018-0474", + "STATE": "PUBLIC", + "TITLE": "Cisco Unified Communications Manager Digest Credentials Disclosure Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Unified Communications Manager ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20190109 Cisco Unified Communications Manager Digest Credentials Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-cucm-creds-disclosr" - }, - { - "name" : "106538", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106538" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20190109-cucm-creds-disclosr", - "defect" : [ - [ - "CSCvc21606" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. The vulnerability is due to the incorrect inclusion of saved passwords in configuration pages. An attacker could exploit this vulnerability by logging in to the Cisco Unified Communications Manager web-based management interface and viewing the source code for the configuration page. A successful exploit could allow the attacker to recover passwords and expose those accounts to further attack." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190109 Cisco Unified Communications Manager Digest Credentials Disclosure Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-cucm-creds-disclosr" + }, + { + "name": "106538", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106538" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190109-cucm-creds-disclosr", + "defect": [ + [ + "CSCvc21606" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0578.json b/2018/0xxx/CVE-2018-0578.json index f9512ff882c..d1b5ff66bdc 100644 --- a/2018/0xxx/CVE-2018-0578.json +++ b/2018/0xxx/CVE-2018-0578.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PixelYourSite", - "version" : { - "version_data" : [ - { - "version_value" : "prior to version 5.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Minimal Work SRL" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in PixelYourSite plugin prior to version 5.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PixelYourSite", + "version": { + "version_data": [ + { + "version_value": "prior to version 5.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Minimal Work SRL" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wordpress.org/plugins/pixelyoursite/#developers", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/pixelyoursite/#developers" - }, - { - "name" : "JVN#61081552", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN61081552/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in PixelYourSite plugin prior to version 5.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/pixelyoursite/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/pixelyoursite/#developers" + }, + { + "name": "JVN#61081552", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN61081552/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000524.json b/2018/1000xxx/CVE-2018-1000524.json index 3cca0ff0d82..062fd65a46a 100644 --- a/2018/1000xxx/CVE-2018-1000524.json +++ b/2018/1000xxx/CVE-2018-1000524.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-06-23T11:22:33.031626", - "DATE_REQUESTED" : "2018-06-19T22:10:14", - "ID" : "CVE-2018-1000524", - "REQUESTER" : "xiaoyin.l@outlook.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "miniSphere", - "version" : { - "version_data" : [ - { - "version_value" : "5.2.9 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "miniSphere" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "miniSphere version 5.2.9 and earlier contains a Integer Overflow vulnerability in layer_resize() function in map_engine.c that can result in remote denial of service. This attack appear to be exploitable via the victim must load a specially-crafted map which calls SetLayerSize in its entry script. This vulnerability appears to have been fixed in 5.0.3, 5.1.5, 5.2.10 and later." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-06-23T11:22:33.031626", + "DATE_REQUESTED": "2018-06-19T22:10:14", + "ID": "CVE-2018-1000524", + "REQUESTER": "xiaoyin.l@outlook.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/fatcerberus/minisphere/commit/252c1ca184cb38e1acb917aa0e451c5f08519996", - "refsource" : "MISC", - "url" : "https://github.com/fatcerberus/minisphere/commit/252c1ca184cb38e1acb917aa0e451c5f08519996" - }, - { - "name" : "https://github.com/fatcerberus/minisphere/pull/268", - "refsource" : "MISC", - "url" : "https://github.com/fatcerberus/minisphere/pull/268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "miniSphere version 5.2.9 and earlier contains a Integer Overflow vulnerability in layer_resize() function in map_engine.c that can result in remote denial of service. This attack appear to be exploitable via the victim must load a specially-crafted map which calls SetLayerSize in its entry script. This vulnerability appears to have been fixed in 5.0.3, 5.1.5, 5.2.10 and later." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/fatcerberus/minisphere/pull/268", + "refsource": "MISC", + "url": "https://github.com/fatcerberus/minisphere/pull/268" + }, + { + "name": "https://github.com/fatcerberus/minisphere/commit/252c1ca184cb38e1acb917aa0e451c5f08519996", + "refsource": "MISC", + "url": "https://github.com/fatcerberus/minisphere/commit/252c1ca184cb38e1acb917aa0e451c5f08519996" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000635.json b/2018/1000xxx/CVE-2018-1000635.json index 49765b73d12..b254894c6bc 100644 --- a/2018/1000xxx/CVE-2018-1000635.json +++ b/2018/1000xxx/CVE-2018-1000635.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-08-19T17:09:33.119039", - "DATE_REQUESTED" : "2018-07-31T16:02:28", - "ID" : "CVE-2018-1000635", - "REQUESTER" : "m.t.b.carroll@dundee.ac.uk", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OMERO.server", - "version" : { - "version_data" : [ - { - "version_value" : "5.4.0 to 5.4.6" - } - ] - } - } - ] - }, - "vendor_name" : "The Open Microscopy Environment" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains a Information Exposure Through Sent Data vulnerability in OMERO.server that can result in an Attacker gaining full administrative access to server and may be able to disable it. This vulnerability appears to have been fixed in 5.4.7." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure Through Sent Data" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-08-19T17:09:33.119039", + "DATE_REQUESTED": "2018-07-31T16:02:28", + "ID": "CVE-2018-1000635", + "REQUESTER": "m.t.b.carroll@dundee.ac.uk", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.openmicroscopy.org/2018/07/26/omero-5-4-7.html", - "refsource" : "CONFIRM", - "url" : "https://www.openmicroscopy.org/2018/07/26/omero-5-4-7.html" - }, - { - "name" : "https://www.openmicroscopy.org/security/advisories/2018-SV2-script-name-uuid/", - "refsource" : "CONFIRM", - "url" : "https://www.openmicroscopy.org/security/advisories/2018-SV2-script-name-uuid/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains a Information Exposure Through Sent Data vulnerability in OMERO.server that can result in an Attacker gaining full administrative access to server and may be able to disable it. This vulnerability appears to have been fixed in 5.4.7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.openmicroscopy.org/2018/07/26/omero-5-4-7.html", + "refsource": "CONFIRM", + "url": "https://www.openmicroscopy.org/2018/07/26/omero-5-4-7.html" + }, + { + "name": "https://www.openmicroscopy.org/security/advisories/2018-SV2-script-name-uuid/", + "refsource": "CONFIRM", + "url": "https://www.openmicroscopy.org/security/advisories/2018-SV2-script-name-uuid/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000812.json b/2018/1000xxx/CVE-2018-1000812.json index b4b6d1bc464..5a9a132d00b 100644 --- a/2018/1000xxx/CVE-2018-1000812.json +++ b/2018/1000xxx/CVE-2018-1000812.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-11-27T13:54:33.453737", - "DATE_REQUESTED" : "2018-10-06T05:33:05", - "ID" : "CVE-2018-1000812", - "REQUESTER" : "cpearson9@yahoo.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Integria IMS", - "version" : { - "version_data" : [ - { - "version_value" : "5.0 MR56 Package 58, likely earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Ártica Soluciones Tecnológicas" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ártica Soluciones Tecnológicas Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. This attack appear to be exploitable via Network access to IntegriaIMS web interface . This vulnerability appears to have been fixed in fixed in versions released after commit f2ff0ba821644acecb893483c86a9c4d3bb75047." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-640: Weak Password Recovery Mechanism for Forgotten Password" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-11-27T13:54:33.453737", + "DATE_REQUESTED": "2018-10-06T05:33:05", + "ID": "CVE-2018-1000812", + "REQUESTER": "cpearson9@yahoo.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cp270.wordpress.com/2018/05/14/war-story-password-resets/", - "refsource" : "MISC", - "url" : "https://cp270.wordpress.com/2018/05/14/war-story-password-resets/" - }, - { - "name" : "https://github.com/articaST/integriaims/commit/f2ff0ba821644acecb893483c86a9c4d3bb75047", - "refsource" : "MISC", - "url" : "https://github.com/articaST/integriaims/commit/f2ff0ba821644acecb893483c86a9c4d3bb75047" - }, - { - "name" : "https://github.com/fleetcaptain/integria-takeover", - "refsource" : "MISC", - "url" : "https://github.com/fleetcaptain/integria-takeover" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ártica Soluciones Tecnológicas Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. This attack appear to be exploitable via Network access to IntegriaIMS web interface . This vulnerability appears to have been fixed in fixed in versions released after commit f2ff0ba821644acecb893483c86a9c4d3bb75047." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cp270.wordpress.com/2018/05/14/war-story-password-resets/", + "refsource": "MISC", + "url": "https://cp270.wordpress.com/2018/05/14/war-story-password-resets/" + }, + { + "name": "https://github.com/fleetcaptain/integria-takeover", + "refsource": "MISC", + "url": "https://github.com/fleetcaptain/integria-takeover" + }, + { + "name": "https://github.com/articaST/integriaims/commit/f2ff0ba821644acecb893483c86a9c4d3bb75047", + "refsource": "MISC", + "url": "https://github.com/articaST/integriaims/commit/f2ff0ba821644acecb893483c86a9c4d3bb75047" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19104.json b/2018/19xxx/CVE-2018-19104.json index ad316d692cc..d0a904a441f 100644 --- a/2018/19xxx/CVE-2018-19104.json +++ b/2018/19xxx/CVE-2018-19104.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/bagesoft/bagecms/issues/3", - "refsource" : "MISC", - "url" : "https://github.com/bagesoft/bagecms/issues/3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bagesoft/bagecms/issues/3", + "refsource": "MISC", + "url": "https://github.com/bagesoft/bagecms/issues/3" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19316.json b/2018/19xxx/CVE-2018-19316.json index d1ff8ff70a6..9f49ef5f134 100644 --- a/2018/19xxx/CVE-2018-19316.json +++ b/2018/19xxx/CVE-2018-19316.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19316", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19316", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19723.json b/2018/19xxx/CVE-2018-19723.json index 960b780d8ec..c80e59bc2e7 100644 --- a/2018/19xxx/CVE-2018-19723.json +++ b/2018/19xxx/CVE-2018-19723.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-19723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Note: A different vulnerability than CVE-2018-19721." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-19723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html" - }, - { - "name" : "106751", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106751" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Note: A different vulnerability than CVE-2018-19721." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106751", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106751" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19825.json b/2018/19xxx/CVE-2018-19825.json index 7dc0c463bc5..f3c2d682294 100644 --- a/2018/19xxx/CVE-2018-19825.json +++ b/2018/19xxx/CVE-2018-19825.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19825", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19825", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19973.json b/2018/19xxx/CVE-2018-19973.json index 6d667150252..d8b2bb1b5be 100644 --- a/2018/19xxx/CVE-2018-19973.json +++ b/2018/19xxx/CVE-2018-19973.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19973", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19973", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1393.json b/2018/1xxx/CVE-2018-1393.json index 2c7f4e67761..b08e5ddc798 100644 --- a/2018/1xxx/CVE-2018-1393.json +++ b/2018/1xxx/CVE-2018-1393.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-06-08T00:00:00", - "ID" : "CVE-2018-1393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Financial Transaction Manager", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138378." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "H", - "AV" : "N", - "C" : "L", - "I" : "N", - "PR" : "L", - "S" : "U", - "SCORE" : "3.100", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-06-08T00:00:00", + "ID": "CVE-2018-1393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Transaction Manager", + "version": { + "version_data": [ + { + "version_value": "3.0.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22013250", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22013250" - }, - { - "name" : "104466", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104466" - }, - { - "name" : "ibm-ftm-cve20181393-info-disc(138378)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/138378" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138378." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "H", + "AV": "N", + "C": "L", + "I": "N", + "PR": "L", + "S": "U", + "SCORE": "3.100", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22013250", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22013250" + }, + { + "name": "ibm-ftm-cve20181393-info-disc(138378)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138378" + }, + { + "name": "104466", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104466" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1783.json b/2018/1xxx/CVE-2018-1783.json index 4bae6581e18..122e8d8b480 100644 --- a/2018/1xxx/CVE-2018-1783.json +++ b/2018/1xxx/CVE-2018-1783.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2018-1783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2) command line utility allows an unprivileged, authenticated user with access to a GPFS node to forcefully terminate GPFS and deny access to data available through GPFS. IBM X-Force ID: 148806." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2018-1783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10732717", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10732717" - }, - { - "name" : "ibm-spectrum-cve20181783-dos(148806)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148806" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2) command line utility allows an unprivileged, authenticated user with access to a GPFS node to forcefully terminate GPFS and deny access to data available through GPFS. IBM X-Force ID: 148806." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10732717", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10732717" + }, + { + "name": "ibm-spectrum-cve20181783-dos(148806)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148806" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1793.json b/2018/1xxx/CVE-2018-1793.json index 01d605286a6..6eacdfd0cb1 100644 --- a/2018/1xxx/CVE-2018-1793.json +++ b/2018/1xxx/CVE-2018-1793.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-10-01T00:00:00", - "ID" : "CVE-2018-1793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Application Server", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.5" - }, - { - "version_value" : "9.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using SAML ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148948." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "N", - "S" : "C", - "SCORE" : "6.100", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-10-01T00:00:00", + "ID": "CVE-2018-1793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Application Server", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.5" + }, + { + "version_value": "9.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10729563", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10729563" - }, - { - "name" : "1041801", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041801" - }, - { - "name" : "ibm-websphere-cve20181793-xss(148948)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148948" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using SAML ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148948." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "N", + "S": "C", + "SCORE": "6.100", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10729563", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10729563" + }, + { + "name": "ibm-websphere-cve20181793-xss(148948)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148948" + }, + { + "name": "1041801", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041801" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4145.json b/2018/4xxx/CVE-2018-4145.json index 1245d8882ef..7877dcfe852 100644 --- a/2018/4xxx/CVE-2018-4145.json +++ b/2018/4xxx/CVE-2018-4145.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4145", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4145", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4455.json b/2018/4xxx/CVE-2018-4455.json index e566a403792..e78185555d2 100644 --- a/2018/4xxx/CVE-2018-4455.json +++ b/2018/4xxx/CVE-2018-4455.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4455", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4455", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4864.json b/2018/4xxx/CVE-2018-4864.json index 6821c87ea4d..97099655e5a 100644 --- a/2018/4xxx/CVE-2018-4864.json +++ b/2018/4xxx/CVE-2018-4864.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4864", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4864", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file